AgentSentinel Safety Layer
by @jimmystacks
Local-first budget and policy guardrails for agent actions, with optional remote sync to AgentSentinel.
clawhub install agent-sentinelπ About This Skill
name: agent-sentinel description: Local-first budget and policy guardrails for agent actions, with optional remote sync to AgentSentinel. homepage: https://github.com/jimmystacks/agent-sentinel metadata: {"openclaw":{"emoji":"π‘οΈ","homepage":"https://github.com/jimmystacks/agent-sentinel/tree/main/skills/agent-sentinel","primaryEnv":"AGENT_SENTINEL_API_KEY","files":["sentinel_wrapper.py","README.md","CHANGELOG.md"],"requires":{"bins":["python3"]}}}
AgentSentinel Protection Layer
Use this skill when you want a local policy gate before an agent performs a costly or risky action.
This OpenClaw skill is the lightweight entry point to the broader AgentSentinel product:
AgentSentinel is local-first by default:
sync with an API key configured.When To Use It
Use AgentSentinel before:
Commands
check
Check whether a proposed action is allowed under the current local policy and budget.
python3 sentinel_wrapper.py check --cmd "rm -rf build" --cost 0.05
status
Show the current local status, including budget usage and whether optional remote sync is enabled.
python3 sentinel_wrapper.py status
sync
Upload locally recorded events to AgentSentinel cloud when AGENT_SENTINEL_API_KEY is set.
python3 sentinel_wrapper.py sync
bootstrap
Create a default callguard.yaml in the current workspace if one does not already exist.
python3 sentinel_wrapper.py --bootstrap
reset
Reset local tracked spend for the current run, or for the entire local session state.
python3 sentinel_wrapper.py reset --scope run
python3 sentinel_wrapper.py reset --scope all
Configuration
Policy is loaded from callguard.yaml in the current workspace when present.
Optional cloud mode is enabled by setting:
AGENT_SENTINEL_API_KEYIf the API key is not present, the skill remains local-only.
Locally recorded events stay on-machine until sync is run.
AgentSentinel Product Path
Use this skill if you want fast local guardrails inside OpenClaw.
Use the AgentSentinel SDK when you want:
Use the AgentSentinel platform when you want:
External Endpoints
| Endpoint | When it is called | Data sent |
| --- | --- | --- |
| https://api.agentsentinel.dev | Only when AGENT_SENTINEL_API_KEY is present and python3 sentinel_wrapper.py sync is run | locally recorded action events generated by AgentSentinel |
Security And Privacy
.env or other files.AGENT_SENTINEL_API_KEY and an explicit sync command.Model Invocation Note
OpenClaw may invoke this skill automatically when the task suggests budget enforcement, policy checks, or action gating. That behavior is expected for an installed skill.
Trust Statement
By enabling remote sync, you allow AgentSentinel telemetry to be sent to agentsentinel.dev. Only enable that mode if you trust the service and want centralized monitoring.
βοΈ Configuration
Policy is loaded from callguard.yaml in the current workspace when present.
Optional cloud mode is enabled by setting:
AGENT_SENTINEL_API_KEYIf the API key is not present, the skill remains local-only.
Locally recorded events stay on-machine until sync is run.