ClawHub

Canary

v1.0.0

Scans your OpenClaw environment for leaked secrets — API keys, tokens, credentials in .env files, installed skills, and shell history. Runs silently on startup, deep scans on demand. Fixes issues with your permission.

0· 1.4k·3 current·3 all-time
by@sukiraman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (local secret scanner that runs on startup and can auto-fix) aligns with the detection/fix actions described in SKILL.md/README, but the package is instruction-only with no install spec or installer hooks. Claims like 'runs silently on startup' and 'creates .canary backups and integrity checks' imply persistent filesystem integration and startup installation that are not implemented or declared. That mismatch is a red flag: either the metadata overpromises or required install steps are missing.
Instruction Scope
The SKILL.md and claude-project files explicitly instruct scanning highly sensitive locations (home, ~/.ssh, shell history, git history, workspace skill dirs) and provide concrete shell commands — which is coherent with a secrets scanner. The docs emphasize not requesting secret values and masking, but the flow relies on users pasting terminal output into the conversation; that creates a real risk of accidental exfiltration if users paste secrets. The instructions also describe making on-disk changes (chmod, moving files, removing history lines) — reasonable for the purpose but potentially intrusive when applied to other skills' folders, and these actions require careful user confirmation and clear backup/rollback behavior.
!
Install Mechanism
There is no install spec, no code, and no startup hook provided, yet the README and SKILL.md repeatedly claim automatic startup scans, encrypted backups, and integrity verification. An instruction-only skill cannot by itself implement 'run on startup' or create runtime files unless the platform or an installer adds those behaviors. This inconsistency should be resolved before trusting the skill to run automatically or perform fixes.
Credentials
The skill declares no environment variables, credentials, or required binaries — which is proportionate for an advisory/instruction-only checker. The places it reads are exactly the sensitive locations you'd expect a secret scanner to examine. There is no declared external credential or network access, consistent with the README's claim of local-only scanning; however, the actual behavior will depend on how/if any install hooks run on the host.
!
Persistence & Privilege
The skill asserts persistent behavior (light scan on every OpenClaw startup, backups in <workspace>/.canary/, integrity checks) but has no mechanism to install that persistence. 'always: false' is appropriate, but if the skill were later packaged with an installer to realize these claims, that persistent capability would significantly increase risk because it involves repeated access to many sensitive files. At present there is an unimplemented promise of persistence that should be clarified.
What to consider before installing
This package looks like a plausible secrets scanner, but its claims about automatic startup scans, encrypted backups, and integrity checks are not backed by any install code or startup hooks in the files you were given. Before installing or enabling this skill: - Treat it as advisory-only until the maintainer provides a clear install script or documented startup hook. Instruction-only SKILL.md content cannot autonomously run on your machine. - Do NOT paste actual secret values into a chat. When testing, paste only command output that has been scrubbed or masked, and follow the project's own rule to never paste secrets. - If you want automated on-start scans and auto-fix, ask for (or inspect) the installer/startup code and a clear description of what files it will create, where backups are stored, and how backups are encrypted and purged. Verify any installer code (and any URLs it downloads from) before running it. - Confirm that backups (e.g., <workspace>/.canary/backups/) will not leak sensitive content to other users or to remote services; request proof of the claimed local-only behavior (no telemetry or network calls). - Prefer running the skill in advisory mode first (e.g., via the provided Claude Project instructions) so you can evaluate commands and results manually before allowing any automated changes. If the author supplies a vetted install script and startup integration, re-evaluate that code for download URLs, extracted archives, and any network callbacks before granting it persistent privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk97at39p9443rydp683dhwce9x80qkd1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments