技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.9
统计:⭐ 1 · 57 · 0 current installs · 0 all-time installs
⭐ 1
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:alessandro-brucato-tracebit/tracebit-canaries
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's requirements, scripts, and runtime instructions are coherent with a canary-deployment + incident-response purpose; requested credentials and tools match the described behavior and sensitive operations are human-gated.
目的
Name/description, required binaries (gog, curl, jq, python3), required env (TRACEBIT_API_TOKEN), and required config paths (plugins.gog.accounts, plugins.messaging) all align with deploying canaries, polling Gmail for alerts, and notifying the user. No unrelated cloud or service credentials are requested.
说明范围
SKILL.md and scripts perform read-only investigations (Gmail via gog, reading memory/ logs, checking local canary caches) and explicitly require human confirmation before write/remediation actions. Reading memory/agent files and local credential locations is sensitive but directly relevant to incident investigation; the skill documents these reads and claims human-gated deployment for writes. Confirm that your agent's memory/ 'memory/' files d…
安装机制
No opaque third-party download hosts: the installer script fetches releases from the GitHub repo and verifies SHA256 checksums, aborting if checksums are absent (unless SKIP_CHECKSUM set). The script may run platform installers and use sudo on macOS/Linux—expected for CLI installation but requires user attention and elevated privileges.
证书
Only TRACEBIT_API_TOKEN is required as the primary credential and is appropriate for interacting with the Tracebit API. Requested OpenClaw config paths (plugins.gog.accounts and plugins.messaging) correspond to Gmail read access and user-channel notifications. No unexplained SECRET/TOKEN/PASSWORD env vars are requested.
持久
Skill is not always-enabled and does not request elevated platform privileges. It delegates credential placement to the Tracebit CLI (which writes canaries into credential locations with human confirmation per SKILL.md). Autonomous invocation is allowed by default but the skill documents human gating for write/remediation steps.
综合结论
This skill appears to do what it says: deploy canary tokens, monitor alert emails, and assist incident investigation. Before installing, verify the Tracebit CLI GitHub repo and release checksums yourself; confirm the TRACEBIT_API_TOKEN scope and that you trust the Tracebit service. Be aware the CLI (not the skill) will place fake credentials into standard locations (e.g., ~/.aws/credentials, ~/.ssh/) — ensure you do not accidentally place cana…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Tracebit Canaries」。简介:End-to-end Tracebit security canary deployment and autonomous threat response f…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/alessandro-brucato-tracebit/tracebit-canaries/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。