Credential Locations Registry ID Wispera includes a registry of well-known credential storage paths. The locations module auto-detects installed providers and classifies the risk level of discovered credentials. Six built-in providers cover common locations on developer workstations and CI environments.
Provider
Paths
Risk Level
Credential Types
OpenClaw
~/.openclaw/Critical
API keys, bot tokens, OAuth tokens, session keys
AWS
~/.aws/Critical
Access keys, session tokens
SSH
~/.ssh/High
Private keys (RSA, EC, Ed25519)
Docker
~/.docker/Medium
Registry auth tokens
npm
~/.npmrcMedium
Registry auth tokens
Kubernetes
~/.kube/High
Cluster credentials, service account tokens
Detect which providers have credential files present on the system.
import { detectInstalledProviders } from '@id-wispera/core' ;
const installed = await detectInstalledProviders ( ) ;
for ( const provider of installed ) {
console . log ( `${ provider . name } ${ provider . description } ) ;
for ( const loc of provider . locations ) {
console . log ( ` - ${ loc . name } ${ loc . pathPattern } ) ;
}
} from id_wispera .locations import detect_installed_providers
installed = detect_installed_providers ()
for provider in installed :
print (f"{ provider .name } { provider .description } )
for loc in provider .locations :
print (f" - { loc .name } { loc .path_pattern } )import "github.com/anthropics/id-wispera/pkg/locations"
installed := locations .DetectInstalledProviders ()
for _ , provider := range installed {
fmt .Printf ("%s: %s\n " , provider .Name , provider .Description )
for _ , loc := range provider .Locations {
fmt .Printf (" - %s: %s\n " , loc .Description , loc .Path )
}
}Retrieve a specific provider by ID or list all available provider IDs.
import { getProvider , getProviderIds } from '@id-wispera/core' ;
const ids = getProviderIds ( ) ;
// ["openclaw", "aws", "ssh", "docker", "npm", "kubernetes"]
const aws = getProvider ( 'aws' ) ;
if ( aws ) {
console . log ( aws . name ) ; // "AWS"
console . log ( aws . description ) ; // "Amazon Web Services credentials"
} from id_wispera .locations import get_provider , get_provider_ids
ids = get_provider_ids ()
# ["openclaw", "aws", "ssh", "docker", "npm", "kubernetes"]
aws = get_provider ("aws" )
if aws :
print (aws .name ) # "AWS"
print (aws .description ) # "Amazon Web Services credentials" import "github.com/anthropics/id-wispera/pkg/locations"
ids := locations .GetProviderIDs ()
// ["aws", "docker", "kubernetes", "npm", "openclaw", "ssh"]
aws := locations .GetProvider ("aws" )
if aws != nil {
fmt .Println (aws .Name ) // "Amazon Web Services"
fmt .Println (aws .Description ) // "AWS access keys and configuration"
}Credentials are classified into four risk levels. Use sortByRisk to prioritize the most dangerous credentials first, and getRiskLabel for display.
Level
Meaning
Examples
Critical
Full account access, billing exposure
AWS root keys, OpenClaw API keys
High
Significant access, lateral movement risk
SSH private keys, Kubernetes configs
Medium
Scoped access to a single service
Docker registry tokens, npm auth tokens
Low
Informational or limited impact
Allowlists, read-only configs
import { sortByRisk , getRiskLabel } from '@id-wispera/core' ;
const sorted = sortByRisk ( discoveredCredentials ) ;
for ( const cred of sorted ) {
const label = getRiskLabel ( cred . classification . riskLevel ) ;
console . log ( `[${ label } ${ cred . classification . name } ) ;
}
// [CRITICAL] AWS Access Key [default] (AKIAIOSFODNN7EXA...)
// [HIGH] SSH Private Key (id_rsa)
// [MEDIUM] Docker Registry (docker.io) from id_wispera .locations import sort_by_risk , get_risk_label
sorted_creds = sort_by_risk (discovered_credentials )
for cred in sorted_creds :
label = get_risk_label (cred .classification .risk_level )
print (f"[{ label } { cred .classification .name } )import "github.com/anthropics/id-wispera/pkg/locations"
sorted := locations .SortByRisk (discoveredCredentials )
for _ , cred := range sorted {
label := locations .GetRiskLabel (cred .RiskLevel )
fmt .Printf ("[%s] %s\n " , label , cred .Name )
}Provider locations use template variables in paths. The expandPath function resolves these to actual filesystem paths.
import { expandPath } from '@id-wispera/core' ;
const path = expandPath ( '{home}/.aws/credentials' ) ;
// "/home/alice/.aws/credentials"
const custom = expandPath ( '{home}/.openclaw/agents/{agentId}/agent/auth-profiles.json' , {
agentId : 'my-agent' ,
} ) ;
// "/home/alice/.openclaw/agents/my-agent/agent/auth-profiles.json" from id_wispera .locations import expand_path
path = expand_path ("{home}/.aws/credentials" )
# "/home/alice/.aws/credentials"
custom = expand_path (
"{home}/.openclaw/agents/{agentId}/agent/auth-profiles.json" ,
vars = {"agentId" : "my-agent" },
)import "github.com/anthropics/id-wispera/pkg/locations"
path := locations .ExpandPath ("${HOME}/.aws/credentials" , nil )
// "/home/alice/.aws/credentials"
custom := locations .ExpandPath ("${HOME}/.openclaw/agents/${AGENT_ID}/config" , map [string ]string {
"AGENT_ID" : "my-agent" ,
})Provider Location Details The OpenClaw provider scans multiple file types under ~/.openclaw/:
Location
Files
What It Contains
credentials/whatsapp/creds.jsonWhatsApp session keys per account
credentials/*-allowFrom.jsonChannel pairing allowlists
agents/*/agent/auth-profiles.jsonLLM API keys per agent
credentials/oauth.jsonOAuth tokens for connected services
Root
openclaw.jsonTelegram, Slack, Discord bot tokens; gateway token
Location
Files
What It Contains
~/.aws/credentialsAccess key ID and secret access key per profile
~/.aws/configSSO tokens, region configuration
Location
Files
What It Contains
~/.ssh/id_rsa, id_ed25519, id_ecdsaPrivate keys (RSA, Ed25519, ECDSA)
~/.ssh/configSSH host configuration
Location
Files
What It Contains
~/.docker/config.jsonBase64-encoded registry auth tokens
Location
Files
What It Contains
~/.npmrcRegistry auth tokens (_authToken=...)
Location
Files
What It Contains
~/.kube/configCluster endpoints, certificates, bearer tokens