Secret scanner for OpenClaw, Claude Code, and any Agent Skills-compatible tool.
Scans workspace files for leaked API keys, tokens, passwords, private keys, and credentials — the secrets that agent workspaces silently accumulate.
Agent workspaces accumulate secrets: API keys in config files, tokens in memory logs, passwords in environment files. A single leaked credential can compromise your entire infrastructure. Existing secret scanners work on git repos — nothing watches the agent workspace itself.
Snyk security researchers published "280+ Leaky Skills: How OpenClaw & ClawHub Are Exposing API Keys and PII" — documenting skills that leaked live credentials directly in README files, skill metadata, config examples, and workspace artifacts.
The most common exposure patterns: Anthropic API keys embedded in MEMORY.md files, GitHub personal access tokens in skill configuration, and OpenAI keys in example .env files checked into public repos. These weren't test keys — they were live credentials that anyone could use.
Sentry's 25+ pattern scanner covers every credential category found in that research. If your workspace has accumulated any of these exposures, sentry scan will find them.
# Clone
git clone https://github.com/AtlasPA/openclaw-sentry.git
# Copy to your workspace skills directory
cp -r openclaw-sentry ~/.openclaw/workspace/skills/# Full secret scan
python3 scripts/sentry.py scan
# Check a single file
python3 scripts/sentry.py check MEMORY.md
# Quick status
python3 scripts/sentry.py statusAll commands accept --workspace /path/to/workspace. If omitted, auto-detects from $OPENCLAW_WORKSPACE, current directory, or ~/.openclaw/workspace.
- AWS — Access keys (AKIA...), secret access keys
- GitHub — Personal access tokens (ghp_, gho_, ghs_, ghr_, github_pat_)
- Slack — Bot/user tokens (xox...), webhook URLs
- Stripe — Secret keys (sk_live_), publishable keys (pk_live_)
- OpenAI — API keys (sk-...)
- Anthropic — API keys (sk-ant-...)
- Google — API keys (AIza...), OAuth client secrets
- Azure — Storage account keys
- Generic — API keys, secrets, passwords, bearer tokens, connection strings
- Private Keys — PEM files, .key/.pem/.p12/.pfx extensions
- Database URLs — PostgreSQL, MySQL, MongoDB, Redis with credentials
- JWT Tokens — JSON Web Tokens in plain text
- Environment Files — .env files with variables
- .gitignore gaps — Missing patterns for common secret files
|---------|------|-----| | Secret detection (25+ patterns) | Yes | Yes | | High-risk file detection | Yes | Yes | | .env file scanning | Yes | Yes | | .gitignore gap analysis | Yes | Yes | | Auto-redact secrets in files | - | Yes | | Quarantine leaking skills | - | Yes | | Generate .gitignore rules | - | Yes | | Move .env to vault path | - | Yes |
| Code | Meaning |
|---|---|
| 0 | Clean |
| 1 | Warnings detected |
| 2 | Critical secrets found |
- Python 3.8+
- No external dependencies (stdlib only)
- Cross-platform: Windows, macOS, Linux
MIT