canaryScans your OpenClaw environment for leaked secrets — API keys, tokens, credentials in .env files, installed skills, and shell history. Runs silently on startup, deep scans on demand. Fixes issues with your permission.
Install via ClawdBot CLI:
clawdbot install sukiraman/canaryGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
~/.aws/credentialsSends data to undocumented external endpoint (potential exfiltration)
Webhook → https://hooks.slack.com/`Hardcoded API key or token pattern found in skill definition
AKIAIOSFODNN...Calls external URL not in known-safe list
https://hooks.slack.com/`Generated Mar 1, 2026
A tech startup uses Canary to automatically scan their development environment for leaked API keys and credentials in .env files and git repositories during daily operations. This helps prevent accidental exposure of sensitive data in public code commits and ensures compliance with security best practices from the outset.
A freelance developer runs Canary's deep scan before delivering a project to a client, checking for hardcoded secrets in skill directories and shell history. This ensures the client's environment is secure and reduces the risk of credential leaks post-handover, building trust and professionalism.
An enterprise DevOps team integrates Canary into their CI/CD pipeline to perform light scans on startup and deep scans on demand, auditing SSH keys, Kubernetes configs, and Terraform state files. This enforces security policies and mitigates risks from misconfigured permissions in cloud infrastructure.
An instructor uses Canary in a cybersecurity workshop to demonstrate real-time detection of leaked secrets in student environments, such as API keys in .env files or weak SSH permissions. The auto-fix feature with backups provides hands-on learning without risking data loss.
A small business owner runs Canary to scan their OpenClaw setup for exposed credentials in config files and browser password exports, ensuring customer data privacy. The tool's plain-language alerts and guided fixes help non-technical users maintain security without expert knowledge.
Offer Canary as a free basic tool with light scans and limited auto-fixes, while charging for advanced features like scheduled deep scans, compliance reporting, and integration with enterprise security systems. Revenue comes from subscription tiers tailored to individual users and businesses.
License Canary to large organizations as part of their security suite, providing custom integrations, dedicated support, and enhanced scanning for proprietary systems. Revenue is generated through annual licensing fees based on the number of users or endpoints covered.
Provide consulting services to help clients implement and customize Canary for specific environments, such as auditing legacy systems or developing plugins for unique use cases. Revenue comes from project-based fees and ongoing maintenance contracts.
💬 Integration Tip
Integrate Canary into your startup routine by enabling light scans on OpenClaw launch and scheduling periodic deep scans to catch new leaks early.
Scored Apr 19, 2026
Uses known external API (expected, informational)
slack.comAI Analysis
The skill definition contains a hardcoded AWS API key pattern (AKIAIOSFODNN...), indicating potential credential harvesting. It also references sending data to an undocumented external Slack webhook, which is a data exfiltration risk inconsistent with the skill's stated local auditing purpose.
Audited Apr 17, 2026 · audit v1.0
AI language tutor for learning ANY language through conversation, vocab drills, grammar lessons, flashcards, and immersive practice. Use when the user wants to: learn a new language, practice vocabulary, study grammar, do flashcard drills, translate phrases, practice conversation, prepare for travel, learn slang/idioms, or improve pronunciation. Supports ALL languages including Spanish, French, German, Japanese, Chinese (Mandarin/Cantonese), Korean, Arabic, Hindi, Bengali/Bangla, Portuguese, Russian, Italian, Turkish, Vietnamese, Thai, Swahili, Hebrew, Polish, Dutch, Greek, and 100+ more.
Auto-learns how you learn best. Adapts teaching style, format, and depth to you.
AI tutoring and education powered by CellCog. Study guides, exam prep, coding tutorials, language learning, math help, science explanations, practice problem...
Teach, solve, and explore mathematics across all levels with adaptive depth and rigor.
Build effective study habits with spaced repetition, active recall, and session tracking
Create personalized triathlon, marathon, and ultra-endurance training plans. Use when athletes ask for training plans, workout schedules, race preparation, or coaching advice. Can sync with Strava to analyze training history, or work from manually provided fitness data. Generates periodized plans with sport-specific workouts, zones, and race-day strategies.