env-patch

SUSPICIOUS: the skill is internally coherent, but its purpose is to help an agent run protected browser crypto/signing code under Node and bypass anti-debug/environment checks. Main risk comes from dual-use exploit/reversing behavior and optional unverified curl-fetched JS execution, not from credential theft or clear exfiltration.

This fragment is an explicit guide for spoofing/hiding Node.js runtime features to evade environment detection by security SDKs and VMPs. It prescribes deleting and redefining globals (Buffer, process, module, Error.prepareStackTrace, etc.) and altering descriptors and Symbol.toStringTag to misrepresent the host environment. While it does not itself contain a direct exfiltration or remote-access payload, these techniques are strong indicators of malicious/anti-analysis intent and would enable or conceal further malicious activity if used in a package. Treat code like this as high risk and suspicious in supply-chain context; require strong justification and code review before accepting/depending on it.