Canary
v1.0.8Safety monitoring and tripwire detection for AI agents. Protects against unauthorized file access, dangerous commands, and excessive activity. Auto-halts on...
⭐ 0· 291·1 current·1 all-time
byShadow Rose@theshadowrose
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md examples, and included Python modules (canary.py, canary_tripwire.py, canary_audit.py, config examples) all align: functionality is focused on path/command pattern checks, tripwire honeypots, rate limiting and audit logging. There are no unrelated environment variables, cloud credentials, or external services required that would be disproportionate to the stated purpose.
Instruction Scope
Runtime instructions are narrowly scoped: call check_path/check_command, create and check tripwires, and run audit scripts. The SKILL.md does direct creation of honeypot files and writing logs/registries under the user's filesystem (config.json, canary.log, .canary_tripwires), which is expected behavior for a tripwire/audit tool and is documented in LIMITATIONS.md.
Install Mechanism
No install spec; it's an instruction-only skill bundled with Python source. The code claims to use only Python 3.7+ stdlib and the files provided match that claim (no external package imports). No downloads, package installs, or remote executable fetches are present.
Credentials
The skill requests no environment variables or credentials. It does operate on filesystem paths (including sensitive locations when you choose to place tripwires there) and writes local log/registry files; those filesystem actions are proportional to a tripwire/audit tool but worth noting because tripwires deliberately target sensitive locations like ~/.aws/ as part of their purpose.
Persistence & Privilege
The skill persists state and logs to local files (canary.log, .canary_tripwires/registry.json, alerts.log). It does not request elevated OS privileges or try to modify other skills or system-wide agent settings. Note that 'always' is false and the agent must be written to call Canary checks — Canary does not enforce kernel-level sandboxing.
Assessment
This package appears to be what it claims: a local, regex-based safety monitor and tripwire manager. Before installing, consider: (1) it will create and write files in your working directory and under your home (canary.log, .canary_tripwires, any tripwire paths you create) — review and choose safe tripwire locations; (2) it uses regex matching only and can be bypassed by obfuscation/encodings or by an agent that ignores the checks (LIMITATIONS.md documents this); (3) it does not send logs off-host by default (no network calls in provided code), but you should review any modifications if you add alerting hooks; (4) run agents with least privilege (container/limited user) and confirm your agent actually invokes Canary before executing sensitive actions. If you need enforcement beyond advisory checks, add OS-level sandboxing or auditing (auditd, containers).Like a lobster shell, security has layers — review code before you run it.
canaryvk970whkwv2z16wkfdx0x7g4tkd82jcy3latestvk977w9k8xbch53g6dtf3c83cfd82m87kmonitoringvk970whkwv2z16wkfdx0x7g4tkd82jcy3qualityvk970whkwv2z16wkfdx0x7g4tkd82jcy3testingvk970whkwv2z16wkfdx0x7g4tkd82jcy3validationvk970whkwv2z16wkfdx0x7g4tkd82jcy3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.