风险评分

90/100 (Very Low)

OpenClaw: benign
VirusTotal: benign
StaticScan: suspicious

npm defender2

作者: goog
Slug:defender2
版本:1.0.0
更新时间:2026-03-24 15:36:24
风险信息

OpenClaw: benign

查看 OpenClaw 分析摘要(前 200 字预览) 
The skill is internally coherent: it ships a local Python scanner (pua.py) and instructions to run it against npm projects; nothing in the code or instructions attempts network exfiltration or request...

[内容已截断]

VirusTotal: benign VT 报告

静态扫描: suspicious 

Detected: suspicious.dynamic_code_execution
README

README 未提供

文件列表

无文件信息

下载
下载官方 ZIP
原始 JSON 数据
{
    "latestVersion": {
        "_creationTime": 1773903140302,
        "_id": "k973kmk7fv278y8j0y6e5bhrwd836q4a",
        "changelog": "defender2 1.0.0 - Initial release\n\n- Scan npm packages and projects for JavaScript and Windows filename RLO malware.\n- Detects obfuscated code, suspicious PUA characters, and Base64-encoded payloads.\n- Analyzes package.json dependencies and scripts for supply chain attacks.\n- Identifies known malicious packages and suspicious behavior patterns.\n- Includes command-line usage with options for recursive and verbose scanning.",
        "changelogSource": "user",
        "createdAt": 1773903140302,
        "version": "1.0.0"
    },
    "owner": {
        "_creationTime": 0,
        "_id": "publishers:missing",
        "displayName": "goog",
        "handle": "goog",
        "image": "https:\/\/avatars.githubusercontent.com\/u\/1488374?v=4",
        "kind": "user",
        "linkedUserId": "kn7ctq5v1c5cbzgkwj06hvfzsd829ccd"
    },
    "ownerHandle": "goog",
    "skill": {
        "_creationTime": 1773903140302,
        "_id": "kd7d1wjtgha517mkb99k19rees837tby",
        "badges": [],
        "createdAt": 1773903140302,
        "displayName": "npm defender2",
        "latestVersionId": "k973kmk7fv278y8j0y6e5bhrwd836q4a",
        "ownerUserId": "kn7ctq5v1c5cbzgkwj06hvfzsd829ccd",
        "slug": "defender2",
        "stats": {
            "comments": 0,
            "downloads": 45,
            "installsAllTime": 0,
            "installsCurrent": 0,
            "stars": 0,
            "versions": 1
        },
        "summary": "Scan npm packages or projects to detect JavaScript malware, suspicious Base64, private use characters, and known malicious packages with RLO attack detection.",
        "tags": {
            "latest": "k973kmk7fv278y8j0y6e5bhrwd836q4a"
        },
        "updatedAt": 1774337784233
    }
}