@aiclude/security-skill 1.0.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/SKILL.md +6 -0
  2. package/dist/index.js +4 -1
  3. package/package.json +1 -1
package/SKILL.md CHANGED
@@ -1,3 +1,9 @@
1
+ ---
2
+ name: aiclude-security-scan
3
+ description: Scan MCP Servers and AI Agent Skills for security vulnerabilities. 7 parallel engines detect prompt injection, tool poisoning, malware, supply chain attacks, and more.
4
+ tags: [security, vulnerability, scanner, mcp, ai-agent, sast, sca, malware]
5
+ ---
6
+
1
7
  # /security-scan - AIclude Security Vulnerability Scanner
2
8
 
3
9
  Scan MCP Servers and AI Agent Skills for security vulnerabilities. Returns existing scan results instantly if available, or registers the target and triggers a new scan automatically.
package/dist/index.js CHANGED
@@ -34,7 +34,10 @@ var SkillHandler = class {
34
34
  }
35
35
  /** API 호출에 사용할 인증 헤더 생성 */
36
36
  createAuthHeaders(name) {
37
- const secret = process.env["ASVS_SIGNING_SECRET"] ?? "asvs-default-signing-key-2026";
37
+ const secret = process.env["ASVS_SIGNING_SECRET"];
38
+ if (!secret) {
39
+ throw new Error("ASVS_SIGNING_SECRET environment variable is required for API authentication");
40
+ }
38
41
  const timestamp = String(Date.now());
39
42
  const payload = `skill:${name}:${timestamp}`;
40
43
  const signature = createHmac("sha256", secret).update(payload).digest("hex");
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aiclude/security-skill",
3
- "version": "1.0.0",
3
+ "version": "1.1.1",
4
4
  "description": "AIclude Security Vulnerability Scanner - Claude Code Skill for inline security scanning",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",