Install Guide — Sentinel AI Agent Security

Get Sentinel running on your OpenClaw instance in under five minutes.

Requirements

✓

OpenClaw installed and running

Sentinel installs as an OpenClaw plugin. You need a working OpenClaw gateway before proceeding.

✓

Node.js 18+

Required by the OpenClaw plugin runtime. Check with node --version.

✓

Python 3.9+ with pip

Required for inbound message scanning. The installer handles this automatically — pip installs sentinel-security as part of openclaw plugins install. Check with python3 --version.

✓

Active Sentinel subscription

You need a valid licence key. Get one here if you haven't already.

Quick Install

Three commands to get Sentinel protecting your agents:

openclaw plugins install @sentinel-agents/sentinel
openclaw config set plugins.entries.sentinel.config.SENTINEL_LICENCE_KEY your-key-here
openclaw gateway restart

Replace your-key-here with the licence key from your purchase confirmation.

⚠

Windows users

If the install fails with a spawn EINVAL error, run npm install manually in the plugin directory after the install attempt. See the troubleshooting guide for full steps.

Verify

Run the Sentinel status command to confirm the plugin loaded correctly:

/sentinel

You should see output like this:

Sentinel
✓ Plugin loaded
✓ Licence valid
✓ 60 detection rules active
✓ Alerts configured (or “not configured” if skipped)

Audit Your System Prompt

The audit command scans your agent's system prompt for common security weaknesses — missing role boundaries, lack of input validation instructions, overly permissive tool access, and more.

/sentinel audit

Sentinel will analyse your system prompt and return a detailed report:

System Prompt Audit

⚠ MEDIUM No explicit instruction boundary
  Your system prompt does not separate instructions from
  user-provided content. Add a clear delimiter.

⚠ MEDIUM Tool calls not restricted
  No allowlist defined for tool usage. Consider restricting
  which tools the agent can invoke.

✓ PASS Role boundary defined
✓ PASS Output format constrained

2 issues found, 2 checks passed

Configure Alerts

Get notified in real time when Sentinel blocks a threat. Sentinel supports 8 alert destinations:

/sentinel alerts add telegram <bot-token> <chat-id>

Slack

/sentinel alerts add slack https://hooks.slack.com/services/T00/B00/xxxx

Discord

/sentinel alerts add discord https://discord.com/api/webhooks/1234/abcd

Email

/sentinel alerts add email alerts@yourcompany.com

Microsoft Teams

/sentinel alerts add teams <webhook-url>

/sentinel alerts add whatsapp <number>

iMessage

/sentinel alerts add imessage <address>

Webhook

/sentinel alerts add webhook <url>

You can add multiple providers. All configured providers receive every alert.

Test Alerts

Send a test alert to every configured provider to confirm delivery:

/sentinel alerts test

You should receive a test notification on each configured channel within a few seconds. If an alert fails, check the webhook URL and try again.

Check Status

View the full status of your Sentinel installation at any time:

/sentinel status

This shows your licence status, loaded rules, configured alerts, and recent threat activity:

Sentinel Status

Licence: Active (expires 2026-04-15)
Rules: 60 loaded (last updated 2h ago)
Alerts: Slack, Email
Scans today: 142
Threats blocked: 3

Check for updates

Keep Sentinel up to date with the latest detection rules and features:

/sentinel upgrade

Checks npm for a newer version of the plugin and prints upgrade instructions if one is available.

Next Steps

→

Troubleshooting

Common issues and how to fix them.

→

Configuration Reference

Environment variables, policy engine, and alert configuration.

→

Full Documentation

API reference, supported formats, threat types, and more.

Need help?

Stuck on installation? We're here to help.

Contact Support Troubleshooting