runtime-sentinel

Runtime security guardian for OpenClaw agents. Use this skill whenever the user mentions security, skill safety, prompt injection, malware, suspicious behavior, credential leaks, network monitoring, skill integrity, or the ClawHavoc attack. Also trigger for phrases like "is this skill safe", "audit my skills", "check for threats", "my agent is acting weird", "scan for malware", "protect my agent", or any concern about what installed skills are doing at runtime. runtime-sentinel provides five active defenses: skill integrity hashing, prompt injection detection, credential exposure auditing, network egress monitoring, and process anomaly detection. Free tier covers hashing and basic injection scanning. Premium features (continuous daemon, egress monitoring, process anomaly detection) are gated via x402 USDC micropayments on Base — no account or API key required.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "runtime-sentinel" with this command: npx skills add spaceman420urdog-afk/runtime-sentinel

runtime-sentinel

A runtime security skill for OpenClaw. Defends against the threat landscape exposed by ClawHavoc: backdoored skills, prompt injection via external data, credential exfiltration, and process-level abuse.

Free tier: skill integrity checks, basic injection scanning.
Premium (x402/USDC/Base): continuous daemon monitoring, network egress monitoring, process anomaly detection, full audit log.

Quick start

# One-shot audit of all installed skills (free)
sentinel audit

# Continuous guardian daemon (premium — will prompt for x402 payment)
sentinel daemon start

# Scan a single skill before installing
sentinel check <skill-path-or-clawhub-id>

What runtime-sentinel defends against

See references/threat-model.md for the full threat matrix. In brief:

ThreatFeatureTier
Tampered skill files post-installIntegrity hashingFree
Prompt injection via email/web/skill outputInjection scannerFree
Plaintext secrets in skill dirs / SOUL.mdCredential auditorFree
Unexpected outbound connectionsEgress monitorPremium
Shell commands outside declared behaviorProcess anomalyPremium
Continuous real-time protectionDaemon modePremium

Workflow

1 — First-time setup

# Install the binary (built from scripts/src/)
cargo install --path scripts/ --bin sentinel

# Verify installation and print wallet address
sentinel setup

sentinel setup will:

  • Generate or import a Base wallet (BIP-39, stored in ~/.sentinel/wallet)
  • Print the wallet address so the user can fund it with USDC for premium
  • Run a free baseline audit and print results

2 — On-demand audit (free)

When the user says anything like "scan my skills", "audit", "check for threats":

sentinel audit [--path ~/.openclaw/skills]

Output: a structured report of hash mismatches, injection patterns, and exposed credentials. No payment required.

3 — Single skill check before install (free)

When the user wants to vet a skill before running clawhub install:

sentinel check <skill-directory-or-clawhub-id>

Prints a risk score (LOW / MEDIUM / HIGH / CRITICAL) with findings.

4 — Premium features via x402

When the user asks for daemon mode, egress monitoring, or process anomaly detection, sentinel will automatically:

  1. Hit the sentinel API endpoint
  2. Receive a 402 Payment Required with price in the X-Payment-Request header (typically $0.01–$0.05/day for daemon mode)
  3. Sign the USDC transfer from ~/.sentinel/wallet
  4. Retry the request — access granted for the paid period

The user will see the price before their wallet signs anything. All non-custodial. See references/x402-payment.md for the full payment flow.

5 — Daemon mode (premium)

sentinel daemon start    # runs in foreground, writes to ~/.sentinel/daemon.log
# Run in background from your shell if needed:
#   sentinel daemon start > ~/.sentinel/daemon.log 2>&1 &
#   disown
sentinel daemon status
sentinel daemon stop
sentinel daemon logs     # tail the audit log

The daemon watches:

  • ~/.openclaw/skills/** for file mutations (inotify / FSEvents)
  • ~/.openclaw/SOUL.md and MEMORY.md for unauthorized writes
  • Network connections made by skill subprocesses
  • Child process trees for undeclared shell commands

Alerts are delivered via OpenClaw's notification system and written to the audit log.

Interpreting results

Risk levels

  • LOW: No findings, or informational only (e.g. skill requests network but declares it)
  • MEDIUM: Undeclared permission, suspicious pattern, or stale hash
  • HIGH: Known malicious pattern, credential exposure, or undeclared egress
  • CRITICAL: Active exfiltration attempt, reverse shell indicator, or SOUL.md mutation

What to do on HIGH / CRITICAL

  1. sentinel isolate <skill-name> — quarantines the skill (moves it out of the active skills directory)
  2. Review the finding in ~/.sentinel/audit.log
  3. Check the skill's ClawHub VirusTotal report
  4. If confirmed malicious, clawhub uninstall <skill> and report via sentinel report <skill-name>

Reference files

Read these when you need deeper detail:

  • references/threat-model.md — Full threat matrix and attack descriptions from ClawHavoc and similar campaigns
  • references/x402-payment.md — x402 payment flow, wallet setup, and troubleshooting
  • references/binary-build.md — How to build sentinel from source, cross- compilation targets, CI/CD

Wallet setup for premium features

sentinel wallet show      # print address and USDC balance
sentinel wallet fund      # print QR code and address to send USDC
sentinel wallet export    # export mnemonic for backup (handle carefully)
sentinel wallet recover   # restore from mnemonic on a new machine

Minimum recommended balance for uninterrupted daemon mode: $1 USDC (roughly 20–100 days of coverage depending on scan frequency).

Privacy

sentinel is fully local. No skill content, file paths, or scan results are sent to any server. The only outbound calls are:

  1. x402 payment verification to the Base facilitator (amount + wallet address only)
  2. Optional: VirusTotal hash lookups (hash only, no file content)

Both can be disabled with --offline for air-gapped environments (free tier only in offline mode).

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Ring Security

Monitor and manage Ring doorbells and security cameras. Query device status, review motion events, manage modes, and export event history. Use when you need...

Registry SourceRecently Updated
1780Profile unavailable
Security

Moses Governance Single

MO§ES™ Governance — Single-agent constitutional control. Enforces behavioral modes, posture controls, role awareness, and SHA-256 chained audit trail in one...

Registry SourceRecently Updated
830Profile unavailable
Security

Moses Audit

MO§ES™ Audit Trail — SHA-256 chained append-only governance ledger. Every agent appends before final response. Provides moses_log_action and moses_verify_cha...

Registry SourceRecently Updated
870Profile unavailable
Security

Sop Writer

SOP标准操作流程编写工具。创建SOP、流程图、检查清单、审核评估、模板库、培训材料。SOP writer with create, flowchart, checklist, audit, template, and training materials. Use when you need sop write...

Registry SourceRecently Updated
1610Profile unavailable