OpenSkillIndex← back to search
claude-codeopenclaw

GB-Power-Market-JJ security-sentinel

Scan the workspace for security vulnerabilities, exposed secrets, and misconfigurations.

install
source · Clone the upstream repo
git clone https://github.com/GeorgeDoors888/GB-Power-Market-JJ
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/GeorgeDoors888/GB-Power-Market-JJ "$T" && mkdir -p ~/.claude/skills && cp -r "$T/openclaw-skills/skills/autogame-17/security-sentinel" ~/.claude/skills/georgedoors888-gb-power-market-jj-security-sentinel && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/GeorgeDoors888/GB-Power-Market-JJ "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/openclaw-skills/skills/autogame-17/security-sentinel" ~/.openclaw/skills/georgedoors888-gb-power-market-jj-security-sentinel && rm -rf "$T"
manifest: openclaw-skills/skills/autogame-17/security-sentinel/SKILL.md
source content

Security Sentinel

A unified security scanner for OpenClaw workspaces. Detects vulnerabilities in dependencies (npm audit), exposed secrets (regex patterns), and unsafe file permissions.

Usage

CLI

Run a full security scan:

node skills/security-sentinel/index.js

This will output a JSON report to stdout. If risks are detected (high/critical vulnerabilities, secrets, or bad permissions), it exits with code 1.

Options

  • --skip-audit
    : Skip the npm audit step (faster)
  • --no-fail
    : Do not exit with code 1 even if risks are detected (useful for monitoring only)

Programmatic

const sentinel = require('./skills/security-sentinel');

const report = await sentinel.scan();

if (report.status === 'risk_detected') {
  console.error('Security issues found:', report);
}

Features

  1. Dependency Audit: Runs 
    npm audit
    to check 
    package.json
    dependencies for known CVEs.
  2. Secret Detection: Scans workspace files for patterns resembling API keys, passwords, and private keys.
  3. Permission Check: Verifies critical files (
    package.json
    , 
    .env
    ) are not world-writable.

Configuration

  • Ignored Paths: 
    node_modules
    , 
    .git
    , 
    logs
    , 
    temp
    , 
    .openclaw/cache
    .
  • Secret Patterns: Generic API Key, Password, Private Key, Feishu App Secret.