⚠️Install with caution. This skill has very few installs. Always review the source and verify it on clawhub.ai before installing. Community-built skills run with agent permissions — only install ones you trust.

🔐 Security & Audit

Fang: protect your env variables from being stealed.v1.0.0

Name: Fang: protect your env variables from being stealed.
Author: goog

fang

goog

Protect environment variables from being stolen by malicious skill scripts. Runs a two-phase security audit: (1) static pattern scan via scan_env.py to detec...

latest

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

304

Stars

CreatedMar 25, 2026

UpdatedMar 25, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install goog/fang

Skill Package3 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B57/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation4/35

· 204 downloads (low demand)
· No tracked installs (may still have real users via manual install)

Documentation20/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description
· Detailed summary

Package Completeness8/15

· skillAssets present (2 files)

💡

Usage Guide

Generated May 23, 2026

Security Engineers and DevSecOps ProfessionalsAI Agent Platform Administrators and Skill Developersbeginner

💡 Application Scenarios

Open-Source Project OnboardingOpen-Source Software

A maintainer audits all contributed skill scripts before merging to ensure no hidden env theft. Fang scans static patterns and optionally runs LLM deep analysis to flag obfuscated exfiltration code.

Enterprise Internal Tool SecurityEnterprise IT / Cybersecurity

A security engineer periodically sweeps the shared skill directory in a corporate AI agent platform. Fang detects any script that reads environment variables and sends them to external endpoints, preventing API key leakage.

Marketplace Skill VettingAI Marketplace

A skill marketplace operator uses Fang to pre-audit every new submission. The two-phase audit catches both obvious and sophisticated theft patterns before listing, protecting all users.

Personal Developer Workstation AuditSoftware Development

A developer downloads several community skills and runs Fang on their local skills folder. They get a quick risk summary and decide which skills to keep or quarantine based on threat levels.

Compliance Audit for Regulated EnvironmentsFinance / Healthcare

A compliance officer in finance or healthcare runs Fang as part of a quarterly security review. The tool ensures no skill scripts exfiltrate sensitive environment variables, meeting internal policy requirements.

💼 Business Models

Freemium SaaS ToolSubscription fees (monthly/annual) based on number of scans or users

Offer Fang as a free CLI tool for basic static scans, with a premium tier that provides advanced LLM analysis, centralized reporting dashboard, and API access for CI/CD pipelines. Revenue from monthly subscriptions for teams and enterprises.

Managed Security ServicePer-audit fees or monthly retainers

Provide a fully managed service where customers submit skills for audit, and a team of human analysts reviews Fang's reports and performs deeper manual checks. Revenue per audit engagement or retainer.

OEM Integration LicensingLicensing fees + per-user royalty

License Fang's scanning engine to AI agent platforms, skill marketplaces, or DevSecOps tools for embedding into their own products. Revenue through licensing fees and royalty per active user.

💬 Integration Tip

Add Fang as a pre-commit hook in your skill repo to catch env theft before code ever lands, or run it in your CI pipeline after npm/pip install to scan downloaded dependencies.