← 返回 Skills 市场

Tracebit Canaries

Name: Tracebit Canaries
Author: alessandro-brucato-tracebit

作者 alessandro-brucato · GitHub ↗ · v1.0.20 · MIT-0

cross-platform ✓ 安全检测通过

351

总下载

当前安装

版本数

在 OpenClaw 中安装

/install tracebit-canary-honeytokens

功能描述

Use when the user wants to protect their workspace from credential theft, prompt injection, or data exfiltration — even if they don't mention "canaries" or "...

安全使用建议

This skill appears coherent for deploying and monitoring security canaries, but before installing: 1) Verify you trust the Tracebit project and the GitHub repo referenced (github.com/tracebit-com/tracebit-community-cli). 2) Confirm your OpenClaw platform enforces the human-confirmation gates (email read-only, memory-file reads require explicit approval, and no autonomous writes to credential locations). 3) Keep the temporary signup file (/tmp/tracebit-setup-creds) protected and never paste its contents into conversation; the skill warns not to output the password. 4) When installing, check the CLI release SHA256 fingerprint yourself (the script enforces verification). 5) Understand that the CLI (not the skill) will place decoy credentials into standard credential locations — deploy only after you are ready and have documented where canaries will be placed.

功能分析

Type: OpenClaw Skill Name: tracebit-canary-honeytokens Version: 1.0.20 The skill bundle is a legitimate security tool for deploying and monitoring Tracebit canaries (honeytokens). It demonstrates high transparency with a dedicated security-compliance.md, an incident response playbook, and a full removal script. High-risk operations like CLI installation (install-tracebit.sh) and canary deployment are protected by mandatory SHA256 checksum verification and explicit human-in-the-loop confirmation gates. The agent instructions in SKILL.md are clearly aligned with the stated purpose and include proactive safety measures to prevent autonomous actions or credential exposure. All network activity is restricted to official Tracebit and GitHub endpoints (community.tracebit.com and github.com/tracebit-com).

能力标签

cryptorequires-walletrequires-oauth-token

能力评估

✓ Purpose & Capability

The name/description (canaries/honeytokens) matches required binaries (tracebit CLI install, curl, jq, python3) and the primary credential (TRACEBIT_API_TOKEN). Requested email-read and messaging-send permissions align with detecting alert emails and notifying the human owner. The included scripts and reference docs are appropriate for deployment, testing, parsing alerts, and incident playbooks.

ℹ Instruction Scope

SKILL.md instructs the agent to perform sign-up, install the CLI, place a temporary signup password in /tmp/tracebit-setup-creds, append incident entries to memory/security-incidents.md, and (after human confirmation) deploy canaries into standard credential locations via the CLI. The SKILL.md explicitly requires human confirmation before sensitive reads/writes (memory files, deployment, rotation) and states email access is read-only. These human-gated constraints are appropriate but rely on the platform to enforce them.

✓ Install Mechanism

The install script downloads releases from the GitHub repo (github.com/tracebit-com/tracebit-community-cli) and enforces SHA256 verification (falls back to SHA256SUMS). Download-from-GitHub + mandatory checksum verification is a low-to-moderate risk, and matches the stated install behavior in SKILL.md.

✓ Credentials

Only a single primary credential (TRACEBIT_API_TOKEN) is required for the Tracebit API; no unrelated secrets or broad system credentials are requested. The skill asks to read memory files and to write an append-only incident log and a temporary signup password file — each action is documented and human-confirmed in the playbook.

✓ Persistence & Privilege

always:false (no forced installation). The skill requires agent invocation privileges (normal). Runtime constraints in SKILL.md require explicit human consent for deployments, memory reads, and canary rotations. The skill does not request system-wide elevation and delegates credential placement to the CLI.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install tracebit-canary-honeytokens
安装完成后，直接呼叫该 Skill 的名称或使用 /tracebit-canary-honeytokens 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.20

No file changes detected in this release. - No code or documentation updates were made in version 1.0.20. - Functionality and execution remain unchanged from the previous release.

v1.0.19

No file changes detected in this version. - No updates or modifications were made to the skill in version 1.0.19.

v1.0.18

No user-facing changes in this version. - Internal version update; no changes to code or documentation detected.

v1.0.17

No user-facing changes. - No file changes detected in this release. - Behavior, features, and documentation remain unchanged from the previous version.

v1.0.16

- Expanded required environment fields and permission details in the skill metadata for greater transparency. - Permissions section now explicitly lists all messaging, email, and filesystem access (including specific read/write paths). - Clarified that email features use the user's pre-authorized account via plugins, not direct access. - Added specific requirements for environment variables and configuration plugins for correct operation. - No changes to core behavior or user workflow.

v1.0.15

tracebit-canaries 1.0.15 - Enhanced Security & Transparency section: now explicitly lists what the skill writes to disk and clarifies the responsibilities of the skill versus the Tracebit CLI. - Added more explicit details about install script behavior, CLI verification, and email access. - Reinforced that the skill itself never writes to credential locations, only the CLI does after human approval. - Clarified that only fake decoy credentials are deployed—never real credentials. - General documentation improvements for user clarity and trust.

v1.0.14

- Updated description for clarity around canary types, email tool use, and incident response supervision. - Revised CLI installation instructions: instruct users to open macOS installer packages directly, following standard system dialogs. - No file or logic changes; documentation improvements only. - No impact to safety posture or permissions.

v1.0.13

No file changes detected for version 1.0.13. - No code or documentation changes were identified in this release. - Functionality and feature set remain unchanged from the previous version.

v1.0.12

**Summary: This release introduces improved transparency, more explicit safety controls, and stricter permissions.** - Added detailed safety posture and reversibility/disclosure section for compliance clarity. - Explicitly documents all required permissions, including read-only email search and user-channel messaging only. - Strengthened red lines: blocks autonomous credential writes, disables checksum bypass, and limits all file writes to Tracebit CLI only. - Install step now documents SHA256 verification as mandatory, and gives per-platform manual install instructions. - Clarifies that the CLI background service does not perform network calls or file access beyond token auto-refresh. - Tightened runtime constraints: full user consent required for all access, and credential rotation/remediation needs human acknowledgment.

v1.0.11

## tracebit-canaries v1.0.11 Changelog - Added new security compliance reference: `references/security-compliance.md` - Removed old cleanup reference: `references/cleanup.md` - Updated and simplified SKILL.md: - Clarified human confirmation points, password handling, and tool prerequisites - Improved step instructions and made error handling more concise - Updated safety metadata and OpenClaw requirements - No changes to core functionality or CLI usage

v1.0.10

### tracebit-canaries 1.0.10 - Added `references/cleanup.md` documentation file. - SKILL.md updated for clearer descriptions, stricter safety constraints, and improved execution steps. - Installation and authentication flow clarified; browser and CLI usage instructions improved. - Canaries setup and validation requirements made more explicit. - Human confirmation gates and error cases more formally documented.

v1.0.9

tracebit-canaries 1.0.9 - Added explicit user consent prompt before accessing Gmail (read-only), messaging, and performing Tracebit CLI operations. - Updated metadata: now declares permissions for Gmail read-only access (via gog) and messaging (user channel only), and requires plugins.gog.accounts in config. - Clarified in the documentation and metadata that all access requires upfront user confirmation, and Gmail reading must have user consent. - No code changes detected; documentation and metadata improvements only.

v1.0.8

tracebit-canaries 1.0.8 - Expanded the list of required system dependencies in metadata: now explicitly requires curl, jq, and python3 in addition to gog. - Clarified that the agent should only ask the human for confirmation before sensitive operations or remediation, not for all steps. - Minor language updates throughout documentation for accuracy and conciseness. - No file or logic changes; documentation and metadata improvements only.

v1.0.7

- Human confirmation is now required before deploying canary tokens; the skill will wait for explicit approval before running any command that writes to credential locations. - The skill never writes to credential files directly—only the open-source Tracebit CLI handles credential deployment. - Strengthened metadata and documentation to clarify security boundaries, file access, and runtime constraints. - Improved transparency: all sensitive operations (like canary deployment or rotation) require human involvement and cannot be performed autonomously. - Expanded safety notes and requirements to reinforce that notifications go only to the user's messaging channel, and all actions are fully reversible.

v1.0.6

tracebit-canaries 1.0.6 - Clarified required environment variables and configuration in metadata, specifying "gog" bin, "TRACEBIT_API_TOKEN", and "plugins.messaging" - Simplified metadata and paths: introduced concise "reads" and "writes" fields in place of more verbose local path descriptions - Updated execution requirements to emphasize browser tool usage (not system browser), precise handling of user-supervised steps, and clarification of error reporting - Expanded and clearly numbered "Definition of Done" checklist for successful setup validation - Improved transparency: condensed and streamlined descriptions of security boundaries, local file use, notification limits, and uninstallability - No file or functional code changes—documentation/metadata clarity updates only

v1.0.5

tracebit-canaries 1.0.5 - Updated metadata to specify that the tracebit CLI binary is SHA256-verified during installation for enhanced security. - Added explicit mention of background daemons (macOS: launchd, Linux: systemd) and instructions for stopping/removal in the metadata. - No functional changes to the code or user-facing workflows.

v1.0.4

- Add explicit support for `jq` as a required dependency; clarify that it must be installed before activation. - Improved incident response: upon canary firing, the agent now performs read-only investigation of recent agent memory and logs, writing only to an append-only incident log (`memory/security-incidents.md`). - Formalize messaging requirements: skill now requires a pre-configured messaging channel (Telegram, Discord, Slack, etc.) in OpenClaw and is used strictly to notify the user of canary alerts and investigation results. - Expanded documentation of all local paths read and written (including new incident log and stricter file boundaries). - Refined authentication flows, credential handling, and clarified what is managed by this skill versus system prerequisites.

v1.0.3

Version 1.0.3 Changelog for tracebit-canaries - Added explicit skill metadata, including required binaries, environment variables, local file paths used, and external endpoints. - Enhanced security and transparency documentation, clarifying what the skill does and does not do (e.g., never modifies real credentials, always runs under user supervision). - Updated password handling: Tracebit signup password is now stored in a secure temporary file with 600 permissions instead of being shown in output; user is instructed to reset it promptly. - Refined language throughout to emphasize user oversight, auditability, and human-in-the-loop workflow. - No code changes; this release focuses on documentation accuracy and security assurances.

v1.0.2

- Removed the file `references/gmail-hook-setup.md`. - No functional or documentation changes to the skill's usage or core instructions. - Simplifies the repository by removing an unused or outdated reference file.

v1.0.1

- Removed the Gmail alert hook and related configuration; replaced live Gmail webhook notification with a 30-minute heartbeat inbox polling for canary alert detection. - Updated the Definition of Done: reduced required steps from 7 to 6, removing PubSub/hook setup, and now require heartbeat polling logic to be present in HEARTBEAT.md. - Updated documentation to reflect the new alert pipeline using inbox polling instead of immediate Gmail webhook integration. - Removed the `assets/hook-config.json` file as part of deprecating the live Gmail alert hook.

元数据

Slug tracebit-canary-honeytokens

版本 1.0.20

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 21

常见问题

Tracebit Canaries 是什么？

Use when the user wants to protect their workspace from credential theft, prompt injection, or data exfiltration — even if they don't mention "canaries" or "... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 351 次。

如何安装 Tracebit Canaries？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tracebit-canary-honeytokens」即可一键安装，无需额外配置。

Tracebit Canaries 是免费的吗？

是的，Tracebit Canaries 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Tracebit Canaries 支持哪些平台？

Tracebit Canaries 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Tracebit Canaries？

由 alessandro-brucato（@alessandro-brucato-tracebit）开发并维护，当前版本 v1.0.20。