Now available

Your agents run autonomously. Who audits them?

Automated security audits for Claude Code agent deployments. Identity tamper detection, secret scanning, CVE checks. One plugin, five modules, zero dependencies.

# install the plugin
> /plugin marketplace add vdk888/bubble-sentinel
> /plugin install bubble-sentinel@bubble-sentinel
# run a full audit
> /security-audit
✓ 5 modules · 17 secret patterns · 0 external deps
Five modules

Everything your agents need audited

Each module runs independently. Configure which ones to enable, customize detection patterns, get structured JSON output for CI/CD.

Unique to Sentinel

Identity Tamper Detection

Tracks SHA-256 snapshots of every agent identity and config file. If CLAUDE.md, agent definitions, or system prompts change without your knowledge, Sentinel raises a CRITICAL alert. The attack surface nobody else monitors.

MODULE identity_tamper
TRACKS CLAUDE.md, agents/*.md, hooks/
METHOD SHA-256 snapshot diffing
ALERT CRITICAL on any modification
OUTPUT file, previous_hash, current_hash

Infrastructure Hardening

SSH config audit, firewall status, OS update checks, file permission scans, environment secret validation. Full coverage on macOS and Linux.

Secret Scanner

17 built-in regex patterns catch AWS keys, Anthropic and OpenAI tokens, Stripe secrets, GitHub PATs, GitLab tokens, private keys, DB connection strings. Add your own custom patterns via config.

Dependency CVE Checker

npm audit (v6 + v7 compatible), Python pip and Pipfile via the OSV API, Rust cargo-audit. Public CVE databases only. Zero false positives by design.

Project Dispatcher

Multi-project scanning with automatic detection of code vs document repositories. Locale-aware PII detection covering English, French, and German patterns.

Setup

Running in under two minutes

Subscribe, accept the GitHub invite, install the plugin. That's it.

Subscribe

Enter your GitHub username at checkout. We grant access to the private plugin repo within minutes.

Accept invite

Check your GitHub notifications for the repo invite. Accept it to unlock plugin access.

Install plugin

Two commands in Claude Code:
/plugin marketplace add
/plugin install

Run audit

Type /security-audit and get a full report. Auto-updates on every Claude Code startup.

Pricing

One plan. Everything included.

Sentinel Pro
€29/mo
Billed monthly. Cancel anytime.
  • All 5 audit modules
  • Identity tamper detection with SHA-256 snapshots
  • 17 secret patterns + custom pattern support
  • Multi-project scanning with PII detection (EN/FR/DE)
  • JSON output for CI/CD pipelines
  • Auto-updates on every startup
  • Zero external dependencies (Python stdlib only)

Secure checkout via Stripe. You'll enter your GitHub username during payment.

Prerequisites

This agent runs on Claude Code. You will need:

✓ A GitHub account ✓ Claude Code installed on your machine ✓ A Claude Pro subscription (~$20/mo)

The agent installs in 2 commands and auto-updates.

FAQ

Questions

Your GitHub access to the plugin repository is revoked at the end of the billing period. The plugin will stop receiving updates and will no longer function after the current version expires. No data is deleted from your system.
Yes. The plugin is distributed as a private GitHub repository. You have full read access to the source code as long as your subscription is active. This is standard Python, no compiled binaries, no obfuscation.
Yes. Sentinel supports both macOS and Linux. The infrastructure hardening module adapts its checks to each platform (launchctl vs systemctl, ufw vs pfctl, etc). Dependency scanning and secret detection work identically on both.
Claude Code pulls the latest version of the plugin from the GitHub repo every time it starts. You always run the newest version automatically. No manual update steps required.
Sentinel requires Claude Code with plugin support. Any version from the 2025 release onward that supports the /plugin command will work.
Bubble Invest. We run 20+ scheduled Claude Code agents in production across investment analysis, content generation, and infrastructure management. Sentinel was built because we needed it ourselves first.
No worries. Installation requires Claude Code and a GitHub account. If you run into any issue, contact us at [email protected] or book a slot on our Calendly. We'll guide you in under 10 minutes.