← Back to Skills Marketplace
goog

Fang: protect your env variables from being stealed.

by Jay · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
121
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install fang
Description
Protect environment variables from being stolen by malicious skill scripts. Runs a two-phase security audit: (1) static pattern scan via scan_env.py to detec...
README (SKILL.md)

FANG — ENV Guard

Two-phase audit tool to detect environment variable theft in skill scripts.

Scripts

Script Purpose
scripts/fang_audit.py Main audit runner — static scan + LLM deep analysis
scripts/scan_env.py Static pattern scanner (env / network / encode / exec)

Phase 1 — Static Scan

Uses scan_env.py regex rules across .py and .sh files.

Risk scoring:

Flag Points
env access +2
network call +3
base64 / encode +2
exec / subprocess +2

Score ≥ 6 → HIGH · ≥ 3 → MEDIUM · > 0 → LOW · 0 → CLEAN

Phase 2 — LLM Deep Analysis (optional)

Reads all .py .sh .js .ts .ps1 .bash scripts in the target directory and sends them to an OpenAI-compatible LLM. The LLM checks for:

  • Env reads combined with outbound HTTP/socket/DNS
  • Obfuscation: base64, hex, eval, dynamic imports
  • Hardcoded exfiltration endpoints
  • Suspicious subprocess chains

Usage

Basic static scan only

python scripts/fang_audit.py \x3Ctarget_dir>

With LLM deep analysis

python scripts/fang_audit.py \x3Ctarget_dir> --llm-key sk-... --model gpt-4o-mini

OpenAI-compatible API (e.g. local Ollama / DeepSeek)

python scripts/fang_audit.py \x3Ctarget_dir> \
  --llm-key any \
  --model deepseek-chat \
  --base-url https://api.deepseek.com/v1

Save report to file

python scripts/fang_audit.py \x3Ctarget_dir> --llm-key sk-... --output report.txt

Scan all workspace skills at once

python scripts/fang_audit.py C:/Users/dad/.openclaw/workspace/skills

Agent Workflow

When the user asks to audit skills for env theft:

  1. Ask for the target directory (default: workspace skills/ folder)
  2. Run Phase 1 static scan — report summary immediately
  3. If HIGH or MEDIUM risks found, ask whether to run LLM deep analysis
  4. If --llm-key is available (from env or user), run Phase 2 automatically
  5. Present the final threat report:
    • List each risky file with risk level + reason
    • Highlight any CRITICAL combined patterns (env read + network send)
    • Recommend action: QUARANTINE (HIGH), REVIEW (MEDIUM), MONITOR (LOW)

Risk Response Guide

Risk Level Recommended Action
🔴 HIGH Immediately quarantine the skill, do not run it
🟡 MEDIUM Manual code review before use
🟢 LOW Monitor; likely benign but worth noting
✅ CLEAN Safe to use

Notes

  • The LLM analysis truncates each file to 3000 chars to stay within token limits.
  • For very large skill directories, consider scanning one skill at a time.
  • scan_env.py only processes .py and .sh files; fang_audit.py LLM mode also covers .js, .ts, .ps1.
Usage Guidance
This tool does what it says: run the static scan locally without any external network calls. If you enable the LLM deep analysis by supplying an API key (or base URL), the tool will send snippets of the scanned files to that external LLM — those snippets can contain secrets or sensitive code. Before using the LLM mode: (1) only provide a key for an endpoint you trust (prefer a local/private LLM endpoint), (2) consider running the static-only scan first and reviewing flagged files locally, (3) avoid scanning directories that contain unrelated sensitive files (run it per-skill or on a copy), and (4) be aware the scanner's heuristics can produce false positives (including flagging the scanner itself). If you need proof-of-concept audit without sending data externally, run python scripts/fang_audit.py <target_dir> without --llm-key.
Capability Analysis
Type: OpenClaw Skill Name: fang Version: 1.0.0 The 'fang' skill is a security auditing tool designed to detect environment variable theft in other scripts. It performs a two-phase audit: a static regex-based scan (scan_env.py) and an optional deep analysis (fang_audit.py) that sends script snippets to an OpenAI-compatible LLM for behavioral review. The code is well-documented, lacks obfuscation, and its high-privilege actions (reading local files and making network calls to LLM providers like api.openai.com) are strictly aligned with its stated purpose as a security scanner.
Capability Assessment
Purpose & Capability
The name/description (detect env-var theft) aligns with the included scripts: scan_env.py performs a regex-based static scan and fang_audit.py orchestrates static + optional LLM analysis. There is a small documentation/code mismatch: SKILL.md says Phase 2 runs automatically if an LLM key is available in the environment, but the provided fang_audit.py only uses an explicit --llm-key CLI argument (it does not auto-read a named env var). Otherwise the capabilities requested are proportional to the stated purpose.
Instruction Scope
Phase 1 is local static scanning of .py/.sh (coherent). Phase 2 collects script contents (up to 3000 chars per file) and sends them to an OpenAI-compatible API using the provided key/base_url. Sending full or truncated source code to a remote LLM can leak secrets, credentials, or sensitive code—this is intentional for deep analysis but is a clear privacy/exfiltration risk the user must accept explicitly. Also note the scanner will only statically scan .py/.sh in Phase 1; Phase 2 covers additional extensions (.js/.ts/.ps1), which is consistent but worth noting.
Install Mechanism
No install spec (instruction-only plus included scripts). Nothing is downloaded or executed during install. This minimal footprint is appropriate for a local audit tool.
Credentials
The skill declares no required environment variables or credentials (correct). The only sensitive input the tool accepts is an optional LLM API key (--llm-key or CLI), which is necessary for the stated LLM deep analysis. That key will be used to call the provided base_url (default api.openai.com). Requiring that key is proportionate to the LLM feature, but it is not required for the static scan.
Persistence & Privilege
always is false and the skill does not modify system-wide settings or other skills. It does not request persistent privileges or self-enable behavior.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install fang
  3. After installation, invoke the skill by name or use /fang
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: two-phase security audit tool for detecting environment variable theft in skill scripts. - Static pattern scan across Python and shell files to flag env access, network calls, encoding, and exec usage with automatic risk scoring. - (Optional) LLM-powered deep analysis covering multiple script types (.py, .sh, .js, .ts, .ps1, .bash) for sophisticated exfiltration patterns and obfuscation. - Produces a structured report rating each file's risk (HIGH/MEDIUM/LOW/CLEAN) and recommends actions. - Command-line interface with options for API key/model selection and report export. - Designed for auditing, investigation, and periodic security sweeps of skill directories.
Metadata
Slug fang
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Fang: protect your env variables from being stealed.?

Protect environment variables from being stolen by malicious skill scripts. Runs a two-phase security audit: (1) static pattern scan via scan_env.py to detec... It is an AI Agent Skill for Claude Code / OpenClaw, with 121 downloads so far.

How do I install Fang: protect your env variables from being stealed.?

Run "/install fang" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Fang: protect your env variables from being stealed. free?

Yes, Fang: protect your env variables from being stealed. is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Fang: protect your env variables from being stealed. support?

Fang: protect your env variables from being stealed. is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Fang: protect your env variables from being stealed.?

It is built and maintained by Jay (@goog); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments