openclaw-sentry-pro
Full secret scanning suite: detect leaked API keys, tokens, and credentials, then automatically redact, quarantine exposed files, and enforce .gitignore policies. Everything in openclaw-sentry (free) plus automated countermeasures.
Best use case
openclaw-sentry-pro is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Full secret scanning suite: detect leaked API keys, tokens, and credentials, then automatically redact, quarantine exposed files, and enforce .gitignore policies. Everything in openclaw-sentry (free) plus automated countermeasures.
Teams using openclaw-sentry-pro should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/openclaw-sentry-pro/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How openclaw-sentry-pro Compares
| Feature / Agent | openclaw-sentry-pro | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Full secret scanning suite: detect leaked API keys, tokens, and credentials, then automatically redact, quarantine exposed files, and enforce .gitignore policies. Everything in openclaw-sentry (free) plus automated countermeasures.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# OpenClaw Sentry Pro
Everything in [openclaw-sentry](https://github.com/AtlasPA/openclaw-sentry) (free) plus automated countermeasures.
**Free version detects secrets. Pro version eliminates them.**
## Detection Commands (also in free)
### Full Scan
Scan all workspace files for secrets and high-risk files.
```bash
python3 {baseDir}/scripts/sentry.py scan --workspace /path/to/workspace
```
### Check Single File
Check a specific file for secrets.
```bash
python3 {baseDir}/scripts/sentry.py check MEMORY.md --workspace /path/to/workspace
```
### Quick Status
One-line summary of secret exposure risk, quarantine status, and policy state.
```bash
python3 {baseDir}/scripts/sentry.py status --workspace /path/to/workspace
```
## Pro Countermeasures
### Redact Secrets
Find secrets in files and replace them with masked versions (e.g., `sk-ant-abc...xyz` becomes `sk-ant-***REDACTED***`). Creates `.bak` backup before modifying. If no file specified, redact all files in workspace.
```bash
# Redact a single file
python3 {baseDir}/scripts/sentry.py redact config.json --workspace /path/to/workspace
# Redact all files in workspace
python3 {baseDir}/scripts/sentry.py redact --workspace /path/to/workspace
```
### Quarantine a File
Move a file containing secrets to `.quarantine/sentry/` with metadata JSON recording what was found, when, and original location.
```bash
python3 {baseDir}/scripts/sentry.py quarantine .env --workspace /path/to/workspace
```
### Unquarantine a File
Restore a quarantined file to its original location.
```bash
python3 {baseDir}/scripts/sentry.py unquarantine .env --workspace /path/to/workspace
```
### Defend
Auto-generate/update `.gitignore` with common secret patterns (.env, *.pem, *.key, credentials.json, etc.) and create a `.sentry-policy.json` policy file listing which patterns to enforce.
```bash
python3 {baseDir}/scripts/sentry.py defend --workspace /path/to/workspace
```
### Protect (Automated Sweep)
Full automated sweep: scan all files, auto-redact secrets in non-critical files, quarantine files with high-density secrets, update .gitignore. **This is the recommended command for session startup.**
```bash
python3 {baseDir}/scripts/sentry.py protect --workspace /path/to/workspace
```
## Recommended Integration
### Session Startup Hook (Claude Code)
```json
{
"hooks": {
"SessionStart": [
{
"hooks": [
{
"type": "command",
"command": "python3 scripts/sentry.py protect",
"timeout": 30
}
]
}
]
}
}
```
### Heartbeat (OpenClaw)
Add to HEARTBEAT.md for periodic protection:
```
- Run secret scanning protection (python3 {skill:openclaw-sentry-pro}/scripts/sentry.py protect)
```
### After Adding New Configs or Secrets
Run `protect` to auto-redact and quarantine any newly exposed credentials.
## What It Detects
| Provider | Patterns |
|----------|----------|
| **AWS** | Access keys (AKIA...), secret keys |
| **GitHub** | PATs (ghp_, gho_, ghs_, ghr_, github_pat_) |
| **Slack** | Bot/user tokens (xox...), webhooks |
| **Stripe** | Secret keys (sk_live_), publishable keys |
| **OpenAI** | API keys (sk-...) |
| **Anthropic** | API keys (sk-ant-...) |
| **Google** | API keys (AIza...), OAuth secrets |
| **Azure** | Storage account keys |
| **Generic** | API keys, secrets, passwords, bearer tokens, connection strings |
| **Crypto** | PEM private keys, .key/.pem/.p12 files |
| **Database** | PostgreSQL/MySQL/MongoDB/Redis URLs with credentials |
| **JWT** | JSON Web Tokens |
| **Environment** | .env files with variables |
## Countermeasure Summary
| Command | Action |
|---------|--------|
| `protect` | Full scan + auto-redact + auto-quarantine + update .gitignore |
| `redact [file]` | Replace secrets with masked versions, backup originals |
| `quarantine <file>` | Move file to quarantine with metadata |
| `unquarantine <file>` | Restore a quarantined file |
| `defend` | Update .gitignore + create enforcement policy |
## No External Dependencies
Python standard library only. No pip install. No network calls. Everything runs locally.
## Cross-Platform
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.Related Skills
OpenClaw-Finnhub
OpenClaw skill for real-time stock quote, and financials via Finnhub API.
openclaw-nextcloud
Manage Notes, Tasks, Calendar, Files, and Contacts in your Nextcloud instance via CalDAV, WebDAV, and Notes API. Use for creating notes, managing todos and calendar events, uploading/downloading files, and managing contacts.
openclaw-safety-coach
Safety coach for OpenClaw users. Refuses harmful, illegal, or unsafe requests and provides practical guidance to reduce ecosystem risk (malicious skills, tool abuse, secret exfiltration, prompt injection).
openclaw
openclaw
openclaw-spacesuit
**A framework scaffold for OpenClaw workspaces.**
nutrient-openclaw
Document processing for OpenClaw — convert, extract, OCR, redact, sign, and watermark PDFs and Office documents using the Nutrient DWS API. Use when asked to convert documents (DOCX/XLSX/PPTX to PDF, PDF to images or Office formats), extract text or tables from PDFs, apply OCR to scanned documents, redact sensitive information or PII, add watermarks, or digitally sign documents. Triggers on "convert to PDF", "extract text", "OCR this", "redact PII", "watermark", "sign document", or any document processing request.
openclaw-setup
Set up a complete OpenClaw personal AI assistant from scratch using Claude Code. Walks through AWS provisioning, OpenClaw installation, Telegram bot creation, API configuration, Google Workspace integration, security hardening, and all power features. Give this to Claude Code and it handles the rest.
OpenClaw Optimizer Skill
## Overview
openclaw-backup
Enhanced backup and restore for openclaw configuration, skills, commands, and settings. Sync across devices, version control with git, automate backups, and migrate to new machines with advanced compression.
openclaw-trakt
Track and recommend TV shows and movies using Trakt.tv. Use when the user asks for show/movie recommendations, wants to track what they're watching, check their watchlist, or get personalized suggestions based on their viewing history. Requires Trakt.tv account with Pro subscription for full functionality.
OpenClaw Claude Code Skill
## Description
OpenClaw Async Task
## Description