@elliotllliu/agentshield 0.1.0

package/dist/rules/excessive-perms.js

@@ -0,0 +1,50 @@
+import matter from "gray-matter";
+/**
+ * Rule: excessive-perms
+ * Detects skills that request too many or dangerous permissions.
+ */
+const DANGEROUS_PERMS = new Set(["exec", "admin", "root", "sudo", "network", "browser"]);
+const MAX_REASONABLE_PERMS = 5;
+export const excessivePermsRule = {
+    id: "excessive-perms",
+    name: "Excessive Permissions",
+    description: "Detects skills requesting too many or dangerous permissions",
+    run(files) {
+        const findings = [];
+        const skillMd = files.find((f) => f.relativePath === "SKILL.md" || f.relativePath.endsWith("/SKILL.md"));
+        if (!skillMd)
+            return findings;
+        let permissions = [];
+        try {
+            const { data } = matter(skillMd.content);
+            if (Array.isArray(data.permissions)) {
+                permissions = data.permissions.filter((p) => typeof p === "string");
+            }
+        }
+        catch {
+            return findings;
+        }
+        // Check for dangerous permissions
+        for (const perm of permissions) {
+            if (DANGEROUS_PERMS.has(perm.toLowerCase())) {
+                findings.push({
+                    rule: "excessive-perms",
+                    severity: "warning",
+                    file: skillMd.relativePath,
+                    message: `Requests dangerous permission: '${perm}'`,
+                });
+            }
+        }
+        // Check for excessive number of permissions
+        if (permissions.length > MAX_REASONABLE_PERMS) {
+            findings.push({
+                rule: "excessive-perms",
+                severity: "warning",
+                file: skillMd.relativePath,
+                message: `Requests ${permissions.length} permissions (threshold: ${MAX_REASONABLE_PERMS}) — review if all are necessary`,
+            });
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=excessive-perms.js.map

package/dist/rules/excessive-perms.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"excessive-perms.js","sourceRoot":"","sources":["../../src/rules/excessive-perms.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAGjC;;;GAGG;AAEH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;AACzF,MAAM,oBAAoB,GAAG,CAAC,CAAC;AAE/B,MAAM,CAAC,MAAM,kBAAkB,GAAS;IACtC,EAAE,EAAE,iBAAiB;IACrB,IAAI,EAAE,uBAAuB;IAC7B,WAAW,EAAE,6DAA6D;IAE1E,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,UAAU,IAAI,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAC7E,CAAC;QACF,IAAI,CAAC,OAAO;YAAE,OAAO,QAAQ,CAAC;QAE9B,IAAI,WAAW,GAAa,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACpC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YAC/E,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,kCAAkC;QAClC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC5C,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,iBAAiB;oBACvB,QAAQ,EAAE,SAAS;oBACnB,IAAI,EAAE,OAAO,CAAC,YAAY;oBAC1B,OAAO,EAAE,mCAAmC,IAAI,GAAG;iBACpD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,IAAI,WAAW,CAAC,MAAM,GAAG,oBAAoB,EAAE,CAAC;YAC9C,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,SAAS;gBACnB,IAAI,EAAE,OAAO,CAAC,YAAY;gBAC1B,OAAO,EAAE,YAAY,WAAW,CAAC,MAAM,4BAA4B,oBAAoB,iCAAiC;aACzH,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/hidden-files.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const hiddenFilesRule: Rule;

package/dist/rules/hidden-files.js

@@ -0,0 +1,52 @@
+/**
+ * Rule: hidden-files
+ * Detects exposed .env files and other hidden config files that shouldn't be committed.
+ */
+const DANGEROUS_FILES = [
+    { pattern: /^\.env($|\.)/, desc: "Environment file with secrets" },
+    { pattern: /^\.env\.local$/, desc: "Local environment file" },
+    { pattern: /^\.env\.production$/, desc: "Production environment file" },
+    { pattern: /^\.htpasswd$/, desc: "Apache password file" },
+    { pattern: /^\.htaccess$/, desc: "Apache config file" },
+    { pattern: /^\.pgpass$/, desc: "PostgreSQL password file" },
+    { pattern: /^\.netrc$/, desc: "Network credentials file" },
+];
+const SECRET_IN_ENV_RE = /^[A-Z_]+=(?!$).*(?:key|secret|token|password|credential|auth)/i;
+export const hiddenFilesRule = {
+    id: "hidden-files",
+    name: "Hidden/Secret Files",
+    description: "Detects .env files and other hidden configs that may leak secrets",
+    run(files) {
+        const findings = [];
+        for (const file of files) {
+            const basename = file.relativePath.split("/").pop() || "";
+            for (const { pattern, desc } of DANGEROUS_FILES) {
+                if (pattern.test(basename)) {
+                    findings.push({
+                        rule: "hidden-files",
+                        severity: "critical",
+                        file: file.relativePath,
+                        message: `${desc} found in repository — should be in .gitignore`,
+                    });
+                    // Check for actual secrets in the file
+                    for (let i = 0; i < file.lines.length; i++) {
+                        const line = file.lines[i];
+                        if (SECRET_IN_ENV_RE.test(line) && !line.trimStart().startsWith("#")) {
+                            findings.push({
+                                rule: "hidden-files",
+                                severity: "critical",
+                                file: file.relativePath,
+                                line: i + 1,
+                                message: "Hardcoded secret in environment file",
+                                evidence: line.replace(/=.*/, "=***").slice(0, 80),
+                            });
+                        }
+                    }
+                    break;
+                }
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=hidden-files.js.map

package/dist/rules/hidden-files.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hidden-files.js","sourceRoot":"","sources":["../../src/rules/hidden-files.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,eAAe,GAAG;IACtB,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,+BAA+B,EAAE;IAClE,EAAE,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,wBAAwB,EAAE;IAC7D,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,6BAA6B,EAAE;IACvE,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,sBAAsB,EAAE;IACzD,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE;IACvD,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,0BAA0B,EAAE;IAC3D,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,0BAA0B,EAAE;CAC3D,CAAC;AAEF,MAAM,gBAAgB,GACpB,gEAAgE,CAAC;AAEnE,MAAM,CAAC,MAAM,eAAe,GAAS;IACnC,EAAE,EAAE,cAAc;IAClB,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,mEAAmE;IAEhF,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;YAE1D,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,eAAe,EAAE,CAAC;gBAChD,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC3B,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,cAAc;wBACpB,QAAQ,EAAE,UAAU;wBACpB,IAAI,EAAE,IAAI,CAAC,YAAY;wBACvB,OAAO,EAAE,GAAG,IAAI,gDAAgD;qBACjE,CAAC,CAAC;oBAEH,uCAAuC;oBACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;wBAC5B,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;4BACrE,QAAQ,CAAC,IAAI,CAAC;gCACZ,IAAI,EAAE,cAAc;gCACpB,QAAQ,EAAE,UAAU;gCACpB,IAAI,EAAE,IAAI,CAAC,YAAY;gCACvB,IAAI,EAAE,CAAC,GAAG,CAAC;gCACX,OAAO,EAAE,sCAAsC;gCAC/C,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;6BACnD,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;oBACD,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/index.d.ts

@@ -0,0 +1,5 @@
+import type { Rule } from "../types.js";
+/** All registered rules */
+export declare const rules: Rule[];
+/** Get a rule by ID */
+export declare function getRule(id: string): Rule | undefined;

package/dist/rules/index.js

@@ -0,0 +1,40 @@
+import { sensitiveReadRule } from "./sensitive-read.js";
+import { backdoorRule } from "./backdoor.js";
+import { dataExfilRule } from "./data-exfil.js";
+import { privilegeRule } from "./privilege.js";
+import { supplyChainRule } from "./supply-chain.js";
+import { obfuscationRule } from "./obfuscation.js";
+import { envLeakRule } from "./env-leak.js";
+import { cryptoMiningRule } from "./crypto-mining.js";
+import { reverseShellRule } from "./reverse-shell.js";
+import { typosquattingRule } from "./typosquatting.js";
+import { hiddenFilesRule } from "./hidden-files.js";
+import { excessivePermsRule } from "./excessive-perms.js";
+import { phoneHomeRule } from "./phone-home.js";
+import { credentialHardcodeRule } from "./credential-hardcode.js";
+import { networkSsrfRule } from "./network-ssrf.js";
+/** All registered rules */
+export const rules = [
+    // Original 5
+    dataExfilRule,
+    backdoorRule,
+    privilegeRule,
+    supplyChainRule,
+    sensitiveReadRule,
+    // New 10
+    obfuscationRule,
+    envLeakRule,
+    cryptoMiningRule,
+    reverseShellRule,
+    typosquattingRule,
+    hiddenFilesRule,
+    excessivePermsRule,
+    phoneHomeRule,
+    credentialHardcodeRule,
+    networkSsrfRule,
+];
+/** Get a rule by ID */
+export function getRule(id) {
+    return rules.find((r) => r.id === id);
+}
+//# sourceMappingURL=index.js.map

package/dist/rules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,2BAA2B;AAC3B,MAAM,CAAC,MAAM,KAAK,GAAW;IAC3B,aAAa;IACb,aAAa;IACb,YAAY;IACZ,aAAa;IACb,eAAe;IACf,iBAAiB;IACjB,SAAS;IACT,eAAe;IACf,WAAW;IACX,gBAAgB;IAChB,gBAAgB;IAChB,iBAAiB;IACjB,eAAe;IACf,kBAAkB;IAClB,aAAa;IACb,sBAAsB;IACtB,eAAe;CAChB,CAAC;AAEF,uBAAuB;AACvB,MAAM,UAAU,OAAO,CAAC,EAAU;IAChC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AACxC,CAAC"}

package/dist/rules/network-ssrf.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const networkSsrfRule: Rule;

package/dist/rules/network-ssrf.js

@@ -0,0 +1,51 @@
+/**
+ * Rule: network-ssrf
+ * Detects Server-Side Request Forgery patterns — user-controlled URLs in HTTP requests.
+ */
+const SSRF_PATTERNS = [
+    // Template literals in fetch/request
+    { pattern: /fetch\s*\(\s*`[^`]*\$\{/, desc: "fetch() with template literal URL — potential SSRF", severity: "warning" },
+    { pattern: /axios\.\w+\s*\(\s*`[^`]*\$\{/, desc: "axios with template literal URL — potential SSRF", severity: "warning" },
+    { pattern: /http\.request\s*\(\s*`[^`]*\$\{/, desc: "http.request with template literal URL — potential SSRF", severity: "warning" },
+    // URL constructed from user input
+    { pattern: /new\s+URL\s*\(\s*(?:req\.|request\.|params\.|query\.|body\.)/, desc: "URL from request parameters — potential SSRF", severity: "critical" },
+    { pattern: /fetch\s*\(\s*(?:req\.|request\.|params\.|query\.|body\.)/, desc: "fetch() with request parameter — potential SSRF", severity: "critical" },
+    // Redirect to user-controlled URL
+    { pattern: /redirect\s*\(\s*(?:req\.|request\.|params\.|query\.)/, desc: "Open redirect — user-controlled redirect URL", severity: "warning" },
+    // Internal network access patterns
+    { pattern: /127\.0\.0\.1|0\.0\.0\.0|localhost.*fetch|fetch.*localhost/i, desc: "Request to localhost — verify if intentional", severity: "warning" },
+    { pattern: /169\.254\.169\.254/, desc: "AWS metadata endpoint access — potential SSRF", severity: "critical" },
+];
+export const networkSsrfRule = {
+    id: "network-ssrf",
+    name: "Server-Side Request Forgery",
+    description: "Detects user-controlled URLs in HTTP requests and internal network access",
+    run(files) {
+        const findings = [];
+        for (const file of files) {
+            if (file.ext === ".json" || file.ext === ".yaml" || file.ext === ".yml" || file.ext === ".md")
+                continue;
+            for (let i = 0; i < file.lines.length; i++) {
+                const line = file.lines[i];
+                const trimmed = line.trimStart();
+                if (trimmed.startsWith("//") || trimmed.startsWith("#"))
+                    continue;
+                for (const { pattern, desc, severity } of SSRF_PATTERNS) {
+                    if (pattern.test(line)) {
+                        findings.push({
+                            rule: "network-ssrf",
+                            severity,
+                            file: file.relativePath,
+                            line: i + 1,
+                            message: desc,
+                            evidence: line.trim().slice(0, 120),
+                        });
+                        break;
+                    }
+                }
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=network-ssrf.js.map

package/dist/rules/network-ssrf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"network-ssrf.js","sourceRoot":"","sources":["../../src/rules/network-ssrf.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,aAAa,GAA+E;IAChG,qCAAqC;IACrC,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,oDAAoD,EAAE,QAAQ,EAAE,SAAS,EAAE;IACvH,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,kDAAkD,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC1H,EAAE,OAAO,EAAE,iCAAiC,EAAE,IAAI,EAAE,yDAAyD,EAAE,QAAQ,EAAE,SAAS,EAAE;IACpI,kCAAkC;IAClC,EAAE,OAAO,EAAE,8DAA8D,EAAE,IAAI,EAAE,8CAA8C,EAAE,QAAQ,EAAE,UAAU,EAAE;IACvJ,EAAE,OAAO,EAAE,0DAA0D,EAAE,IAAI,EAAE,iDAAiD,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtJ,kCAAkC;IAClC,EAAE,OAAO,EAAE,sDAAsD,EAAE,IAAI,EAAE,8CAA8C,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC9I,mCAAmC;IACnC,EAAE,OAAO,EAAE,4DAA4D,EAAE,IAAI,EAAE,8CAA8C,EAAE,QAAQ,EAAE,SAAS,EAAE;IACpJ,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,+CAA+C,EAAE,QAAQ,EAAE,UAAU,EAAE;CAC/G,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAS;IACnC,EAAE,EAAE,cAAc;IAClB,IAAI,EAAE,6BAA6B;IACnC,WAAW,EAAE,2EAA2E;IAExF,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK;gBAAE,SAAS;YAExG,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;gBAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAElE,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,aAAa,EAAE,CAAC;oBACxD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,cAAc;4BACpB,QAAQ;4BACR,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EAAE,IAAI;4BACb,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;yBACpC,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/obfuscation.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const obfuscationRule: Rule;

package/dist/rules/obfuscation.js

@@ -0,0 +1,51 @@
+/**
+ * Rule: obfuscation
+ * Detects base64 decoding + eval/exec combos and other obfuscation patterns.
+ */
+const OBFUSCATION_PATTERNS = [
+    { pattern: /atob\s*\(.*\beval\b|eval\s*\(.*\batob\b/, desc: "atob() + eval() combo", severity: "critical" },
+    { pattern: /Buffer\.from\s*\([^)]*,\s*["']base64["']\).*\beval\b/, desc: "Base64 decode + eval()", severity: "critical" },
+    { pattern: /Buffer\.from\s*\([^)]*,\s*["']base64["']\).*\bexec\b/, desc: "Base64 decode + exec()", severity: "critical" },
+    { pattern: /\bString\.fromCharCode\s*\(/, desc: "String.fromCharCode() — potential obfuscation", severity: "warning" },
+    { pattern: /\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}/, desc: "Hex-encoded string sequence", severity: "warning" },
+    { pattern: /\\u00[0-9a-f]{2}\\u00[0-9a-f]{2}/, desc: "Unicode-escaped string sequence", severity: "warning" },
+];
+export const obfuscationRule = {
+    id: "obfuscation",
+    name: "Code Obfuscation",
+    description: "Detects base64+eval combos, hex encoding, and other obfuscation techniques",
+    run(files) {
+        const findings = [];
+        for (const file of files) {
+            if (file.ext === ".json" || file.ext === ".yaml" || file.ext === ".yml" || file.ext === ".md")
+                continue;
+            // Check multi-line patterns across entire content
+            for (const { pattern, desc, severity } of OBFUSCATION_PATTERNS.slice(0, 3)) {
+                if (pattern.test(file.content)) {
+                    // Find the line with eval/exec
+                    for (let i = 0; i < file.lines.length; i++) {
+                        if (/\beval\b|\bexec\b/.test(file.lines[i])) {
+                            findings.push({ rule: "obfuscation", severity, file: file.relativePath, line: i + 1, message: desc, evidence: file.lines[i].trim().slice(0, 120) });
+                            break;
+                        }
+                    }
+                }
+            }
+            // Per-line patterns
+            for (let i = 0; i < file.lines.length; i++) {
+                const line = file.lines[i];
+                const trimmed = line.trimStart();
+                if (trimmed.startsWith("//") || trimmed.startsWith("#"))
+                    continue;
+                for (const { pattern, desc, severity } of OBFUSCATION_PATTERNS.slice(3)) {
+                    if (pattern.test(line)) {
+                        findings.push({ rule: "obfuscation", severity, file: file.relativePath, line: i + 1, message: desc, evidence: line.trim().slice(0, 120) });
+                        break;
+                    }
+                }
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=obfuscation.js.map

package/dist/rules/obfuscation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"obfuscation.js","sourceRoot":"","sources":["../../src/rules/obfuscation.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,oBAAoB,GAIrB;IACH,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC3G,EAAE,OAAO,EAAE,sDAAsD,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACzH,EAAE,OAAO,EAAE,sDAAsD,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACzH,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,+CAA+C,EAAE,QAAQ,EAAE,SAAS,EAAE;IACtH,EAAE,OAAO,EAAE,4CAA4C,EAAE,IAAI,EAAE,6BAA6B,EAAE,QAAQ,EAAE,SAAS,EAAE;IACnH,EAAE,OAAO,EAAE,kCAAkC,EAAE,IAAI,EAAE,iCAAiC,EAAE,QAAQ,EAAE,SAAS,EAAE;CAC9G,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAS;IACnC,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,kBAAkB;IACxB,WAAW,EAAE,4EAA4E;IAEzF,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK;gBAAE,SAAS;YAExG,kDAAkD;YAClD,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;gBAC3E,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC/B,+BAA+B;oBAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBAC3C,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;4BAC7C,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;4BACrJ,MAAM;wBACR,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,oBAAoB;YACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;gBAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAElE,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,oBAAoB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxE,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;wBAC3I,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/phone-home.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const phoneHomeRule: Rule;

package/dist/rules/phone-home.js

@@ -0,0 +1,38 @@
+/**
+ * Rule: phone-home
+ * Detects periodic timers combined with HTTP requests — "calling home" patterns.
+ */
+const TIMER_RE = /setInterval\s*\(|cron\s*\(|schedule\s*\(|setTimeout.*setInterval|recurring|periodic/i;
+const HTTP_RE = /fetch\s*\(|axios\.|http\.request|https\.request|\.post\s*\(|\.get\s*\(/i;
+export const phoneHomeRule = {
+    id: "phone-home",
+    name: "Phone Home / Beacon",
+    description: "Detects periodic timers combined with HTTP requests (heartbeat/beacon pattern)",
+    run(files) {
+        const findings = [];
+        for (const file of files) {
+            if (file.ext === ".json" || file.ext === ".yaml" || file.ext === ".yml" || file.ext === ".md")
+                continue;
+            const hasTimer = TIMER_RE.test(file.content);
+            const hasHttp = HTTP_RE.test(file.content);
+            if (hasTimer && hasHttp) {
+                // Find the timer line
+                for (let i = 0; i < file.lines.length; i++) {
+                    if (TIMER_RE.test(file.lines[i])) {
+                        findings.push({
+                            rule: "phone-home",
+                            severity: "warning",
+                            file: file.relativePath,
+                            line: i + 1,
+                            message: "Periodic timer + HTTP request — possible beacon/phone-home pattern",
+                            evidence: file.lines[i].trim().slice(0, 120),
+                        });
+                        break;
+                    }
+                }
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=phone-home.js.map

package/dist/rules/phone-home.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"phone-home.js","sourceRoot":"","sources":["../../src/rules/phone-home.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,QAAQ,GAAG,sFAAsF,CAAC;AACxG,MAAM,OAAO,GAAG,yEAAyE,CAAC;AAE1F,MAAM,CAAC,MAAM,aAAa,GAAS;IACjC,EAAE,EAAE,YAAY;IAChB,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,gFAAgF;IAE7F,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK;gBAAE,SAAS;YAExG,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE3C,IAAI,QAAQ,IAAI,OAAO,EAAE,CAAC;gBACxB,sBAAsB;gBACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3C,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;wBAClC,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,YAAY;4BAClB,QAAQ,EAAE,SAAS;4BACnB,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EAAE,oEAAoE;4BAC7E,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;yBAC9C,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/privilege.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const privilegeRule: Rule;

package/dist/rules/privilege.js

@@ -0,0 +1,111 @@
+import matter from "gray-matter";
+/**
+ * Rule: privilege
+ * Compares declared permissions in SKILL.md vs actual API usage in code.
+ */
+// Map of capabilities to code patterns that indicate their use
+const CAPABILITY_PATTERNS = {
+    exec: /child_process|execSync|exec\(|spawn\(|os\.system|subprocess|ShellAction/i,
+    read: /readFile|readFileSync|fs\.read|open\(.*["']r/i,
+    write: /writeFile|writeFileSync|fs\.write|appendFile|open\(.*["']w/i,
+    web_fetch: /fetch\s*\(|axios|http\.request|https\.request|requests\.(get|post)/i,
+    browser: /puppeteer|playwright|selenium|webdriver|BrowserAction/i,
+    network: /net\.connect|dgram|WebSocket|Socket/i,
+};
+export const privilegeRule = {
+    id: "privilege",
+    name: "Privilege Mismatch",
+    description: "Compares declared permissions in SKILL.md against actual code behavior",
+    run(files) {
+        const findings = [];
+        // Find SKILL.md
+        const skillMd = files.find((f) => f.relativePath === "SKILL.md" || f.relativePath.endsWith("/SKILL.md"));
+        if (!skillMd) {
+            // No SKILL.md — can't check permissions
+            findings.push({
+                rule: "privilege",
+                severity: "info",
+                file: ".",
+                message: "No SKILL.md found — permission analysis skipped",
+            });
+            return findings;
+        }
+        // Parse frontmatter
+        let meta = {};
+        try {
+            const { data } = matter(skillMd.content);
+            meta = data;
+        }
+        catch {
+            // not valid frontmatter
+        }
+        // Extract declared permissions (from frontmatter or body)
+        const declaredPerms = new Set();
+        if (Array.isArray(meta.permissions)) {
+            for (const p of meta.permissions) {
+                if (typeof p === "string")
+                    declaredPerms.add(p.toLowerCase());
+            }
+        }
+        // Also scan SKILL.md body for permission keywords
+        const bodyPermsMatch = skillMd.content.match(/permissions?:\s*([\w,\s]+)/i);
+        if (bodyPermsMatch) {
+            for (const p of bodyPermsMatch[1].split(/[,\s]+/)) {
+                if (p.trim())
+                    declaredPerms.add(p.trim().toLowerCase());
+            }
+        }
+        // Scan code files for actual capability usage
+        const codeFiles = files.filter((f) => f.ext !== ".md" && f.ext !== ".json" && f.ext !== ".yaml" && f.ext !== ".yml");
+        const usedCapabilities = new Set();
+        const capabilityLocations = {};
+        for (const file of codeFiles) {
+            for (const [cap, pattern] of Object.entries(CAPABILITY_PATTERNS)) {
+                for (let i = 0; i < file.lines.length; i++) {
+                    if (pattern.test(file.lines[i])) {
+                        usedCapabilities.add(cap);
+                        if (!capabilityLocations[cap])
+                            capabilityLocations[cap] = [];
+                        capabilityLocations[cap].push({ file: file.relativePath, line: i + 1 });
+                    }
+                }
+            }
+        }
+        // Report undeclared capabilities
+        for (const cap of usedCapabilities) {
+            if (declaredPerms.size > 0 && !declaredPerms.has(cap)) {
+                const locations = capabilityLocations[cap] || [];
+                const first = locations[0];
+                findings.push({
+                    rule: "privilege",
+                    severity: "warning",
+                    file: first?.file || skillMd.relativePath,
+                    line: first?.line,
+                    message: `Code uses '${cap}' capability but SKILL.md doesn't declare it (found in ${locations.length} location${locations.length > 1 ? "s" : ""})`,
+                });
+            }
+        }
+        // Report declared but unused permissions
+        for (const perm of declaredPerms) {
+            if (!usedCapabilities.has(perm) && CAPABILITY_PATTERNS[perm]) {
+                findings.push({
+                    rule: "privilege",
+                    severity: "info",
+                    file: skillMd.relativePath,
+                    message: `SKILL.md declares '${perm}' permission but code doesn't appear to use it`,
+                });
+            }
+        }
+        // Report used capabilities as info
+        if (usedCapabilities.size > 0) {
+            findings.push({
+                rule: "privilege",
+                severity: "info",
+                file: skillMd.relativePath,
+                message: `Detected capabilities: ${[...usedCapabilities].join(", ")}`,
+            });
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=privilege.js.map

package/dist/rules/privilege.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"privilege.js","sourceRoot":"","sources":["../../src/rules/privilege.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAGjC;;;GAGG;AAEH,+DAA+D;AAC/D,MAAM,mBAAmB,GAA2B;IAClD,IAAI,EAAE,0EAA0E;IAChF,IAAI,EAAE,+CAA+C;IACrD,KAAK,EAAE,6DAA6D;IACpE,SAAS,EAAE,qEAAqE;IAChF,OAAO,EAAE,wDAAwD;IACjE,OAAO,EAAE,sCAAsC;CAChD,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAS;IACjC,EAAE,EAAE,WAAW;IACf,IAAI,EAAE,oBAAoB;IAC1B,WAAW,EAAE,wEAAwE;IAErF,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,gBAAgB;QAChB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,UAAU,IAAI,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAC7E,CAAC;QACF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,wCAAwC;YACxC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,GAAG;gBACT,OAAO,EAAE,iDAAiD;aAC3D,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,oBAAoB;QACpB,IAAI,IAAI,GAAkB,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,GAAG,IAAqB,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;QAED,0DAA0D;QAC1D,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;QACxC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACpC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjC,IAAI,OAAO,CAAC,KAAK,QAAQ;oBAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;QAED,kDAAkD;QAClD,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAC5E,IAAI,cAAc,EAAE,CAAC;YACnB,KAAK,MAAM,CAAC,IAAI,cAAc,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACnD,IAAI,CAAC,CAAC,IAAI,EAAE;oBAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,OAAO,IAAI,CAAC,CAAC,GAAG,KAAK,OAAO,IAAI,CAAC,CAAC,GAAG,KAAK,MAAM,CACrF,CAAC;QAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC3C,MAAM,mBAAmB,GAAqD,EAAE,CAAC;QAEjF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBACjE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;wBACjC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;wBAC1B,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC;4BAAE,mBAAmB,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;wBAC7D,mBAAmB,CAAC,GAAG,CAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAC3E,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;YACnC,IAAI,aAAa,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtD,MAAM,SAAS,GAAG,mBAAmB,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;gBACjD,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;gBAC3B,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,WAAW;oBACjB,QAAQ,EAAE,SAAS;oBACnB,IAAI,EAAE,KAAK,EAAE,IAAI,IAAI,OAAO,CAAC,YAAY;oBACzC,IAAI,EAAE,KAAK,EAAE,IAAI;oBACjB,OAAO,EAAE,cAAc,GAAG,0DAA0D,SAAS,CAAC,MAAM,YAAY,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG;iBACnJ,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7D,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,WAAW;oBACjB,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,OAAO,CAAC,YAAY;oBAC1B,OAAO,EAAE,sBAAsB,IAAI,gDAAgD;iBACpF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,mCAAmC;QACnC,IAAI,gBAAgB,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,OAAO,CAAC,YAAY;gBAC1B,OAAO,EAAE,0BAA0B,CAAC,GAAG,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aACtE,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/reverse-shell.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const reverseShellRule: Rule;

package/dist/rules/reverse-shell.js

@@ -0,0 +1,53 @@
+/**
+ * Rule: reverse-shell
+ * Detects reverse shell patterns — outbound socket connections piped to shell.
+ */
+const REVERSE_SHELL_PATTERNS = [
+    // Shell
+    { pattern: /\/dev\/tcp\/\d+\.\d+\.\d+\.\d+/, desc: "/dev/tcp reverse shell" },
+    { pattern: /bash\s+-i\s+>&\s*\/dev\/tcp/, desc: "Bash interactive reverse shell" },
+    { pattern: /nc\s+-e\s+\/bin\/(ba)?sh/, desc: "Netcat reverse shell" },
+    { pattern: /ncat\s+.*-e\s+\/bin/, desc: "Ncat reverse shell" },
+    { pattern: /mkfifo\s+.*\/tmp\/.*nc\s/, desc: "Named pipe + netcat reverse shell" },
+    // Python
+    { pattern: /socket\.connect\s*\(.*\bsubprocess\b|subprocess.*socket\.connect/i, desc: "Python socket + subprocess reverse shell" },
+    { pattern: /pty\.spawn.*\/bin\/(ba)?sh/i, desc: "Python pty.spawn shell" },
+    // Node.js
+    { pattern: /net\.connect\s*\(.*child_process|child_process.*net\.connect/i, desc: "Node.js net.connect + child_process" },
+    { pattern: /new\s+net\.Socket\s*\(\).*\.connect\s*\(.*\.pipe\s*\(/i, desc: "Node.js Socket pipe to process" },
+];
+export const reverseShellRule = {
+    id: "reverse-shell",
+    name: "Reverse Shell",
+    description: "Detects outbound socket connections piped to a shell process",
+    run(files) {
+        const findings = [];
+        for (const file of files) {
+            if (file.ext === ".json" || file.ext === ".yaml" || file.ext === ".yml" || file.ext === ".md")
+                continue;
+            // Check both per-line and multi-line (for patterns spanning lines)
+            for (let i = 0; i < file.lines.length; i++) {
+                const line = file.lines[i];
+                for (const { pattern, desc } of REVERSE_SHELL_PATTERNS) {
+                    if (pattern.test(line)) {
+                        findings.push({
+                            rule: "reverse-shell",
+                            severity: "critical",
+                            file: file.relativePath,
+                            line: i + 1,
+                            message: desc,
+                            evidence: line.trim().slice(0, 120),
+                        });
+                        break;
+                    }
+                }
+            }
+            // Multi-line: check content for socket+subprocess combos
+            if (REVERSE_SHELL_PATTERNS.some(({ pattern }) => pattern.test(file.content))) {
+                // Already caught per-line
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=reverse-shell.js.map

package/dist/rules/reverse-shell.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reverse-shell.js","sourceRoot":"","sources":["../../src/rules/reverse-shell.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,sBAAsB,GAA6C;IACvE,QAAQ;IACR,EAAE,OAAO,EAAE,gCAAgC,EAAE,IAAI,EAAE,wBAAwB,EAAE;IAC7E,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,gCAAgC,EAAE;IAClF,EAAE,OAAO,EAAE,0BAA0B,EAAE,IAAI,EAAE,sBAAsB,EAAE;IACrE,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,oBAAoB,EAAE;IAC9D,EAAE,OAAO,EAAE,0BAA0B,EAAE,IAAI,EAAE,mCAAmC,EAAE;IAClF,SAAS;IACT,EAAE,OAAO,EAAE,mEAAmE,EAAE,IAAI,EAAE,0CAA0C,EAAE;IAClI,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,wBAAwB,EAAE;IAC1E,UAAU;IACV,EAAE,OAAO,EAAE,+DAA+D,EAAE,IAAI,EAAE,qCAAqC,EAAE;IACzH,EAAE,OAAO,EAAE,wDAAwD,EAAE,IAAI,EAAE,gCAAgC,EAAE;CAC9G,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAS;IACpC,EAAE,EAAE,eAAe;IACnB,IAAI,EAAE,eAAe;IACrB,WAAW,EAAE,8DAA8D;IAE3E,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK;gBAAE,SAAS;YAExG,mEAAmE;YACnE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;gBAC5B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,sBAAsB,EAAE,CAAC;oBACvD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,eAAe;4BACrB,QAAQ,EAAE,UAAU;4BACpB,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EAAE,IAAI;4BACb,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;yBACpC,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;YAED,yDAAyD;YACzD,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;gBAC7E,0BAA0B;YAC5B,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/sensitive-read.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const sensitiveReadRule: Rule;

package/dist/rules/sensitive-read.js

@@ -0,0 +1,53 @@
+/**
+ * Rule: sensitive-read
+ * Detects code that reads sensitive files like SSH keys, AWS credentials, etc.
+ */
+const SENSITIVE_PATTERNS = [
+    { pattern: /~\/\.ssh\/id_rsa|\.ssh\/id_rsa|ssh_key|id_ed25519/i, desc: "SSH private key" },
+    { pattern: /~\/\.ssh\/known_hosts/i, desc: "SSH known_hosts" },
+    { pattern: /~\/\.aws\/credentials|AWS_SECRET_ACCESS_KEY|aws_secret/i, desc: "AWS credentials" },
+    { pattern: /~\/\.env\b|process\.env\b.*(?:SECRET|KEY|TOKEN|PASSWORD|CREDENTIAL)/i, desc: "environment secrets" },
+    { pattern: /~\/\.openclaw\/openclaw\.json|openclaw\.json/i, desc: "OpenClaw config" },
+    { pattern: /~\/\.gnupg|gpg.*private/i, desc: "GPG private key" },
+    { pattern: /~\/\.kube\/config|kubeconfig/i, desc: "Kubernetes config" },
+    { pattern: /\/etc\/shadow|\/etc\/passwd/i, desc: "system passwords" },
+    { pattern: /~\/\.docker\/config\.json/i, desc: "Docker credentials" },
+    { pattern: /~\/\.npmrc|_authToken/i, desc: "npm auth token" },
+    { pattern: /~\/\.gitconfig|\.git-credentials/i, desc: "Git credentials" },
+    { pattern: /~\/\.netrc/i, desc: "netrc credentials" },
+];
+export const sensitiveReadRule = {
+    id: "sensitive-read",
+    name: "Sensitive File Read",
+    description: "Detects reads of SSH keys, credentials, API tokens, and other secrets",
+    run(files) {
+        const findings = [];
+        for (const file of files) {
+            // Skip non-code files (allow checking shell scripts, JS, TS, Python)
+            if (file.ext === ".json" || file.ext === ".yaml" || file.ext === ".yml" || file.ext === ".toml")
+                continue;
+            if (file.relativePath === "SKILL.md")
+                continue;
+            for (let i = 0; i < file.lines.length; i++) {
+                const line = file.lines[i];
+                // Skip comments
+                if (line.trimStart().startsWith("//") || line.trimStart().startsWith("#"))
+                    continue;
+                for (const { pattern, desc } of SENSITIVE_PATTERNS) {
+                    if (pattern.test(line)) {
+                        findings.push({
+                            rule: "sensitive-read",
+                            severity: "warning",
+                            file: file.relativePath,
+                            line: i + 1,
+                            message: `Accesses ${desc}`,
+                            evidence: line.trim().slice(0, 120),
+                        });
+                    }
+                }
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=sensitive-read.js.map

package/dist/rules/sensitive-read.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sensitive-read.js","sourceRoot":"","sources":["../../src/rules/sensitive-read.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,kBAAkB,GAA6C;IACnE,EAAE,OAAO,EAAE,oDAAoD,EAAE,IAAI,EAAE,iBAAiB,EAAE;IAC1F,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,iBAAiB,EAAE;IAC9D,EAAE,OAAO,EAAE,yDAAyD,EAAE,IAAI,EAAE,iBAAiB,EAAE;IAC/F,EAAE,OAAO,EAAE,sEAAsE,EAAE,IAAI,EAAE,qBAAqB,EAAE;IAChH,EAAE,OAAO,EAAE,+CAA+C,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACrF,EAAE,OAAO,EAAE,0BAA0B,EAAE,IAAI,EAAE,iBAAiB,EAAE;IAChE,EAAE,OAAO,EAAE,+BAA+B,EAAE,IAAI,EAAE,mBAAmB,EAAE;IACvE,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,kBAAkB,EAAE;IACrE,EAAE,OAAO,EAAE,4BAA4B,EAAE,IAAI,EAAE,oBAAoB,EAAE;IACrE,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC7D,EAAE,OAAO,EAAE,mCAAmC,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACzE,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,mBAAmB,EAAE;CACtD,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAS;IACrC,EAAE,EAAE,gBAAgB;IACpB,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,uEAAuE;IAEpF,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,qEAAqE;YACrE,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO;gBAAE,SAAS;YAC1G,IAAI,IAAI,CAAC,YAAY,KAAK,UAAU;gBAAE,SAAS;YAE/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;gBAC5B,gBAAgB;gBAChB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAEpF,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,kBAAkB,EAAE,CAAC;oBACnD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,gBAAgB;4BACtB,QAAQ,EAAE,SAAS;4BACnB,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EAAE,YAAY,IAAI,EAAE;4BAC3B,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;yBACpC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/supply-chain.d.ts

@@ -0,0 +1,6 @@
+import type { Rule } from "../types.js";
+/**
+ * Rule: supply-chain
+ * Runs npm audit to detect known CVEs in dependencies.
+ */
+export declare const supplyChainRule: Rule;