Skip to main content
ID Wispera includes a registry of well-known credential storage paths. The locations module auto-detects installed providers and classifies the risk level of discovered credentials. Six built-in providers cover common locations on developer workstations and CI environments.

Built-in providers

ProviderPathsRisk LevelCredential Types
OpenClaw~/.openclaw/CriticalAPI keys, bot tokens, OAuth tokens, session keys
AWS~/.aws/CriticalAccess keys, session tokens
SSH~/.ssh/HighPrivate keys (RSA, EC, Ed25519)
Docker~/.docker/MediumRegistry auth tokens
npm~/.npmrcMediumRegistry auth tokens
Kubernetes~/.kube/HighCluster credentials, service account tokens

Auto-detection

Detect which providers have credential files present on the system. 
import { detectInstalledProviders } from '@id-wispera/core';

const installed = await detectInstalledProviders();

for (const provider of installed) {
  console.log(`${provider.name}: ${provider.description}`);
  for (const loc of provider.locations) {
    console.log(`  - ${loc.name}: ${loc.pathPattern}`);
  }
}

Looking up providers

Retrieve a specific provider by ID or list all available provider IDs. 
import { getProvider, getProviderIds } from '@id-wispera/core';

const ids = getProviderIds();
// ["openclaw", "aws", "ssh", "docker", "npm", "kubernetes"]

const aws = getProvider('aws');
if (aws) {
  console.log(aws.name);        // "AWS"
  console.log(aws.description); // "Amazon Web Services credentials"
}

Risk classification

Credentials are classified into four risk levels. Use sortByRisk to prioritize the most dangerous credentials first, and getRiskLabel for display.
LevelMeaningExamples
CriticalFull account access, billing exposureAWS root keys, OpenClaw API keys
HighSignificant access, lateral movement riskSSH private keys, Kubernetes configs
MediumScoped access to a single serviceDocker registry tokens, npm auth tokens
LowInformational or limited impactAllowlists, read-only configs
import { sortByRisk, getRiskLabel } from '@id-wispera/core';

const sorted = sortByRisk(discoveredCredentials);
for (const cred of sorted) {
  const label = getRiskLabel(cred.classification.riskLevel);
  console.log(`[${label}] ${cred.classification.name}`);
}
// [CRITICAL] AWS Access Key [default] (AKIAIOSFODNN7EXA...)
// [HIGH] SSH Private Key (id_rsa)
// [MEDIUM] Docker Registry (docker.io)

Path expansion

Provider locations use template variables in paths. The expandPath function resolves these to actual filesystem paths. 
import { expandPath } from '@id-wispera/core';

const path = expandPath('{home}/.aws/credentials');
// "/home/alice/.aws/credentials"

const custom = expandPath('{home}/.openclaw/agents/{agentId}/agent/auth-profiles.json', {
  agentId: 'my-agent',
});
// "/home/alice/.openclaw/agents/my-agent/agent/auth-profiles.json"

Provider location details

OpenClaw

The OpenClaw provider scans multiple file types under ~/.openclaw/:
LocationFilesWhat it contains
credentials/whatsapp/creds.jsonWhatsApp session keys per account
credentials/*-allowFrom.jsonChannel pairing allowlists
agents/*/agent/auth-profiles.jsonLLM API keys per agent
credentials/oauth.jsonOAuth tokens for connected services
Rootopenclaw.jsonTelegram, Slack, Discord bot tokens; gateway token

AWS

LocationFilesWhat it contains
~/.aws/credentialsAccess key ID and secret access key per profile
~/.aws/configSSO tokens, region configuration

SSH

LocationFilesWhat it contains
~/.ssh/id_rsa, id_ed25519, id_ecdsaPrivate keys (RSA, Ed25519, ECDSA)
~/.ssh/configSSH host configuration

Docker

LocationFilesWhat it contains
~/.docker/config.jsonBase64-encoded registry auth tokens

npm

LocationFilesWhat it contains
~/.npmrcRegistry auth tokens (_authToken=...)

Kubernetes

LocationFilesWhat it contains
~/.kube/configCluster endpoints, certificates, bearer tokens

Next steps

Scan & import

Use the locations registry to scan and import credentials into your vault.

Security architecture

Learn about the encryption model that protects discovered credentials.

Passport model

Understand how imported credentials become governed passports.