@sentinel-agents/sentinel
v0.8.1
Published
AI agent security platform: prompt injection defence + secret/credential scanning at the agent runtime layer. For OpenClaw agents.
Maintainers
satsat14Readme
Sentinel Plugin for OpenClaw
AI agent security platform: prompt injection defence + secret/credential scanning at the agent runtime layer. For OpenClaw agents. Monitors tool calls, enforces security policies, scans inbound content for injection attacks, scans tool outputs for leaked credentials, and sends real-time alerts.
Quick Start
Install the plugin:
openclaw plugins install @sentinel-agents/sentinelRestart OpenClaw, then run
/sentinelto verify the plugin is active.(Optional) Set your Pro licence key:
openclaw config set plugins.entries.sentinel.config.SENTINEL_LICENCE_KEY <your-key>Then restart the gateway:
openclaw gateway restartAlternatively,
process.env.SENTINEL_LICENCE_KEYworks as a fallback (e.g. in.envfiles or system environment).The plugin works fully without a key -- Pro features are disabled until a key is added.
Commands
/sentinel-- overview and recent tool calls/sentinel status-- detailed status including licence and detections/sentinel alerts list-- show configured alert destinations/sentinel alerts add <type> <url>-- add an alert destination/sentinel alerts test-- send a test alert to all destinations/sentinel upgrade-- check for updates/sentinel config-- show all config values and sources/sentinel config set <key> <value>-- set a config value/sentinel config get <key>-- show a single config value/sentinel config reset <key>-- reset a config value to default/sentinel --blocks [N]-- show last N blocked calls with timestamp, tool, reason, and truncated params (default 5)
Configuration
There are two ways to configure Sentinel:
Interactive (recommended):
/sentinel config set <key> <value>Environment variables (CI/Docker):
export SENTINEL_DASHBOARD=true
export SENTINEL_DASHBOARD_PORT=3099Environment variables always take priority over the config file.
| Key | Env Var | Default | Description | |-----|---------|---------|-------------| | dashboard | SENTINEL_DASHBOARD | false | Enable web dashboard | | dashboardPort | SENTINEL_DASHBOARD_PORT | 3099 | Dashboard port | | shareLogs | SENTINEL_SHARE_LOGS | false | Share anonymised telemetry | | scanPath | SENTINEL_SCAN_PATH | (auto) | Path to sentinel-scan binary | | licenceKey | SENTINEL_LICENCE_KEY | (none) | Your licence key |
Config file location:
- Linux/macOS:
~/.config/sentinel/sentinel.json - Windows:
%APPDATA%\sentinel\sentinel.json
Dashboard
The dashboard provides a web UI for monitoring Sentinel activity.
- Disabled by default -- enable with
/sentinel config set dashboard true - Access at http://localhost:3099
- API token: auto-generated on first enable and saved to
~/.config/sentinel/dashboard-token - Set
SENTINEL_API_TOKENenv var to use a fixed token (recommended for persistent setups)
Block History API (v0.7.5+)
The dashboard exposes a paginated endpoint for retrieving blocked call history:
GET /api/sentinel/blocked?page=1&limit=50- Default limit: 50 (max 200)
- Response: JSON array of blocked calls with timestamp, tool name, block reason, and redacted params
- Auth: requires
SENTINEL_API_TOKEN(same as dashboard)
Use /sentinel --blocks [N] from the chat to quickly inspect recent blocks without opening the dashboard.
Secret Scanning (v0.8.0)
Runtime scanning of tool outputs for leaked credentials. Detects AWS keys, GitHub tokens, Stripe secrets, private keys, connection strings and 14 more patterns — redacted before they enter your LLM context.
Configuration:
{
"secretScanning": {
"enabled": true,
"strictness": "standard",
"scanPoints": { "toolOutput": true },
"actions": { "toolOutput": "redact_and_warn" },
"allowlist": [],
"customPatterns": []
}
}Strictness levels:
relaxed— regex only, lowest false positivesstandard— regex + entropy with context (recommended)strict— highest sensitivity
Commands:
/sentinel --secrets— view recent detections + scanning status/sentinel --secrets stats— view 24h detection counts by type
Secret scanning is disabled by default — zero behaviour change on upgrade from 0.7.x. Outbound response scanning coming in a future release.
Inbound Scanning (optional)
For inbound content scanning, install the Python scanner:
pip install sentinel-securityThe plugin works without it -- inbound scanning is simply disabled until the binary is available.
Windows
Installation
openclaw plugins install may fail with spawn EINVAL on some Windows setups. Workaround:
Open a terminal and navigate to the plugins directory:
cd %APPDATA%\openclaw\pluginsClone or copy the plugin manually:
git clone https://github.com/satvoop/Sentinel.git sentinel cd sentinel\plugin npm installRestart OpenClaw. The plugin will load normally from that point.
Python for inbound scanning
sentinel-scan requires Python 3.8+. The Python Scripts directory must be in your PATH:
%USERPROFILE%\AppData\Local\Programs\Python\Python3X\Scripts\Replace Python3X with your installed version (e.g. Python312).
Setting environment variables
PowerShell (current session):
$env:SENTINEL_LICENCE_KEY = "your-key"
$env:SENTINEL_DASHBOARD = "true"Permanent (via System Properties):
- Open Start > "Edit the system environment variables"
- Click "Environment Variables..."
- Add or edit under User variables
Node.js
Node.js 18+ is required. Download from https://nodejs.org/.
iMessage alerts
iMessage alerts are macOS only and are not available on Windows.
Config file location
Sentinel stores user data (config, alert settings, dashboard token) in:
- Linux/macOS:
~/.config/sentinel/ - Windows:
%APPDATA%\sentinel\ - Override: set
SENTINEL_CONFIG_DIRenv var to use a custom location (useful for Docker/CI)
Plugin ID mismatch warning
The plugin id is sentinel. This matches the OpenClaw config entry key.
Documentation
Full docs: https://sentinel-agents.com/docs
Free Prompt Audit
Scan your prompts for injection vulnerabilities: https://sentinel-agents.com/audit