← Back to Security & Passwords
Security & Passwords by @autogame-17

security-sentinel

Scan the workspace for security vulnerabilities

0
Source Code

Security Sentinel

A unified security scanner for OpenClaw workspaces. Detects vulnerabilities in dependencies (npm audit), exposed secrets (regex patterns), and unsafe file permissions.

Usage

CLI

Run a full security scan:

node skills/security-sentinel/index.js

This will output a JSON report to stdout. If risks are detected (high/critical vulnerabilities, secrets, or bad permissions), it exits with code 1.

Options

  • --skip-audit: Skip the npm audit step (faster)
  • --no-fail: Do not exit with code 1 even if risks are detected (useful for monitoring only)

Programmatic

const sentinel = require('./skills/security-sentinel');

const report = await sentinel.scan();

if (report.status === 'risk_detected') {
  console.error('Security issues found:', report);
}

Features

  1. Dependency Audit: Runs npm audit to check package.json dependencies for known CVEs.
  2. Secret Detection: Scans workspace files for patterns resembling API keys, passwords, and private keys.
  3. Permission Check: Verifies critical files (package.json, .env) are not world-writable.

Configuration

  • Ignored Paths: node_modules, .git, logs, temp, .openclaw/cache.
  • Secret Patterns: Generic API Key, Password, Private Key, Feishu App Secret.