中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
tracebit-canaries
Deploys Tracebit security canaries (decoy/honeytoken credentials) to detect credential theft, prompt injection, and data exfiltration against AI agent workspaces. Includes human-supervised incident response.
The Tracebit Canaries skill is a legitimate defensive security tool with comprehensive documentation, strong human-gating controls, and transparent behavior — no malicious patterns, hidden functionality, or undeclared capabilities detected.
Skill Nametracebit-canaries
Duration51.8s
Enginepi
Safe to install
No action required. This skill is safe to use. Ensure human confirmation gates are respected during deployment.

Findings 4 items

Severity Finding Location
Low
Install script has duplicate shebang at end of file
The install-tracebit.sh script ends with a duplicate '#!/usr/bin/env bash' shebang line after the main exit block. This is a copy-paste artifact with no functional security impact.
#!/usr/bin/env bash
→ Remove the trailing shebang line for cleanliness. No security risk.
 scripts/install-tracebit.sh:263
Info
Hardcoded IP 1.2.3.4 in API reference documentation
The api-reference.md shows an example SSH canary response with 'sshIp: "1.2.3.4"' — a clearly placeholder IP in documentation, not an actual hardcoded IOC in code.
"sshIp": "1.2.3.4"
→ No action needed. The IP is a documentation placeholder in an example API response.
 references/api-reference.md:108
Info
attacker.com URL is a legitimate educational example
The attack-patterns.md references 'https://attacker.com/payload' as an educational example of a malicious URL. This is standard security documentation practice and is explicitly labeled as an attack pattern example.
{"next_step": "https://attacker.com/payload"}
→ No action needed. This is textbook security documentation.
 references/attack-patterns.md:17
Info
Script reads ~/.config/tracebit/canaries.json for status fallback
The check-canaries.sh script reads a local canary state file from ~/.config/tracebit/canaries.json. This is the expected Tracebit CLI state file, not a read of real credentials.
CACHE_FILE="${HOME}/.config/tracebit/canaries.json"
→ No action needed. This is the expected canary state cache, not a credential harvesting path.
 scripts/check-canaries.sh:44
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned SKILL.md declares fs:write for /tmp/tracebit-setup-creds and memory/security-inc…
Network READ READ ✓ Aligned SKILL.md declares browser (community.tracebit.com, GitHub) and email access — bo…
Shell WRITE WRITE ✓ Aligned SKILL.md references bash scripts; install-tracebit.sh handles CLI binary install…
Environment NONE NONE No environment variable iteration or credential reading; TRACEBIT_API_TOKEN read…
Clipboard NONE NONE Not accessed by any script or documentation
Browser READ READ ✓ Aligned SKILL.md declares browser tool for account creation and OAuth; openclaw browser …
Database NONE NONE Not accessed; canary state stored in local JSON files only
1 High 7 findings
📡
High IP Address 硬编码 IP 地址
1.2.3.4
references/api-reference.md:108
🔗
Medium External URL 外部 URL
https://community.tracebit.com
SKILL.md:5
🔗
Medium External URL 外部 URL
https://community.tracebit.com/cli-login
SKILL.md:123
🔗
Medium External URL 外部 URL
https://community.tracebit.com/api/v1/credentials/issue-credentials
references/api-reference.md:94
🔗
Medium External URL 外部 URL
https://community.tracebit.com/api/v1/credentials/confirm-credentials
references/api-reference.md:138
🔗
Medium External URL 外部 URL
https://attacker.com/payload
references/attack-patterns.md:17
📧
Info Email 邮箱地址
[email protected]
SKILL.md:162

File Tree

12 files · 94.4 KB · 2279 lines
Markdown 7f · 1591L Shell 4f · 651L JSON 1f · 37L
├─ 📁 assets
│ └─ 📋 canary-config.json JSON 37L · 1.3 KB
├─ 📁 references
│ ├─ 📝 api-reference.md Markdown 301L · 9.7 KB
│ ├─ 📝 attack-patterns.md Markdown 137L · 8.6 KB
│ ├─ 📝 canary-types.md Markdown 162L · 6.2 KB
│ ├─ 📝 incident-response-playbook.md Markdown 215L · 9.2 KB
│ ├─ 📝 security-compliance.md Markdown 258L · 13.9 KB
│ └─ 📝 troubleshooting.md Markdown 271L · 5.9 KB
├─ 📁 scripts
│ ├─ 🔧 check-canaries.sh Shell 168L · 5.6 KB
│ ├─ 🔧 install-tracebit.sh Shell 263L · 11.3 KB
│ ├─ 🔧 parse-tracebit-alert.sh Shell 117L · 5.5 KB
│ └─ 🔧 test-canary.sh Shell 103L · 4.5 KB
└─ 📝 SKILL.md Markdown 247L · 12.6 KB

Dependencies 4 items

PackageVersionSourceKnown VulnsNotes
curl system system binary No Used for GitHub API and binary downloads
python3 system system binary No Used for JSON parsing and password generation
jq system system binary No Required by parse-tracebit-alert.sh
tracebit-cli latest (from GitHub releases) github.com/tracebit-com/tracebit-community-cli No SHA256-verified on install; open-source

Security Positives

✓ Comprehensive human-gating: all deployment, remediation, and memory reads require human confirmation
✓ Mandatory SHA256 checksum verification for all binary downloads — cannot be bypassed
✓ All network connections are explicitly declared (community.tracebit.com, GitHub releases)
✓ All filesystem writes are declared and scoped (temp password, incident log, heartbeat check)
✓ No credential exfiltration — canary credentials are decoys; real credentials are never touched
✓ Open-source CLI (github.com/tracebit-com/tracebit-community-cli) with full source auditable
✓ Background daemon documented: only refreshes canary tokens, no data exfiltration
✓ Email access is strictly read-only — searches only for Tracebit alert emails
✓ Messaging is restricted to the user's own configured channel only
✓ Credential placement delegated to CLI only after explicit human approval
✓ No base64, eval, obfuscation, or dynamic code loading
✓ No iteration through environment variables for credential harvesting
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env) by the skill itself
✓ Removal script provided with full cleanup of all components