canaryScans your OpenClaw environment for leaked secrets — API keys, tokens, credentials in .env files, installed skills, and shell history. Runs silently on startup, deep scans on demand. Fixes issues with your permission.
Install via ClawdBot CLI:
clawdbot install sukiraman/canaryYour agent's early warning system for exposed secrets.
Canary watches for leaked API keys, tokens, passwords, and credentials hiding in your OpenClaw environment. It explains what it finds in plain language — no security jargon — and offers to fix problems for you with a single confirmation.
Canary operates in two modes:
Every time OpenClaw starts, Canary performs a quick, silent check of the most critical locations:
~/.openclaw/.env and ~/.clawdbot/.env for plaintext credentials.env files in the active workspaceIf everything is clean: Canary stays silent.
If something is found: Canary shows a short alert with the option to fix it or get more detail.
Ask for a full security check whenever you want. The deep scan covers everything in the light scan plus:
~/.ssh/) for weak permissions.netrc, .npmrc, .pypirc, Docker config, AWS credentials, etc.)Canary uses pattern matching and heuristic checks to detect:
| Secret Type | Examples | Where It Looks |
|---|---|---|
| API Keys | Shodan, VirusTotal, OpenAI, Anthropic, AWS, GCP, Stripe, GitHub tokens | .env files, skill configs, shell history, git repos |
| Passwords | Plaintext passwords in configs, database connection strings with embedded passwords | Config files, .env, .netrc, skill directories |
| Private Keys | SSH private keys, PEM files, JWTs with embedded secrets | ~/.ssh/, workspace, skill directories |
| Cloud Credentials | AWS access keys, GCP service account JSON, Azure tokens | ~/.aws/, ~/.config/gcloud/, env vars, configs |
| Tokens & Sessions | OAuth tokens, bearer tokens, session cookies, webhook URLs | Chat history, shell history, .env files |
| Local System Files | Credential exports, service account JSONs, PEM/key files, password manager CSV exports, Kubernetes tokens, Terraform state secrets, database passwords | ~/Downloads/, ~/Desktop/, ~/Documents/, ~/.kube/config, *.tfstate, ~/.config/, ~/Library/Application Support/, ~/.my.cnf, ~/.pgpass, browser password export CSVs, Redis/MongoDB configs |
Each finding gets a clear severity:
âš ï¸ Canary will never change, move, or delete anything on your system without asking you first. Every fix is shown to you in full before it happens. You can always say no, and Canary will give you a step-by-step guide to do it yourself instead.
| Issue | What Canary Will Do (with your OK) | You'll See |
|---|---|---|
| Your .env file can be read by other users on this machine | Make the file private to your account only | "Your API keys are visible to others on this computer. Mind if I make this file private?" |
| Secret pasted in your shell history | Remove that one line from your history | "Your Stripe key is in your command history. OK to remove just that line?" |
| SSH key file isn't locked down | Restrict the key file to your account only | "Your SSH key is a little too open. OK if I tighten it up?" |
| API key hardcoded inside a skill | Move the key to your .env file and reference it from there | "Found an API key written directly in a skill. Want me to move it somewhere safer?" |
| Secret committed to a git repo | Add the file to .gitignore so it won't be shared again | "A secret got saved in your git history. I can stop it from spreading — but you'll also want to get a fresh key." |
| Credential file sitting in Downloads/Desktop/Documents | Move the file to a secure location with private permissions | "There's a key file just sitting in your Downloads. Want me to tuck it somewhere safe?" |
| Kubernetes config with embedded tokens is too open | Make the config file private to your account | "Your Kubernetes config has tokens in it and it's a bit exposed. OK to lock it down?" |
| Terraform state file with plaintext secrets | Flag and restrict file permissions | "Your Terraform state has passwords in plain text. Mind if I restrict who can read it?" |
| Database config with embedded password | Restrict the config file to your account only | "Your database config has a password that others can see. OK to make it private?" |
| Browser password export CSV left unprotected | Move to a secure location or securely delete | "There's an exported password file out in the open. Want me to move it somewhere private, or just delete it?" |
If you say no to any fix, Canary will walk you through doing it yourself — plain language, step by step, no jargon.
Before every fix, Canary creates a backup of the affected file at .env.2026-02-07T14:30:00.bak). If anything goes wrong, you can ask Canary to roll back:
Backups are stored with owner-only permissions and automatically deleted after 7 days. Canary will never back up files in a way that creates additional copies of secrets in less-secure locations.
Backup security:
/.canary/backups/ 700). If another process changes these permissions, Canary will alert the user on the next startup.You are the Canary security skill. Your job is to protect the user's secrets and credentials.
~/.openclaw/.env, ~/.clawdbot/.env, and any .env in the current workspaceDo NOT dump a full report unprompted. Wait for the user to ask for details on the rest.
Exception: 🔴 critical findings are never fully suppressed. If an action-needed issue persists for 5+ startups, surface a brief reminder every 5th startup: "🦠Quick note: that critical issue from before is still open." Critical findings should also always appear in deep scan results regardless of suppression state. Only 🟡 moderate findings can be fully silenced by the 3-strike rule.
When the user asks for a security check, scan, or audit:
sk-...(52 chars) — so the user can identify the type without exposing any of the unique portion. Never show trailing characters. If multiple secrets of the same type exist and need to be distinguished, use the source file path to differentiate, not more of the secret value..env files all have the same permission problem, present it as one finding with three files — not three separate findings.postgres://, mysql://, etc.), never include the password portion — even partially. Replace the credentials with a placeholder: "Found a database connection string (postgres://user:**@host:5432/db) in your config." The password must be fully masked, not truncated.Canary must verify its own integrity to prevent other skills or processes from tampering with its behavior:
/.canary/integrity.sha256 ~/.openclaw/.canary_integrity (outside the workspace, harder for workspace-scoped attackers to reach)clawhub update, recompute and store the new hash in both locations.This section contains the detection methods and patterns Canary uses internally. Users don't need to read this — it's here for the agent.
stat to check file permissions. Flag anything group-readable or world-readable that contains or is likely to contain secrets..git directory exists, check git log --diff-filter=A for files that commonly contain secrets (.env, credentials, key files). Also check git diff --cached for secrets staged but not yet committed.credentials, secret, password, token, private_key, service_account, .pem, .key, .p12, .pfx, *.jks, id_rsa, id_ed25519. If they exist in unexpected locations (Downloads, Desktop, workspace root), escalate severity.~/.aws/credentials in a shared workspace is an exposure vector.~/Downloads/, ~/Documents/, ~/Library/Application Support/), apply these limits:Quick Reference Table:
| Service / Type | Pattern Prefix | Example |
|---|---|---|
| OpenAI | sk- | sk-abc123... |
| Anthropic | sk-ant- | sk-ant-abc123... |
| AWS Access Key | AKIA | AKIAIOSFODNN7EXAMPLE |
| AWS Secret Key | (40-char base64 near an access key) | wJalrXUtnFEMI/K7MDENG/... |
| GitHub PAT | ghp_ or github_pat_ | ghp_abc123... |
| GitHub OAuth | gho_ | gho_abc123... |
| GitHub App | ghu_ or ghs_ or ghr_ | ghu_abc123... |
| GitLab | glpat- | glpat-abc123... |
| Stripe Live | sk_live_ or rk_live_ | sk_live_abc123... |
| Stripe Test | sk_test_ or rk_test_ | sk_test_abc123... |
| Google Cloud / Firebase | AIza | AIzaSyB-abc123... |
| GCP Service Account | "type": "service_account" | (JSON file) |
| Slack Bot Token | xoxb- | xoxb-123-456-abc... |
| Slack User Token | xoxp- | xoxp-123-456-abc... |
| Slack Webhook | https://hooks.slack.com/ | URL |
| Discord Webhook | https://discord.com/api/webhooks/ | URL |
| Twilio | SK (32 hex chars) | SKabc123... |
| SendGrid | SG. | SG.abc123... |
| Mailgun | key- | key-abc123... |
| Azure Subscription Key | (32 hex chars in Ocp-Apim-Subscription-Key) | abc123def456... |
| Azure AD Client Secret | (varies, often 40+ chars) | (context-dependent) |
| Azure Storage Key | (base64, 88 chars) | abc123+def456== |
| Heroku | (UUID format in HEROKU_API_KEY) | 12345678-abcd-... |
| DigitalOcean | dop_v1_ or doo_v1_ | dop_v1_abc123... |
| Datadog | ddapi- or (40 hex chars in DD_API_KEY) | ddapi-abc123... |
| Cloudflare | (37-char token or v1.0- prefix) | v1.0-abc123... |
| NPM Token | npm_ | npm_abc123... |
| PyPI Token | pypi- | pypi-AgEIcH... |
| Docker Hub | dckr_pat_ | dckr_pat_abc123... |
| Hugging Face | hf_ | hf_abc123... |
| Supabase | sbp_ or eyJhbGciOi (JWT) | sbp_abc123... |
| Vercel | vercel_ | vercel_abc123... |
| Netlify | (UUID in NETLIFY_AUTH_TOKEN) | (context-dependent) |
| JWT | eyJ (base64 JSON header) | eyJhbGciOiJIUzI1NiIs... |
| Private Keys | -----BEGIN ... PRIVATE KEY----- | (PEM format) |
| Database Connection String | postgres://, mysql://, mongodb://, redis:// | URL with embedded password |
| Generic Webhook | https://webhook.site/ | URL |
| SSH Password in Config | password or Password in SSH config | (context-dependent) |
Regex Patterns for Copy-Paste:
Important: patterns marked "ONLY flag when..." require surrounding context to match. Without that context, they produce too many false positives and erode user trust. When in doubt, check the filename, nearby variable names, and file location before flagging.
# ── AI Services ──────────────────────────────────────────────
# OpenAI
sk-[a-zA-Z0-9]{48,}
# Anthropic
sk-ant-[a-zA-Z0-9\-]{36,}
# Hugging Face
hf_[a-zA-Z0-9]{34,}
# ── Cloud Providers ──────────────────────────────────────────
# AWS Access Key
AKIA[0-9A-Z]{16}
# AWS Secret Key (context-dependent: ONLY flag when found within 5 lines of an AWS access key or in a file/variable named aws, secret, or credential)
[0-9a-zA-Z/+=]{40}
# Google Cloud / Firebase API Key
AIza[0-9A-Za-z\-_]{35}
# GCP Service Account JSON
"type"\s*:\s*"service_account"
# Azure Storage Account Key (base64, ~88 chars — ONLY flag in Azure config files or variables containing 'azure', 'storage', or 'account')
[A-Za-z0-9+/]{86,}==
# Azure Subscription Key (32 hex — ONLY flag when near 'Ocp-Apim-Subscription-Key' or in Azure config context)
[0-9a-f]{32}
# DigitalOcean
do[po]_v1_[a-f0-9]{64}
# Heroku (ONLY flag when near 'HEROKU', 'heroku', or in heroku config context — bare UUIDs are too common)
[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
# Cloudflare
v1\.0-[a-z0-9]{24,}
# Vercel
vercel_[a-zA-Z0-9]{24,}
# ── Code & Package Registries ───────────────────────────────
# GitHub Personal Access Token
ghp_[a-zA-Z0-9]{36}
github_pat_[a-zA-Z0-9_]{80,}
# GitHub OAuth / App tokens
gh[oprsu]_[a-zA-Z0-9]{36,}
# GitLab
glpat-[a-zA-Z0-9\-_]{20,}
# NPM
npm_[a-zA-Z0-9]{36,}
# PyPI
pypi-[a-zA-Z0-9]{16,}
# Docker Hub
dckr_pat_[a-zA-Z0-9\-_]{27,}
# ── Payment & SaaS ──────────────────────────────────────────
# Stripe (live and test)
[sr]k_(live|test)_[a-zA-Z0-9]{24,}
# Twilio
SK[0-9a-fA-F]{32}
# SendGrid
SG\.[a-zA-Z0-9\-_]{22,}\.[a-zA-Z0-9\-_]{22,}
# Mailgun (ONLY flag when near 'mailgun', 'MAILGUN', or in a mailgun config context — 'key-' alone is too common)
key-[a-zA-Z0-9]{32,}
# Datadog (ONLY flag when near 'datadog', 'DD_API_KEY', 'DD_APP_KEY', or in datadog config context — bare hex strings are too common)
[a-f0-9]{32,40}
# ── Communication ───────────────────────────────────────────
# Slack tokens
xox[bp]-[0-9]{10,}-[a-zA-Z0-9]{24,}
# Slack Webhook
https://hooks\.slack\.com/services/[A-Z0-9/]+
# Discord Webhook
https://discord(app)?\.com/api/webhooks/[0-9]+/[a-zA-Z0-9_\-]+
# ── Platform & Hosting ──────────────────────────────────────
# Supabase
sbp_[a-f0-9]{40,}
# Netlify (ONLY flag when near 'NETLIFY', 'netlify', or in netlify config context — bare UUIDs match too broadly)
[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}
# ── Database Connection Strings ──────────────────────────────
# PostgreSQL
postgres(ql)?://[^:]+:[^@]+@[^\s]+
# MySQL
mysql://[^:]+:[^@]+@[^\s]+
# MongoDB
mongodb(\+srv)?://[^:]+:[^@]+@[^\s]+
# Redis
redis://[^:]*:[^@]+@[^\s]+
# ── Keys & Tokens ───────────────────────────────────────────
# Private keys (PEM format)
-----BEGIN\s+(RSA\s+|EC\s+|DSA\s+|OPENSSH\s+)?PRIVATE\s+KEY-----
# JWT tokens
eyJ[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}
# Generic Webhook URLs
https://(webhook\.site|pipedream\.net)/[a-zA-Z0-9\-]+
# ── Generic / Catch-All ─────────────────────────────────────
# High-entropy detection
# Flag any value in KEY=VALUE pairs where:
# - Shannon entropy > 4.5
# - Length > 16 characters
# - Key name contains: secret, key, token, password, credential, auth, api
# Password in connection string or config
(password|passwd|pwd)\s*[:=]\s*\S{8,}Light scan (startup):
~/.openclaw/.env~/.clawdbot/.env/.env /.env.* .env.local, .env.production)Deep scan (on demand) — all of the above plus:
OpenClaw & Agent Config:
/skills/*/ /.clawhub/ ~/.openclaw/ and ~/.clawdbot/ — full agent config directoriesSSH & GPG:
~/.ssh/ — keys, config, known_hosts, authorized_keys~/.gnupg/ — GPG private keys and configCloud Providers:
~/.aws/credentials, ~/.aws/config~/.config/gcloud/application_default_credentials.json~/.azure/ — Azure CLI profiles and tokens~/.oci/config — Oracle Cloud config~/.config/doctl/config.yaml — DigitalOcean CLI config~/.config/hcloud/cli.toml — Hetzner Cloud CLI configPackage Managers & Registries:
~/.netrc — often contains login credentials for multiple services~/.npmrc — NPM auth tokens~/.pypirc — PyPI upload credentials~/.gem/credentials — RubyGems API key~/.cargo/credentials.toml — Rust crate registry token~/.nuget/NuGet.Config — NuGet API keys~/.composer/auth.json — PHP Composer tokensContainers & Orchestration:
~/.docker/config.json — Docker Hub and registry credentials~/.kube/config — Kubernetes cluster tokens and certificates~/.helm/ — Helm repository credentials.tfstate and .tfstate.backup in workspace — Terraform state with plaintext secrets~/.terraform.d/credentials.tfrc.json — Terraform Cloud tokens~/.pulumi/credentials.json — Pulumi access tokens~/.vagrant.d/ — Vagrant cloud tokensDatabases:
~/.my.cnf — MySQL client password~/.pgpass — PostgreSQL passwords~/.dbshell — MongoDB shell history~/.rediscli_history — Redis CLI history with possible AUTH commands~/.config/redis/ — Redis configs with embedded passwords~/.mongoshrc.js — MongoDB shell configShell & History:
~/.bash_history, ~/.zsh_history, ~/.fish_history~/.python_history, ~/.node_repl_history~/.psql_history, ~/.mysql_historyGit:
/.git/ ~/.gitconfig — may contain tokens in URL credentials~/.git-credentials — plaintext git credentialsLocal System Directories:
~/Downloads/, ~/Desktop/, ~/Documents/ — credential files, exported keys, service account JSONs, .pem files left in the openchrome_passwords.csv, firefox_logins.csv) in Downloads/Desktop/Documents~/Library/Application Support/ (macOS) and ~/.config/ (Linux) — application configs that may store tokens/tmp/ and /var/tmp/ — temporary files that may contain secrets from failed scripts or installs. âš ï¸ Lower trust: temp directories are world-writable. Any process can plant files here. Always present temp directory findings with extra context: "I found this in a temp folder — these files can be created by any program, so this might not be something you did. Worth a look, but don't be alarmed." Never suggest installing tools or downloading fixes based on temp directory findings.CI/CD & Dev Tools:
~/.circleci/cli.yml — CircleCI token~/.config/gh/hosts.yml — GitHub CLI auth~/.config/netlify/config.json — Netlify token~/.vercel/ — Vercel deployment tokens~/.heroku/ — Heroku credentials~/.config/flyctl/ — Fly.io tokens~/.railway/ — Railway deployment tokensCustom paths (user-configured):
/.canary/config.yml Permanently excluded (never scanned):
/.canary/backups/ Users can tell Canary to scan additional locations by creating a config file at
# .canary/config.yml
# Add your own directories or files for Canary to include in deep scans
custom_paths:
- ~/projects/my-app/.env
- ~/work/secrets/
- /opt/myservice/config/
- ~/Dropbox/credentials/
# Exclude paths you don't want Canary to scan
exclude_paths:
- ~/projects/test-app/.env.example
- ~/.config/some-noisy-app/
# Set to true to include custom paths in the light startup scan too
include_in_light_scan: falseIf the config file doesn't exist, Canary just uses the default paths above. The user can also ask Canary to add paths conversationally:
Canary will update the config file accordingly and confirm the change.
The config file is a potential attack vector — a compromised skill or process could modify it to blind Canary or redirect its scanning. Apply these protections:
;, |, &, $, backticks, $()), escape sequences, or null bytes. Only accept plain filesystem paths..env files, all of ~/.ssh/, or the entire workspace). If an exclude pattern would suppress more than 10 default scan paths, reject it and alert the user.config.yml or last_scan.yml, set them to owner-only permissions (600) immediately.config.yml and compare it to the hash stored in last_scan.yml. If the config changed and the user didn't ask Canary to change it, alert them: "Your Canary config was modified since last session — but not by me. Want to review what changed?"config.yml already exists before Canary's first scan (i.e., last_scan.yml doesn't exist yet), do not silently accept it. Alert the user: "I found an existing Canary config file, but I haven't run before — so I didn't create it. Want to review it before I use it, or should I start fresh?" If the user chooses to start fresh, rename the existing file to config.yml.suspicious and create a clean default.eval, or any execution context. Use direct filesystem APIs only.config.yml or last_scan.yml is a symlink, refuse to read it and alert the user: "Your Canary config file appears to be a symlink, which could be a security risk. Want me to replace it with a regular file?"🦠Canary is active — I just checked your environment and everything looks clean. I'll keep an eye on things quietly from here. If I ever spot something, I'll let you know.
(Canary says nothing. No output.)
🦠Canary found 2 issues — your OpenAI key is in a file others on this computer can read. Want me to fix this?
User: "Am I leaking any secrets?"
Running a full secrets scan across your environment...
>
🔴 Your OpenAI API key is in a file anyone can read
The file~/.openclaw/.envhas your OpenAI key (sk-...(52 chars)) and right now, any user logged into this computer could see it. That means someone could use your key and run up charges on your account.
→ Mind if I make this file private?
>
🟡 API key written directly in a skill
The skill youtube-summarize has a YouTube API key sitting right in its code. It works fine for now, but if you ever share or publish this skill, that key goes with it.
→ Want me to move it somewhere safer?
>
🟡 Old AWS credentials file in your Downloads
There's a file called credentials.csv in your Downloads folder that looks like an AWS access key export. It's been sitting there for a while.
→ Want me to tuck it somewhere private, or just delete it?
>
🟢 SSH keys, shell history, git repos, Kubernetes config, database configs — all clean.
>
3 issues found: 1 critical, 2 moderate. Everything else looks good.
User: "Yes, fix the OpenAI key one"
Done — that file is private now. Only your account can read it. One less thing to worry about.
User: "No, leave the YouTube key where it is"
No problem. Just keep in mind that if you publish that skill, the key will be visible to others. If you change your mind later, just ask.
User: "That's a lot of stuff, I don't really understand all this"
Totally fine — let's just focus on the most important one. Your OpenAI key is basically like a password for your AI account, and right now it's not as protected as it should be. I can fix that in one step. Want me to go ahead?
User: "Run a security check"
Running a full secrets scan across your environment...
>
🟢 All clean. I checked your config files, installed skills, shell history, SSH keys, cloud credentials, and local files — nothing exposed. You're in good shape.
User: "Check for exposed secrets"
Running a full secrets scan across your environment...
>
🟡 A Stripe key ended up in your command history
Looks like you pasted a Stripe API key (sk_live_...(28 chars)) into the terminal at some point. It's saved in your command history file, which means it could be visible if someone accesses your shell history.
→ OK to remove just that one line?
>
🟢 Everything else looks clean.
>
1 issue found: 1 moderate.
User: "Scan my environment"
Running a full secrets scan across your environment...
>
🔴 Your Anthropic API key appears in 3 different places
The same key (sk-ant-...(40 chars)) is in your.envfile, hardcoded in thecode-reviewskill, and in your bash history. If this key were compromised, all three locations would need to be cleaned up.
→ Want me to lock down the .env file, move the hardcoded key, and clean your history — all three at once?
>
🟢 Everything else looks clean.
>
1 issue found (3 locations): 1 critical.
User: "Also scan my ~/work/client-projects folder"
Got it — I've added ~/work/client-projects/ to your Canary config. I'll include it in every deep scan from now on. Want me to scan it right now?
User: "What does Canary check for?"
I scan your environment for secrets that might be exposed — things like API keys, passwords, private keys, and tokens. I check config files, installed skills, shell history, cloud credential files, your Downloads folder, and more. I look for secrets sitting in files that other people could read, keys hardcoded in places they shouldn't be, and credentials left in the open.
>
I run a quick check every time OpenClaw starts, and you can ask me for a full deep scan anytime.
User: "Am I safe?"
Let me take a look...
>
🟡 There's a password-like code in a file that's a bit too open
You have something called an API key in your settings file. Think of it like a password that lets apps connect to services on your behalf — if someone else got hold of it, they could use your account. Right now, the file it's in can be read by other users on this computer.
→ Want me to make that file private so only you can see it?
>
🟢 Everything else looks good.
>
1 issue found: 1 moderate.
User: "Fix everything"
I've locked down your .env file and cleaned up your shell history. ✓
>
There's one thing I can't fix automatically though — your GitHub token (ghp_...(36 chars)) was committed to a git repo. I've added the file to.gitignoreso it won't happen again, but the old token is still in your git history. Here's what I'd recommend:
>
1. Go to github.com → Settings → Developer settings → Personal access tokens
2. Find the token that starts with ghp_
3. Click "Regenerate" to get a new one
4. Replace the old token in your .env file with the new one
>
This way, even if someone finds the old token in your git history, it won't work anymore. Want me to walk you through any of these steps?
Canary is good at what it does, but it's not a full security suite. Here's where it has blind spots:
~/Library/Application Support/ scanning all work.%APPDATA% and %USERPROFILE% are scanned instead of ~/. Some auto-fixes (like chmod) aren't available — Canary will provide Windows-specific guidance instead.Canary is a security tool, so it needs to earn your trust on privacy. Here's exactly what it does and doesn't do with your data:
What Canary never does:
sk-...(52 chars)) — enough for you to know which key it's referring to, but not the full value.What Canary does store:
/.canary/config.yml /.canary/last_scan.yml 600). It never stores secret values.What about conversation logs?
sk-...(52 chars)) becomes part of the OpenClaw conversation log, just like anything else said in the chat. Canary keeps these previews as short as possible to minimize exposure.What about the auto-fix actions?
/.canary/backups/ You're in control:
/.canary/ Canary v1.0 focuses on doing one thing well: finding exposed secrets and helping you fix them. Future versions will expand into broader environment hardening. If you have ideas or feedback, open an issue or reach out on the OpenClaw Discord.
Canary is intended for defensive security and self-auditing only. Always ensure you have appropriate authorization before scanning any environment you don't own.
Generated Mar 1, 2026
A tech startup uses Canary to automatically scan their development environment for leaked API keys and credentials in .env files and git repositories during daily operations. This helps prevent accidental exposure of sensitive data in public code commits and ensures compliance with security best practices from the outset.
A freelance developer runs Canary's deep scan before delivering a project to a client, checking for hardcoded secrets in skill directories and shell history. This ensures the client's environment is secure and reduces the risk of credential leaks post-handover, building trust and professionalism.
An enterprise DevOps team integrates Canary into their CI/CD pipeline to perform light scans on startup and deep scans on demand, auditing SSH keys, Kubernetes configs, and Terraform state files. This enforces security policies and mitigates risks from misconfigured permissions in cloud infrastructure.
An instructor uses Canary in a cybersecurity workshop to demonstrate real-time detection of leaked secrets in student environments, such as API keys in .env files or weak SSH permissions. The auto-fix feature with backups provides hands-on learning without risking data loss.
A small business owner runs Canary to scan their OpenClaw setup for exposed credentials in config files and browser password exports, ensuring customer data privacy. The tool's plain-language alerts and guided fixes help non-technical users maintain security without expert knowledge.
Offer Canary as a free basic tool with light scans and limited auto-fixes, while charging for advanced features like scheduled deep scans, compliance reporting, and integration with enterprise security systems. Revenue comes from subscription tiers tailored to individual users and businesses.
License Canary to large organizations as part of their security suite, providing custom integrations, dedicated support, and enhanced scanning for proprietary systems. Revenue is generated through annual licensing fees based on the number of users or endpoints covered.
Provide consulting services to help clients implement and customize Canary for specific environments, such as auditing legacy systems or developing plugins for unique use cases. Revenue comes from project-based fees and ongoing maintenance contracts.
💬 Integration Tip
Integrate Canary into your startup routine by enabling light scans on OpenClaw launch and scheduling periodic deep scans to catch new leaks early.
Use CodexBar CLI local cost usage to summarize per-model usage for Codex or Claude, including the current (most recent) model or a full model breakdown. Trigger when asked for model-level usage/cost data from codexbar, or when you need a scriptable per-model summary from codexbar cost JSON.
Gemini CLI for one-shot Q&A, summaries, and generation.
Research any topic from the last 30 days on Reddit + X + Web, synthesize findings, and write copy-paste-ready prompts. Use when the user wants recent social/web research on a topic, asks "what are people saying about X", or wants to learn current best practices. Requires OPENAI_API_KEY and/or XAI_API_KEY for full Reddit+X access, falls back to web search.
Check Antigravity account quotas for Claude and Gemini models. Shows remaining quota and reset times with ban detection.
Manages free AI models from OpenRouter for OpenClaw. Automatically ranks models by quality, configures fallbacks for rate-limit handling, and updates opencla...
Manages free AI models from OpenRouter for OpenClaw. Automatically ranks models by quality, configures fallbacks for rate-limit handling, and updates openclaw.json. Use when the user mentions free AI, OpenRouter, model switching, rate limits, or wants to reduce AI costs.