openclaw-sentinel Security Audit Report
openclaw-sentinel is an AI agent skill, created by atlaspa and published at openclaw/skills. ClawSecure audited openclaw-sentinel across 4 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 19 findings concentrate in Command Injection, Code Injection and Policy Violation, including Pattern detected: eval( and Pattern detected: exec(. 16 were rated high or critical severity.
Is openclaw-sentinel safe?
ClawSecure audited openclaw-sentinel and assigned a security score of 0/100 (High Risk), identifying 19 findings across Command Injection and Code Injection. Review the findings below before installing.
What did ClawSecure find in openclaw-sentinel?
ClawSecure identified 19 findings in openclaw-sentinel, concentrated in Command Injection, Code Injection and Policy Violation. 16 were rated high or critical severity. The most severe include Pattern detected: eval( and Pattern detected: exec(.
How was openclaw-sentinel audited?
ClawSecure ran openclaw-sentinel through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 4 files from openclaw/skills.
What does a score of 0 mean?
ClawSecure assigned openclaw-sentinel a security score of 0/100, placing it in the High Risk range. This is driven by 19 findings led by Command Injection that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).
Audit Findings for openclaw-sentinel
ClawSecure detected 19 security findings in openclaw-sentinel, spanning Command Injection, Code Injection, Policy Violation and Permissions Manifest.
- critical · Pattern detected: eval(. Command Injection finding detected in
scripts/sentinel.py:42. - critical · Pattern detected: exec(. Command Injection finding detected in
scripts/sentinel.py:44. - critical · Pattern detected: compile(. Command Injection finding detected in
scripts/sentinel.py:44. - critical · Pattern detected: __import__(. Command Injection finding detected in
scripts/sentinel.py:46. - critical · Pattern detected: eval (. Command Injection finding detected in
scripts/sentinel.py:54. - critical · Pattern detected: eval(. Command Injection finding detected in
scripts/sentinel.py:58. - critical · Pattern detected: exec(. Command Injection finding detected in
scripts/sentinel.py:60. - high · Pattern detected: os.system(. Command Injection finding detected in
scripts/sentinel.py:62. - high · Potentially dangerous code pattern detected: eval\(. Code Injection finding detected in
README.md. - high · Potentially dangerous code pattern detected: exec\(. Code Injection finding detected in
README.md. - high · Potentially dangerous code pattern detected: system\(. Code Injection finding detected in
README.md. - high · Potentially dangerous code pattern detected: base64.*decode. Code Injection finding detected in
README.md.
Showing the 12 highest-severity of 19 findings. The full interactive list appears below.
3-Layer Audit Protocol
Security Recommendations for openclaw-sentinel
Harden command execution
Eliminate dynamic code execution
Resolve policy violations
Related Security Research
Why Generic Scanners Fail at AI Agent Security→Understanding Our 3-Layer Audit Protocol→Related AI Agent Security Audits
Scanned on February 7, 2026. openclaw-sentinel is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.