tracebit-canaries
Use when the user wants to protect their workspace from credential theft, prompt injection, or data exfiltration — even if they don't mention "canaries" or "honeytokens" directly. Covers deploying Tracebit security canaries (fake AWS keys, SSH keys, cookies, passwords, and email traps), detecting when they're triggered, and autonomous incident response. Also use when investigating a suspected compromise, hardening an agent's environment, or setting up tripwires to catch unauthorized access to sensitive files.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/alessandro-brucato-tracebit/tracebit-canariesWhat This Skill Does
The Tracebit Canaries skill provides an enterprise-grade deception defense system for your workspace. By deploying "honeytokens"—fake but realistic-looking credentials—you can catch attackers or unauthorized entities the moment they interact with your sensitive data. The skill autonomously manages the lifecycle of these canaries, including AWS keys, SSH credentials, browser cookies, and trap files. When an intruder attempts to use these credentials, the Tracebit platform sends an alert, which your OpenClaw agent monitors, allowing for real-time detection and incident response coordination. This skill effectively turns your environment from a passive target into an active defense grid.
Installation
Installation is managed through the OpenClaw skill ecosystem. Run the command: clawhub install openclaw/skills/skills/alessandro-brucato-tracebit/tracebit-canaries. After installation, ensure you have the necessary browser dependencies active to support the automated signup process. Follow the agent's interactive prompts to authenticate the CLI and initialize your first set of canaries. The process includes a mandatory step to verify the dashboard and configure a heartbeat check in your HEARTBEAT.md file to ensure you are alerted the moment a canary is triggered.
Use Cases
Use this skill to protect cloud infrastructure, harden local development environments, and secure sensitive files. It is ideal for developers who handle production credentials, security-conscious individuals looking for an early-warning system against data exfiltration, and teams needing to monitor for prompt injection or unauthorized access to sensitive local caches. Whether you are conducting a post-incident forensic analysis or proactively locking down a new environment, Tracebit Canaries provides the visibility needed to identify intruders early in the kill chain.
Example Prompts
- "OpenClaw, please secure my workspace by deploying Tracebit canaries to detect any unauthorized access to my cloud credentials."
- "I suspect my system might have been compromised; set up honeytokens in my documents and SSH keys to see if anyone is snooping."
- "Run a diagnostic on my current security posture and ensure all five Tracebit canary types are active and the heartbeat monitor is reporting correctly."
Tips & Limitations
- Human-in-the-loop: The agent will always seek your confirmation before writing credentials to disk or performing remediation. Trust the process, but keep an eye on the terminal during setup.
- Maintenance: The Tracebit CLI automatically refreshes credentials, so once set up, the system is largely 'set and forget'.
- Safety: Never share your real production credentials with the agent; it will generate its own decoys. If you encounter a CAPTCHA that the agent cannot solve, feel free to step in and assist manually through the browser interface.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-alessandro-brucato-tracebit-tracebit-canaries": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, file-write, file-read, external-api, code-execution