Scans your OpenClaw environment for leaked secrets — API keys, tokens, credentials in .env files, installed skills, and shell history. Runs silently on startup, deep scans on demand. Fixes issues with your permission.
数据来源:ClawHub。 在 ClawSkills 查看
选择你使用的 Agent
方法一:命令行安装(推荐)
推荐(无需提前安装 clawhub)
npx clawhub@latest --dir ~/.claude/skills install canary或使用 clawhub CLI(需提前安装)
clawhub --dir ~/.claude/skills install canary⚠️ 需要 Node.js 18+,没有 Node?请使用下方方法二直接下载 ZIP。 安装 Node.js →
方法二:手动下载安装(无需 Node)
下载 ZIP,解压后将文件夹放到以下路径,重启 Agent 即可:
安装路径
~/.claude/skills/canary/💡解压后将文件夹放到上方路径,重启 Agent 即可生效
--- name: canary description: > Scans your OpenClaw environment for leaked secrets — API keys, tokens, credentials in .env files, installed skills, and shell history. Runs silently on startup, deep scans on demand. Fixes issues with your permission. tags: - security - secrets - credentials - hardening - audit - privacy version: 1.0.0 ---
Your agent's early warning system for exposed secrets.
Canary watches for leaked API keys, tokens, passwords, and credentials hiding in your OpenClaw environment. It explains what it finds in plain language — no security jargon — and offers to fix problems for you with a single confirmation.
---
Canary operates in two modes:
Every time OpenClaw starts, Canary performs a quick, silent check of the most critical locations:
~/.openclaw/.env and ~/.clawdbot/.env for plaintext credentials.env files in the active workspaceIf everything is clean: Canary stays silent. If something is found: Canary shows a short alert with the option to fix it or get more detail.
Ask for a full security check whenever you want. The deep scan covers everything in the light scan plus:
~/.ssh/) for weak permissions.netrc, .npmrc, .pypirc, Docker config, AWS credentials, etc.)---
Canary uses pattern matching and heuristic checks to detect:
| Secret Type | Examples | Where It Looks | |---|---|---| | API Keys | Shodan, VirusTotal, OpenAI, Anthropic, AWS, GCP, Stripe, GitHub tokens | .env files, skill configs, shell history, git repos | | Passwords | Plaintext passwords in configs, database connection strings with embedded passwords | Config files, .env, .netrc, skill directories | | Private Keys | SSH private keys, PEM files, JWTs with embedded secrets | ~/.ssh/, workspace, skill directories | | Cloud Credentials | AWS access keys, GCP service account JSON, Azure tokens | ~/.aws/, ~/.config/gcloud/, env vars, configs | | Tokens & Sessions | OAuth tokens, bearer tokens, session cookies, webhook URLs | Chat history, shell history, .env files | | Local System Files | Credential exports, service account JSONs, PEM/key files, password manager CSV exports, Kubernetes tokens, Terraform state secrets, database passwords | ~/Downloads/, ~/Desktop/, ~/Documents/, ~/.kube/config, *.tfstate, ~/.config/, ~/Library/Application Support/, ~/.my.cnf, ~/.pgpass, browser password export CSVs, Redis/MongoDB configs |
Each finding gets a clear severity:
---
âš ï¸ Canary will never change, move, or delete anything on your system without asking you first. Every fix is shown to you in full before it happens. You can always say no, and Canary will give you a step-by-step guide to do it yourself instead.
| Issue | What Canary Will Do (with your OK) | You'll See | |---|---|---| | Your .env file can be read by other users on this machine | Make the file private to your account only | "Your API keys are visible to others on this computer. Mind if I make this file private?" | | Secret pasted in your shell history | Remove that one line from your history | "Your Stripe key is in your command history. OK to remove just that line?" | | SSH key file isn't locked down | Restrict the key file to your account only | "Your SSH key is a little too open. OK if I tighten it up?" | | API key hardcoded inside a skill | Move the key to your .env file and reference it from there | "Found an API key written directly in a skill. Want me to move it somewhere safer?" | | Secret committed to a git repo | Add the file to .gitignore so it won't be shared again | "A secret got saved in your git history. I can stop it from spreading — but you'll also want to get a fresh key." | | Credential file sitting in Downloads/Desktop/Documents | Move the file to a secure location with private permissions | "There's a key file just sitting in your Downloads. Want me to tuck it somewhere safe?" | | Kubernetes config with embedded tokens is too open | Make the config file private to your account | "Your Kubernetes config has tokens in it and it's a bit exposed. OK to lock it down?" | | Terraform state file with plaintext secrets | Flag and restrict file permissions | "Your Terraform state has passwords in plain text. Mind if I restrict who can read it?" | | Database config with embedded password | Restrict the config file to your account only | "Your database config has a password that others can see. OK to make it private?" | | Browser password export CSV left unprotected | Move to a secure location or securely delete | "There's an exported password file out in the open. Want me to move it somewhere private, or just delete it?" |
If you say no to any fix, Canary will walk you through doing it yourself — plain language, step by step, no jargon.
Before every fix, Canary creates a backup of the affected file at with a timestamp (e.g., .env.2026-02-07T14:30:00.bak). If anything goes wrong, you can ask Canary to roll back:
Backups are stored with owner-only permissions and automatically deleted after 7 days. Canary will never back up files in a way that creates additional copies of secrets in less-secure locations.
Backup security:
/.canary/backups/ is permanently excluded from all scans to avoid false feedback loops where Canary re-flags the secrets it just backed up.700). If another process changes these permissions, Canary will alert the user on the next startup.---
You are the Canary security skill. Your job is to protect the user's secrets and credentials.
...
安装 Canary 后,可以对 AI 说这些话来触发它
Help me get started with Canary
Explains what Canary does, walks through the setup, and runs a quick demo based on your current project
Use Canary to scans your OpenClaw environment for leaked secrets — API keys, to...
Invokes Canary with the right parameters and returns the result directly in the conversation
What can I do with Canary in my developer & devops workflow?
Lists the top use cases for Canary, with example commands for each scenario
将技能文件夹放到 ~/.claude/skills/canary/ 目录(个人级,所有项目可用),或 .claude/skills/canary/(项目级)。重启 AI 客户端后,用 /canary 主动调用,或让 AI 根据上下文自动发现并使用。
Canary 支持 Claude、Cursor、OpenClaw,可与这些 AI 平台无缝集成,扩展其能力。
Canary 可免费安装使用。请查阅仓库了解许可证信息。
Scans your OpenClaw environment for leaked secrets — API keys, tokens, credentials in .env files, installed skills, and shell history. Runs silently on startup, deep scans on demand. Fixes issues with your permission.
Canary 属于「Developer & DevOps」分类,该分类的技能帮助 AI 智能体在此领域执行专业任务。
Automate my developer & devops tasks using Canary
Identifies repetitive steps in your workflow and sets up Canary to handle them automatically