Arc Sentinel
Ostrzeżenie bezpieczeństwa

Security monitoring and infrastructure health checks for OpenClaw agents. Run breach monitoring (HaveIBeenPwned), SSL certificate expiry checks, GitHub security audits, credential rotation tracking, secret scanning, git hygiene, token watchdog, and permission audits. Use when performing security scans, checking credential rotation status, auditing repos for leaked secrets, or monitoring SSL certificates and infrastructure health.

Zainstaluj
$clawhub install arc-sentinel

Arc Sentinel

Security monitoring toolkit for OpenClaw agents. Runs automated checks against your infrastructure and reports issues.

Configuration

Before first use, create sentinel.conf in the skill directory:

cp sentinel.conf.example sentinel.conf

Edit sentinel.conf with your values:

  • DOMAINS — Space-separated list of domains to check SSL certificates

  • GITHUB_USER — GitHub username for repo audits

  • KNOWN_REPOS — Space-separated list of expected repo names (unexpected repos trigger warnings)

  • MONITOR_EMAIL — Email address for HaveIBeenPwned breach checks

  • HIBP_API_KEY — Optional; HIBP v3 API key ($3.50/mo) for automated breach lookups

Also customize credential-tracker.json with your own credentials and rotation policies. A template is provided.

Quick Start

Full scan

cd <skill-dir>
bash sentinel.sh

Output

  • Formatted report to stdout with color-coded severity

  • JSON report saved to reports/YYYY-MM-DD.json

  • Exit codes: 0 = all clear, 1 = warnings, 2 = critical

Checks

1. SSL Certificate Expiry

Check certificate expiry for configured domains. Warns at <30 days, critical at <14 days.

2. GitHub Security

  • List repos and check Dependabot/vulnerability alert status

  • Review recent account activity for anomalies

  • Flag unexpected repositories

3. Breach Monitoring (HaveIBeenPwned)

  • Query HIBP API for breached accounts (requires API key)

  • Falls back to manual check URL if no key is set

4. Credential Rotation Tracking

Read credential-tracker.json and flag credentials that are overdue, approaching expiry, or never rotated. Supports policies: quarterly (90d), 6_months (180d), annual (365d), auto.

Additional Scripts

Script Purpose
scripts/secret-scanner.sh Scan repos/files for leaked secrets and API keys
scripts/git-hygiene.sh Audit git history for security issues
scripts/token-watchdog.sh Monitor token validity and expiry
scripts/permission-auditor.sh Audit file and access permissions
scripts/skill-auditor.sh Audit installed skills for security
scripts/full-audit.sh Run all scripts in sequence

Agent Usage

During heartbeats or on request:

  1. Run bash sentinel.sh from the skill directory

  2. Review output for WARN or CRITICAL items

  3. Report findings to the human if anything needs attention

  4. Update credential-tracker.json when credentials are rotated

Cron Setup


# Weekly Monday 9am
0 9 * * 1 cd /path/to/arc-sentinel && bash sentinel.sh >> reports/cron.log 2>&1

Requirements

  • openssl (SSL checks)

  • gh CLI authenticated (GitHub checks)

  • curl (HIBP)

  • python3 (JSON processing)

Szczegóły

Wersja
v1.0.0
Pobrania
1,325
ClawHub
Zobacz na ClawHub

Popularne Skills

Safe Exec
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agents need to execute shell commands that may be dangerous (rm -rf, dd, fork bombs, system directory modifications) or require human oversight. Provides multi-level risk assessment (CRITICAL/HIGH/MEDIUM/LOW), in-session notifications, pending request management, and non-interactive environment support for agent automation.
Todoist
Manage tasks and projects in Todoist. Use when user asks about tasks, to-dos, reminders, or productivity.
📄 Feishu Doc Manager | 飞书文档管理器
📄 Feishu Doc Manager | 飞书文档管理器 Seamlessly publish Markdown content to Feishu Docs with automatic formatting. Solves key pain points: Markdown table conversion, permission management, batch writing. 将 Markdown 内容无缝发布到飞书文档,自动渲染格式。 解决核心痛点:Markdown 表格转换、权限管理、批量写入。