OpenClaw Sentry

February 23, 2026 · View on GitHub

Secret scanner for OpenClaw, Claude Code, and any Agent Skills-compatible tool.

Scans workspace files for leaked API keys, tokens, passwords, private keys, and credentials — the secrets that agent workspaces silently accumulate.

The Problem

Agent workspaces accumulate secrets: API keys in config files, tokens in memory logs, passwords in environment files. A single leaked credential can compromise your entire infrastructure. Existing secret scanners work on git repos — nothing watches the agent workspace itself.

In the Wild: Leaky Skills Research

Snyk security researchers published "280+ Leaky Skills: How OpenClaw & ClawHub Are Exposing API Keys and PII" — documenting skills that leaked live credentials directly in README files, skill metadata, config examples, and workspace artifacts.

The most common exposure patterns: Anthropic API keys embedded in MEMORY.md files, GitHub personal access tokens in skill configuration, and OpenAI keys in example .env files checked into public repos. These weren't test keys — they were live credentials that anyone could use.

Sentry's 25+ pattern scanner covers every credential category found in that research. If your workspace has accumulated any of these exposures, sentry scan will find them.

Install

# Clone
git clone https://github.com/AtlasPA/openclaw-sentry.git

# Copy to your workspace skills directory
cp -r openclaw-sentry ~/.openclaw/workspace/skills/

Usage

# Full secret scan
python3 scripts/sentry.py scan

# Check a single file
python3 scripts/sentry.py check MEMORY.md

# Quick status
python3 scripts/sentry.py status

All commands accept --workspace /path/to/workspace. If omitted, auto-detects from $OPENCLAW_WORKSPACE, current directory, or ~/.openclaw/workspace.

What It Detects

  • AWS — Access keys (AKIA...), secret access keys
  • GitHub — Personal access tokens (ghp_, gho_, ghs_, ghr_, github_pat_)
  • Slack — Bot/user tokens (xox...), webhook URLs
  • Stripe — Secret keys (sk_live_), publishable keys (pk_live_)
  • OpenAI — API keys (sk-...)
  • Anthropic — API keys (sk-ant-...)
  • Google — API keys (AIza...), OAuth client secrets
  • Azure — Storage account keys
  • Generic — API keys, secrets, passwords, bearer tokens, connection strings
  • Private Keys — PEM files, .key/.pem/.p12/.pfx extensions
  • Database URLs — PostgreSQL, MySQL, MongoDB, Redis with credentials
  • JWT Tokens — JSON Web Tokens in plain text
  • Environment Files — .env files with variables
  • .gitignore gaps — Missing patterns for common secret files

|---------|------|-----| | Secret detection (25+ patterns) | Yes | Yes | | High-risk file detection | Yes | Yes | | .env file scanning | Yes | Yes | | .gitignore gap analysis | Yes | Yes | | Auto-redact secrets in files | - | Yes | | Quarantine leaking skills | - | Yes | | Generate .gitignore rules | - | Yes | | Move .env to vault path | - | Yes |

Exit Codes

CodeMeaning
0Clean
1Warnings detected
2Critical secrets found

Requirements

  • Python 3.8+
  • No external dependencies (stdlib only)
  • Cross-platform: Windows, macOS, Linux

License

MIT