@blamejs/exceptd-skills 0.16.22 → 0.16.24

package/orchestrator/scanner.js

@@ -517,12 +517,60 @@ function probeTls(target) {
   return match ? match[1] : null;
 }
 
+// Key names that signal a credential value, matched case-insensitively at any
+// nesting depth. MCP server configs place real secrets inside `env` and
+// `headers` sub-objects (e.g. env.OPENAI_API_KEY, headers.Authorization), so a
+// top-level-only sweep leaks them into emitted findings.
+const SECRET_KEY_RE = /token|key|secret|password|credential|auth|bearer|api[-_]?key|access[-_]?key/i;
+
+// Value shapes that look like live credentials even under an innocuous key name
+// (e.g. args: ['--token', 'sk-...'] or a positional bearer string).
+const SECRET_VALUE_RES = [
+  /\bsk-[A-Za-z0-9_-]{8,}/,            // OpenAI-style keys
+  /\bAKIA[0-9A-Z]{12,}/,              // AWS access key id
+  /\bASIA[0-9A-Z]{12,}/,             // AWS temporary access key id
+  /\bgh[pousr]_[A-Za-z0-9]{20,}/,     // GitHub tokens
+  /\bxox[baprs]-[A-Za-z0-9-]{10,}/,   // Slack tokens
+  /\bBearer\s+[A-Za-z0-9._-]{8,}/i,   // Authorization: Bearer ...
+  /eyJ[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]+/ // JWT
+];
+
+function looksLikeSecretValue(value) {
+  if (typeof value !== 'string') return false;
+  return SECRET_VALUE_RES.some((re) => re.test(value));
+}
+
+// Recursively redact credential-shaped data so nothing emitted to stdout or
+// persisted carries an operator's live secrets. Redacts values of secret-named
+// keys at any depth and any standalone string value that matches a known
+// credential shape. Cycles are guarded with a seen-set.
+function redactDeep(value, seen) {
+  if (value === null || typeof value !== 'object') {
+    return looksLikeSecretValue(value) ? '[REDACTED]' : value;
+  }
+  if (seen.has(value)) return '[CIRCULAR]';
+  seen.add(value);
+
+  if (Array.isArray(value)) {
+    return value.map((item) => redactDeep(item, seen));
+  }
+
+  const out = {};
+  for (const key of Object.keys(value)) {
+    if (SECRET_KEY_RE.test(key)) {
+      out[key] = '[REDACTED]';
+    } else {
+      out[key] = redactDeep(value[key], seen);
+    }
+  }
+  return out;
+}
+
 function sanitizeConfig(obj) {
-  const safe = { ...obj };
-  for (const key of Object.keys(safe)) {
-    if (/token|key|secret|password|credential/i.test(key)) safe[key] = '[REDACTED]';
+  if (obj === null || typeof obj !== 'object') {
+    return looksLikeSecretValue(obj) ? '[REDACTED]' : obj;
   }
-  return safe;
+  return redactDeep(obj, new Set());
 }
 
 function loadJson(filename) {
@@ -533,4 +581,4 @@ function loadJson(filename) {
   }
 }
 
-module.exports = { scan, scanDomain };
+module.exports = { scan, scanDomain, sanitizeConfig };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.16.22",
+  "version": "0.16.24",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
   "keywords": [
     "ai-security",