Tracebit Canaries
v1.0.19Use when the user wants to protect their workspace from credential theft, prompt injection, or data exfiltration — even if they don't mention "canaries" or "...
⭐ 2· 232·0 current·0 all-time
byalessandro-brucato@alessandro-brucato-tracebit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Tracebit canaries) match what the skill implements: deploying canary/honeytoken types, checking status, parsing alert emails, and guiding human-supervised incident response. Required binaries (bash, python3, curl, jq, openclaw) and the primary credential (TRACEBIT_API_TOKEN) are consistent with the described CLI-based workflow and browser-driven signup.
Instruction Scope
SKILL.md instructs the agent to read limited agent memory files during investigation (memory/*) but explicitly requires human confirmation before each read; it also writes three temporary/append-only files (/tmp/tracebit-setup-creds, HEARTBEAT.md, memory/security-incidents.md). This scope is appropriate for IR playbooks but relies on strict human gating — users should confirm they are comfortable with the documented memory reads and the temporary file behavior.
Install Mechanism
There is no opaque installer embedded in the skill; helper scripts download the Tracebit CLI from the project's GitHub Releases and enforce SHA256 verification (abort if checksums are missing). Download-from-GitHub + checksum verification is a reasonable, traceable install mechanism for this use case.
Credentials
Only one API credential (TRACEBIT_API_TOKEN) is declared as the primary credential and there are no unrelated secret env vars requested. The metadata lists limited plugin permissions (read-only email search, send to the user's messaging channel) which align with the described notification and inbox-check functionality.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous-invocation defaults. It does not request system-wide configuration changes or other skills' credentials. File writes are scoped (temporary / append-only agent memory) and the SKILL.md repeatedly enforces human confirmation for deployment and rotation steps.
Assessment
This skill is consistent with its stated purpose, but it operates on sensitive surfaces—canaries are intentionally placed in credential-like locations and incident investigation may read agent memory files. Before enabling: (1) confirm you trust the Tracebit service and GitHub repo; verify the release checksum yourself when installing; (2) ensure you are comfortable granting read-only email access and messaging send-to-your-channel; (3) only proceed in interactive/human-supervised mode (do not permit unattended deployment); (4) be aware the CLI will place decoy credentials in locations you choose (do not deploy canaries into systems used by production workloads); (5) ensure the temporary signup file (/tmp/tracebit-setup-creds) will be removed and that the incident log path (memory/security-incidents.md) is acceptable for append-only logging. If you want stronger assurance, request the CLI source review or run installation in an isolated machine/user account first.Like a lobster shell, security has layers — review code before you run it.
latestvk979nfwcbhxd1n61yjkc9hzn81845x7v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🐦 Clawdis
Binsbash, python3, curl, jq, openclaw
Primary envTRACEBIT_API_TOKEN