openclaw-sentry-pro
Full secret scanning suite: detect leaked API keys, tokens, and credentials, then automatically redact, quarantine exposed files, and enforce .gitignore policies. Everything in openclaw-sentry (free) plus automated countermeasures.
Best use case
openclaw-sentry-pro is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Full secret scanning suite: detect leaked API keys, tokens, and credentials, then automatically redact, quarantine exposed files, and enforce .gitignore policies. Everything in openclaw-sentry (free) plus automated countermeasures.
Teams using openclaw-sentry-pro should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/openclaw-sentry-pro/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How openclaw-sentry-pro Compares
| Feature / Agent | openclaw-sentry-pro | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Full secret scanning suite: detect leaked API keys, tokens, and credentials, then automatically redact, quarantine exposed files, and enforce .gitignore policies. Everything in openclaw-sentry (free) plus automated countermeasures.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# OpenClaw Sentry Pro
Everything in [openclaw-sentry](https://github.com/AtlasPA/openclaw-sentry) (free) plus automated countermeasures.
**Free version detects secrets. Pro version eliminates them.**
## Detection Commands (also in free)
### Full Scan
Scan all workspace files for secrets and high-risk files.
```bash
python3 {baseDir}/scripts/sentry.py scan --workspace /path/to/workspace
```
### Check Single File
Check a specific file for secrets.
```bash
python3 {baseDir}/scripts/sentry.py check MEMORY.md --workspace /path/to/workspace
```
### Quick Status
One-line summary of secret exposure risk, quarantine status, and policy state.
```bash
python3 {baseDir}/scripts/sentry.py status --workspace /path/to/workspace
```
## Pro Countermeasures
### Redact Secrets
Find secrets in files and replace them with masked versions (e.g., `sk-ant-abc...xyz` becomes `sk-ant-***REDACTED***`). Creates `.bak` backup before modifying. If no file specified, redact all files in workspace.
```bash
# Redact a single file
python3 {baseDir}/scripts/sentry.py redact config.json --workspace /path/to/workspace
# Redact all files in workspace
python3 {baseDir}/scripts/sentry.py redact --workspace /path/to/workspace
```
### Quarantine a File
Move a file containing secrets to `.quarantine/sentry/` with metadata JSON recording what was found, when, and original location.
```bash
python3 {baseDir}/scripts/sentry.py quarantine .env --workspace /path/to/workspace
```
### Unquarantine a File
Restore a quarantined file to its original location.
```bash
python3 {baseDir}/scripts/sentry.py unquarantine .env --workspace /path/to/workspace
```
### Defend
Auto-generate/update `.gitignore` with common secret patterns (.env, *.pem, *.key, credentials.json, etc.) and create a `.sentry-policy.json` policy file listing which patterns to enforce.
```bash
python3 {baseDir}/scripts/sentry.py defend --workspace /path/to/workspace
```
### Protect (Automated Sweep)
Full automated sweep: scan all files, auto-redact secrets in non-critical files, quarantine files with high-density secrets, update .gitignore. **This is the recommended command for session startup.**
```bash
python3 {baseDir}/scripts/sentry.py protect --workspace /path/to/workspace
```
## Recommended Integration
### Session Startup Hook (Claude Code)
```json
{
"hooks": {
"SessionStart": [
{
"hooks": [
{
"type": "command",
"command": "python3 scripts/sentry.py protect",
"timeout": 30
}
]
}
]
}
}
```
### Heartbeat (OpenClaw)
Add to HEARTBEAT.md for periodic protection:
```
- Run secret scanning protection (python3 {skill:openclaw-sentry-pro}/scripts/sentry.py protect)
```
### After Adding New Configs or Secrets
Run `protect` to auto-redact and quarantine any newly exposed credentials.
## What It Detects
| Provider | Patterns |
|----------|----------|
| **AWS** | Access keys (AKIA...), secret keys |
| **GitHub** | PATs (ghp_, gho_, ghs_, ghr_, github_pat_) |
| **Slack** | Bot/user tokens (xox...), webhooks |
| **Stripe** | Secret keys (sk_live_), publishable keys |
| **OpenAI** | API keys (sk-...) |
| **Anthropic** | API keys (sk-ant-...) |
| **Google** | API keys (AIza...), OAuth secrets |
| **Azure** | Storage account keys |
| **Generic** | API keys, secrets, passwords, bearer tokens, connection strings |
| **Crypto** | PEM private keys, .key/.pem/.p12 files |
| **Database** | PostgreSQL/MySQL/MongoDB/Redis URLs with credentials |
| **JWT** | JSON Web Tokens |
| **Environment** | .env files with variables |
## Countermeasure Summary
| Command | Action |
|---------|--------|
| `protect` | Full scan + auto-redact + auto-quarantine + update .gitignore |
| `redact [file]` | Replace secrets with masked versions, backup originals |
| `quarantine <file>` | Move file to quarantine with metadata |
| `unquarantine <file>` | Restore a quarantined file |
| `defend` | Update .gitignore + create enforcement policy |
## No External Dependencies
Python standard library only. No pip install. No network calls. Everything runs locally.
## Cross-Platform
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.Related Skills
1k-sentry
Sentry error tracking and monitoring for OneKey. Use when configuring Sentry, filtering errors, analyzing crash reports, or debugging production issues. Covers platform-specific setup (desktop/mobile/web/extension) and error filtering strategies.
1k-sentry-analysis
Analyze and fix production errors from Sentry crash reports. Use when investigating AppHang, ANR, crashes, or production errors. Includes complete workflow from JSON analysis to bug fix implementation with evidence-based methodology. Triggers on sentry, crash, AppHang, ANR, error analysis, production error, bug analysis, crash report, freeze, hang, not responding, stacktrace, breadcrumbs, exception.
sentry-setup-ai-monitoring
Setup Sentry AI Agent Monitoring in any project. Use this when asked to add AI monitoring, track LLM calls, monitor AI agents, or instrument OpenAI/Anthropic/Vercel AI/LangChain/Google GenAI. Automatically detects installed AI SDKs and configures the appropriate Sentry integration.
openclaw-medicine
Diagnose and fix OpenClaw gateway issues — broken configs, missing tokens, dead channels, auth failures, merge bugs, and multi-instance management. Use when openclaw is unresponsive, channels aren't starting, config is corrupted, or when managing remote openclaw instances (e.g. via SSH). Also covers migrating between config strategies (Nix-managed vs local).
openclaw-json-editing
Advanced JSON editing for OpenClaw configuration files, tools, and data structures. Handles JSON5 configs, schema validation, merge patching, env var substitution, and type-safe modifications.
openclaw-config-validator
Validate, analyze, and explain OpenClaw configuration files. Use when users need to check config.json for errors, understand what a config field does, compare configs, or safely modify OpenClaw configuration. Triggers on config validation requests, schema questions, or config editing tasks.
openclaw-agent-run
Direct agent CLI invocations in OpenClaw. Use when running the `openclaw agent` command to trigger agent turns, targeting sessions or agents programmatically, delivering replies to channels, using --json output for automation, overriding thinking/verbose levels, or understanding session selection logic. Triggers for: "openclaw agent", "direct agent run", "send a message to agent", "--deliver", "--session-id", "agent turn", "CLI agent", "thinking level", "verbose mode", "--json output".
sentry-automation
Automate Sentry tasks via Rube MCP (Composio): manage issues/events, configure alerts, track releases, monitor projects and teams. Always search tools first for current schemas.
sentry-alerts-issues
Use when configuring Sentry alerts, managing issues, or setting up notifications. Covers alert rules, issue triage, and integrations.
openclaw-tescmd
Installation and setup guide for Tesla vehicle control and telemetry via the tescmd node.
aura-openclaw
No description provided.
openclaw-starter-kit
Replace 100+ API keys with one. Instant access to LLMs, Twitter, YouTube, LinkedIn, Finance, Tavily & Scholar data. Enterprise stability for your local agent.