Sentinel Shield — Runtime Security for OpenClaw Agents
Everyone else secures the model. We secure the agent.
Sentinel Shield is a lightweight security layer for OpenClaw agents. It monitors what your agent does — not just what it says — and alerts you before damage is done.
What It Protects Against
- Stolen gateway tokens — Rate limiting + anomaly detection catches unauthorized sessions
- Prompt injection — Scans inbound content for 16+ injection pattern signatures
- Session hijacking — Behavioral fingerprinting flags sessions that don't match your patterns
- Runaway agents — 50-call/60s sliding window kills runaway loops automatically
- Silent exfiltration — File integrity monitoring on critical OpenClaw files
Quick Commands
Status Check
node {baseDir}/scripts/sentinel.js status
Returns current health, active session stats, and recent alert summary.
Security Audit
node {baseDir}/scripts/sentinel.js audit
Full audit: file integrity, rate limit state, injection scanner status, anomaly log.
Recent Alerts
node {baseDir}/scripts/sentinel.js alerts [--hours 24]
Shows alerts from the last N hours (default: 24).
Rate Limit Status
node {baseDir}/scripts/sentinel.js ratelimit
Shows current call counts per window for all monitored tools.
Kill Switch
node {baseDir}/scripts/sentinel.js kill
Emergency stop. Terminates active rate counters, logs kill event, sends Telegram alert.
Run Injection Scan
node {baseDir}/scripts/sentinel.js scan --text "some content to check"
Manually scan text for injection signatures.
Initialize / Reset Baselines
node {baseDir}/scripts/sentinel.js init
Establishes file integrity baselines for critical OpenClaw files.
Configuration
Edit {baseDir}/config/shield.json to customize:
{
"rateLimit": {
"maxCalls": 50,
"windowSeconds": 60,
"alertThreshold": 40
},
"telegram": {
"enabled": true,
"botToken": "YOUR_BOT_TOKEN",
"chatId": "YOUR_CHAT_ID"
},
"monitoredFiles": [
"~/.openclaw/openclaw.json",
"~/.openclaw/credentials",
"~/.ssh/authorized_keys",
"/etc/passwd"
],
"injectionScanning": true,
"alertLevel": "medium"
}
Setup (Telegram Alerts)
- Create a Telegram bot via @BotFather → copy the token
- Message your bot to get your chat ID:
https://api.telegram.org/bot<TOKEN>/getUpdates - Add both to
{baseDir}/config/shield.json
How to Use in Agent Sessions
When you see a suspicious message or want to verify your session is clean:
User: "Run a security check"
Action: Run node {baseDir}/scripts/sentinel.js status
User: "Show me recent security alerts"
Action: Run node {baseDir}/scripts/sentinel.js alerts
User: "Scan this text for injection: [text]"
Action: Run node {baseDir}/scripts/sentinel.js scan --text "[text]"
User: "Emergency stop sentinel"
Action: Run node {baseDir}/scripts/sentinel.js kill
Alert Levels
| Level | Trigger | Action |
|---|---|---|
| INFO | Normal activity logged | Write to log only |
| MEDIUM | Rate limit >80% | Log + Telegram |
| HIGH | Rate limit hit, injection detected | Log + Telegram + kill option |
| CRITICAL | File integrity violation | Log + Telegram + alert all channels |
Files Monitored (Default)
~/.openclaw/openclaw.json— Gateway auth token (THE critical file)~/.openclaw/credentials— Stored credentials~/.ssh/authorized_keys— SSH access control/etc/passwd— System user accounts/etc/sudoers— Privilege escalation paths
Version History
- v0.2.0 — Rate limiting (50/60s sliding window), Telegram alerts, clawhub distribution
- v0.1.0 — File integrity monitoring, process scanning, injection detection (16 patterns)