← 返回 Skills 市场
121
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install fang
功能描述
Protect environment variables from being stolen by malicious skill scripts. Runs a two-phase security audit: (1) static pattern scan via scan_env.py to detec...
使用说明 (SKILL.md)
FANG — ENV Guard
Two-phase audit tool to detect environment variable theft in skill scripts.
Scripts
| Script | Purpose |
|---|---|
scripts/fang_audit.py |
Main audit runner — static scan + LLM deep analysis |
scripts/scan_env.py |
Static pattern scanner (env / network / encode / exec) |
Phase 1 — Static Scan
Uses scan_env.py regex rules across .py and .sh files.
Risk scoring:
| Flag | Points |
|---|---|
| env access | +2 |
| network call | +3 |
| base64 / encode | +2 |
| exec / subprocess | +2 |
Score ≥ 6 → HIGH · ≥ 3 → MEDIUM · > 0 → LOW · 0 → CLEAN
Phase 2 — LLM Deep Analysis (optional)
Reads all .py .sh .js .ts .ps1 .bash scripts in the target directory and sends them to an OpenAI-compatible LLM. The LLM checks for:
- Env reads combined with outbound HTTP/socket/DNS
- Obfuscation: base64, hex, eval, dynamic imports
- Hardcoded exfiltration endpoints
- Suspicious subprocess chains
Usage
Basic static scan only
python scripts/fang_audit.py \x3Ctarget_dir>
With LLM deep analysis
python scripts/fang_audit.py \x3Ctarget_dir> --llm-key sk-... --model gpt-4o-mini
OpenAI-compatible API (e.g. local Ollama / DeepSeek)
python scripts/fang_audit.py \x3Ctarget_dir> \
--llm-key any \
--model deepseek-chat \
--base-url https://api.deepseek.com/v1
Save report to file
python scripts/fang_audit.py \x3Ctarget_dir> --llm-key sk-... --output report.txt
Scan all workspace skills at once
python scripts/fang_audit.py C:/Users/dad/.openclaw/workspace/skills
Agent Workflow
When the user asks to audit skills for env theft:
- Ask for the target directory (default: workspace
skills/folder) - Run Phase 1 static scan — report summary immediately
- If HIGH or MEDIUM risks found, ask whether to run LLM deep analysis
- If
--llm-keyis available (from env or user), run Phase 2 automatically - Present the final threat report:
- List each risky file with risk level + reason
- Highlight any CRITICAL combined patterns (env read + network send)
- Recommend action: QUARANTINE (HIGH), REVIEW (MEDIUM), MONITOR (LOW)
Risk Response Guide
| Risk Level | Recommended Action |
|---|---|
| 🔴 HIGH | Immediately quarantine the skill, do not run it |
| 🟡 MEDIUM | Manual code review before use |
| 🟢 LOW | Monitor; likely benign but worth noting |
| ✅ CLEAN | Safe to use |
Notes
- The LLM analysis truncates each file to 3000 chars to stay within token limits.
- For very large skill directories, consider scanning one skill at a time.
scan_env.pyonly processes.pyand.shfiles;fang_audit.pyLLM mode also covers.js,.ts,.ps1.
安全使用建议
This tool does what it says: run the static scan locally without any external network calls. If you enable the LLM deep analysis by supplying an API key (or base URL), the tool will send snippets of the scanned files to that external LLM — those snippets can contain secrets or sensitive code. Before using the LLM mode: (1) only provide a key for an endpoint you trust (prefer a local/private LLM endpoint), (2) consider running the static-only scan first and reviewing flagged files locally, (3) avoid scanning directories that contain unrelated sensitive files (run it per-skill or on a copy), and (4) be aware the scanner's heuristics can produce false positives (including flagging the scanner itself). If you need proof-of-concept audit without sending data externally, run python scripts/fang_audit.py <target_dir> without --llm-key.
功能分析
Type: OpenClaw Skill
Name: fang
Version: 1.0.0
The 'fang' skill is a security auditing tool designed to detect environment variable theft in other scripts. It performs a two-phase audit: a static regex-based scan (scan_env.py) and an optional deep analysis (fang_audit.py) that sends script snippets to an OpenAI-compatible LLM for behavioral review. The code is well-documented, lacks obfuscation, and its high-privilege actions (reading local files and making network calls to LLM providers like api.openai.com) are strictly aligned with its stated purpose as a security scanner.
能力评估
Purpose & Capability
The name/description (detect env-var theft) aligns with the included scripts: scan_env.py performs a regex-based static scan and fang_audit.py orchestrates static + optional LLM analysis. There is a small documentation/code mismatch: SKILL.md says Phase 2 runs automatically if an LLM key is available in the environment, but the provided fang_audit.py only uses an explicit --llm-key CLI argument (it does not auto-read a named env var). Otherwise the capabilities requested are proportional to the stated purpose.
Instruction Scope
Phase 1 is local static scanning of .py/.sh (coherent). Phase 2 collects script contents (up to 3000 chars per file) and sends them to an OpenAI-compatible API using the provided key/base_url. Sending full or truncated source code to a remote LLM can leak secrets, credentials, or sensitive code—this is intentional for deep analysis but is a clear privacy/exfiltration risk the user must accept explicitly. Also note the scanner will only statically scan .py/.sh in Phase 1; Phase 2 covers additional extensions (.js/.ts/.ps1), which is consistent but worth noting.
Install Mechanism
No install spec (instruction-only plus included scripts). Nothing is downloaded or executed during install. This minimal footprint is appropriate for a local audit tool.
Credentials
The skill declares no required environment variables or credentials (correct). The only sensitive input the tool accepts is an optional LLM API key (--llm-key or CLI), which is necessary for the stated LLM deep analysis. That key will be used to call the provided base_url (default api.openai.com). Requiring that key is proportionate to the LLM feature, but it is not required for the static scan.
Persistence & Privilege
always is false and the skill does not modify system-wide settings or other skills. It does not request persistent privileges or self-enable behavior.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install fang - 安装完成后,直接呼叫该 Skill 的名称或使用
/fang触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: two-phase security audit tool for detecting environment variable theft in skill scripts.
- Static pattern scan across Python and shell files to flag env access, network calls, encoding, and exec usage with automatic risk scoring.
- (Optional) LLM-powered deep analysis covering multiple script types (.py, .sh, .js, .ts, .ps1, .bash) for sophisticated exfiltration patterns and obfuscation.
- Produces a structured report rating each file's risk (HIGH/MEDIUM/LOW/CLEAN) and recommends actions.
- Command-line interface with options for API key/model selection and report export.
- Designed for auditing, investigation, and periodic security sweeps of skill directories.
元数据
常见问题
Fang: protect your env variables from being stealed. 是什么?
Protect environment variables from being stolen by malicious skill scripts. Runs a two-phase security audit: (1) static pattern scan via scan_env.py to detec... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 121 次。
如何安装 Fang: protect your env variables from being stealed.?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install fang」即可一键安装,无需额外配置。
Fang: protect your env variables from being stealed. 是免费的吗?
是的,Fang: protect your env variables from being stealed. 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Fang: protect your env variables from being stealed. 支持哪些平台?
Fang: protect your env variables from being stealed. 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Fang: protect your env variables from being stealed.?
由 Jay(@goog)开发并维护,当前版本 v1.0.0。
推荐 Skills