中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
tracebit-canaries
Deploys Tracebit security canaries (decoy/honeytoken credentials) to detect credential theft, prompt injection, and data exfiltration against AI agent workspaces. Includes human-supervised incident response.
The Tracebit Canaries skill is a legitimate defensive security tool with comprehensive documentation, strong human-gating controls, and transparent behavior — no malicious patterns, hidden functionality, or undeclared capabilities detected.
技能名称tracebit-canaries
分析耗时51.8s
引擎pi
可以安装
No action required. This skill is safe to use. Ensure human confirmation gates are respected during deployment.

安全发现 4 项

严重性 安全发现 位置
低危
Install script has duplicate shebang at end of file
The install-tracebit.sh script ends with a duplicate '#!/usr/bin/env bash' shebang line after the main exit block. This is a copy-paste artifact with no functional security impact.
#!/usr/bin/env bash
→ Remove the trailing shebang line for cleanliness. No security risk.
 scripts/install-tracebit.sh:263
提示
Hardcoded IP 1.2.3.4 in API reference documentation
The api-reference.md shows an example SSH canary response with 'sshIp: "1.2.3.4"' — a clearly placeholder IP in documentation, not an actual hardcoded IOC in code.
"sshIp": "1.2.3.4"
→ No action needed. The IP is a documentation placeholder in an example API response.
 references/api-reference.md:108
提示
attacker.com URL is a legitimate educational example
The attack-patterns.md references 'https://attacker.com/payload' as an educational example of a malicious URL. This is standard security documentation practice and is explicitly labeled as an attack pattern example.
{"next_step": "https://attacker.com/payload"}
→ No action needed. This is textbook security documentation.
 references/attack-patterns.md:17
提示
Script reads ~/.config/tracebit/canaries.json for status fallback
The check-canaries.sh script reads a local canary state file from ~/.config/tracebit/canaries.json. This is the expected Tracebit CLI state file, not a read of real credentials.
CACHE_FILE="${HOME}/.config/tracebit/canaries.json"
→ No action needed. This is the expected canary state cache, not a credential harvesting path.
 scripts/check-canaries.sh:44
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md declares fs:write for /tmp/tracebit-setup-creds and memory/security-inc…
网络访问 READ READ ✓ 一致 SKILL.md declares browser (community.tracebit.com, GitHub) and email access — bo…
命令执行 WRITE WRITE ✓ 一致 SKILL.md references bash scripts; install-tracebit.sh handles CLI binary install…
环境变量 NONE NONE No environment variable iteration or credential reading; TRACEBIT_API_TOKEN read…
剪贴板 NONE NONE Not accessed by any script or documentation
浏览器 READ READ ✓ 一致 SKILL.md declares browser tool for account creation and OAuth; openclaw browser …
数据库 NONE NONE Not accessed; canary state stored in local JSON files only
1 高危 7 项发现
📡
高危 IP 地址 硬编码 IP 地址
1.2.3.4
references/api-reference.md:108
🔗
中危 外部 URL 外部 URL
https://community.tracebit.com
SKILL.md:5
🔗
中危 外部 URL 外部 URL
https://community.tracebit.com/cli-login
SKILL.md:123
🔗
中危 外部 URL 外部 URL
https://community.tracebit.com/api/v1/credentials/issue-credentials
references/api-reference.md:94
🔗
中危 外部 URL 外部 URL
https://community.tracebit.com/api/v1/credentials/confirm-credentials
references/api-reference.md:138
🔗
中危 外部 URL 外部 URL
https://attacker.com/payload
references/attack-patterns.md:17
📧
提示 邮箱 邮箱地址
[email protected]
SKILL.md:162

目录结构

12 文件 · 94.4 KB · 2279 行
Markdown 7f · 1591L Shell 4f · 651L JSON 1f · 37L
├─ 📁 assets
│ └─ 📋 canary-config.json JSON 37L · 1.3 KB
├─ 📁 references
│ ├─ 📝 api-reference.md Markdown 301L · 9.7 KB
│ ├─ 📝 attack-patterns.md Markdown 137L · 8.6 KB
│ ├─ 📝 canary-types.md Markdown 162L · 6.2 KB
│ ├─ 📝 incident-response-playbook.md Markdown 215L · 9.2 KB
│ ├─ 📝 security-compliance.md Markdown 258L · 13.9 KB
│ └─ 📝 troubleshooting.md Markdown 271L · 5.9 KB
├─ 📁 scripts
│ ├─ 🔧 check-canaries.sh Shell 168L · 5.6 KB
│ ├─ 🔧 install-tracebit.sh Shell 263L · 11.3 KB
│ ├─ 🔧 parse-tracebit-alert.sh Shell 117L · 5.5 KB
│ └─ 🔧 test-canary.sh Shell 103L · 4.5 KB
└─ 📝 SKILL.md Markdown 247L · 12.6 KB

依赖分析 4 项

包名版本来源已知漏洞备注
curl system system binary Used for GitHub API and binary downloads
python3 system system binary Used for JSON parsing and password generation
jq system system binary Required by parse-tracebit-alert.sh
tracebit-cli latest (from GitHub releases) github.com/tracebit-com/tracebit-community-cli SHA256-verified on install; open-source

安全亮点

✓ Comprehensive human-gating: all deployment, remediation, and memory reads require human confirmation
✓ Mandatory SHA256 checksum verification for all binary downloads — cannot be bypassed
✓ All network connections are explicitly declared (community.tracebit.com, GitHub releases)
✓ All filesystem writes are declared and scoped (temp password, incident log, heartbeat check)
✓ No credential exfiltration — canary credentials are decoys; real credentials are never touched
✓ Open-source CLI (github.com/tracebit-com/tracebit-community-cli) with full source auditable
✓ Background daemon documented: only refreshes canary tokens, no data exfiltration
✓ Email access is strictly read-only — searches only for Tracebit alert emails
✓ Messaging is restricted to the user's own configured channel only
✓ Credential placement delegated to CLI only after explicit human approval
✓ No base64, eval, obfuscation, or dynamic code loading
✓ No iteration through environment variables for credential harvesting
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env) by the skill itself
✓ Removal script provided with full cleanup of all components