风险评分

100/100 (Very Low)

OpenClaw: benign
VirusTotal: benign
StaticScan: clean

Fang: protect your env variables from being stealed.

作者: goog
Slug:fang
版本:1.0.0
更新时间:2026-03-25 22:06:55
风险信息

OpenClaw: benign

查看 OpenClaw 分析摘要(前 200 字预览) 
The skill's code and instructions are consistent with its stated purpose (a two‑phase audit that can optionally send code snippets to an LLM), but the LLM phase will transmit scanned script contents t...

[内容已截断]

VirusTotal: benign VT 报告

静态扫描: clean 

No suspicious patterns detected.
README

README 未提供

文件列表

无文件信息

下载
下载官方 ZIP
原始 JSON 数据
{
    "latestVersion": {
        "_creationTime": 1774445968634,
        "_id": "k971yy5pn0a1z9xgfh3hze2w5h83j4k1",
        "changelog": "Initial release: two-phase security audit tool for detecting environment variable theft in skill scripts.\n\n- Static pattern scan across Python and shell files to flag env access, network calls, encoding, and exec usage with automatic risk scoring.\n- (Optional) LLM-powered deep analysis covering multiple script types (.py, .sh, .js, .ts, .ps1, .bash) for sophisticated exfiltration patterns and obfuscation.\n- Produces a structured report rating each file's risk (HIGH\/MEDIUM\/LOW\/CLEAN) and recommends actions.\n- Command-line interface with options for API key\/model selection and report export.\n- Designed for auditing, investigation, and periodic security sweeps of skill directories.",
        "changelogSource": "user",
        "createdAt": 1774445968634,
        "version": "1.0.0"
    },
    "owner": {
        "_creationTime": 0,
        "_id": "s17em2bafnnpytnkgk2apn7p6h83fqsf",
        "displayName": "goog",
        "handle": "goog",
        "image": "https:\/\/avatars.githubusercontent.com\/u\/1488374?v=4",
        "kind": "user",
        "linkedUserId": "kn7ctq5v1c5cbzgkwj06hvfzsd829ccd"
    },
    "ownerHandle": "goog",
    "skill": {
        "_creationTime": 1774445968634,
        "_id": "kd7ez4b0scaj8j9zg8sxj1p69583k090",
        "badges": [],
        "createdAt": 1774445968634,
        "displayName": "Fang: protect your env variables from being stealed.",
        "latestVersionId": "k971yy5pn0a1z9xgfh3hze2w5h83j4k1",
        "ownerPublisherId": "s17em2bafnnpytnkgk2apn7p6h83fqsf",
        "ownerUserId": "kn7ctq5v1c5cbzgkwj06hvfzsd829ccd",
        "slug": "fang",
        "stats": {
            "comments": 0,
            "downloads": 15,
            "installsAllTime": 0,
            "installsCurrent": 0,
            "stars": 0,
            "versions": 1
        },
        "summary": "Protect environment variables from being stolen by malicious skill scripts. Runs a two-phase security audit: (1) static pattern scan via scan_env.py to detec...",
        "tags": {
            "latest": "k971yy5pn0a1z9xgfh3hze2w5h83j4k1"
        },
        "updatedAt": 1774447615682
    }
}