Someone accidentally commits private AWS keys to an open-source project and ends up handing candy to a bitcoin miner. Once committed, these secrets are easily discoverable through GitHub Search, which makes this accidental disclosure additionally dangerous. To combat this and other threats to safe use of open source, Source Clear announced Commit Watcher, a recently open-sourced tool that finds interesting and potentially hazardous commits—both accidental credential leaks and undisclosed security patches.