@guava-parity/guard-scanner 13.0.0 → 16.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (96) hide show
  1. package/README.md +170 -215
  2. package/README_ja.md +252 -0
  3. package/SECURITY.md +12 -4
  4. package/SKILL.md +148 -57
  5. package/dist/cli.cjs +5997 -0
  6. package/dist/cli.d.mts +1 -0
  7. package/dist/cli.d.ts +1 -0
  8. package/dist/cli.mjs +6003 -0
  9. package/dist/index.cjs +4825 -0
  10. package/dist/index.d.mts +17 -0
  11. package/dist/index.d.ts +17 -0
  12. package/dist/index.mjs +4798 -0
  13. package/dist/mcp-server.cjs +4756 -0
  14. package/dist/mcp-server.d.mts +1 -0
  15. package/dist/mcp-server.d.ts +1 -0
  16. package/dist/mcp-server.mjs +4767 -0
  17. package/dist/openclaw-plugin.cjs +4863 -0
  18. package/dist/openclaw-plugin.d.mts +11 -0
  19. package/dist/openclaw-plugin.d.ts +11 -0
  20. package/dist/openclaw-plugin.mjs +4854 -0
  21. package/dist/types.cjs +18 -0
  22. package/dist/types.d.mts +215 -0
  23. package/dist/types.d.ts +215 -0
  24. package/dist/types.mjs +1 -0
  25. package/docs/EVIDENCE_DRIVEN.md +182 -0
  26. package/docs/banner.png +0 -0
  27. package/docs/data/benchmark-ledger.json +1428 -0
  28. package/docs/data/corpus-metrics.json +11 -0
  29. package/docs/data/fp-ledger.json +18 -0
  30. package/docs/data/latest.json +25837 -2481
  31. package/docs/data/quality-contract.json +36 -0
  32. package/docs/generated/npm-audit-20260312.json +96 -0
  33. package/docs/generated/openclaw-upstream-status.json +25 -0
  34. package/docs/glossary.md +46 -0
  35. package/docs/index.html +1085 -496
  36. package/docs/logo.png +0 -0
  37. package/docs/openclaw-compatibility-audit.md +45 -0
  38. package/docs/openclaw-continuous-compatibility-plan.md +37 -0
  39. package/docs/rules/a2a-contagion.md +68 -0
  40. package/docs/rules/advanced-exfil.md +52 -0
  41. package/docs/rules/agent-protocol.md +108 -0
  42. package/docs/rules/api-abuse.md +68 -0
  43. package/docs/rules/autonomous-risk.md +92 -0
  44. package/docs/rules/config-impact.md +132 -0
  45. package/docs/rules/credential-handling.md +100 -0
  46. package/docs/rules/cve-patterns.md +332 -0
  47. package/docs/rules/data-exposure.md +84 -0
  48. package/docs/rules/exfiltration.md +36 -0
  49. package/docs/rules/financial-access.md +84 -0
  50. package/docs/rules/identity-hijack.md +140 -0
  51. package/docs/rules/inference-manipulation.md +60 -0
  52. package/docs/rules/leaky-skills.md +52 -0
  53. package/docs/rules/malicious-code.md +108 -0
  54. package/docs/rules/mcp-security.md +148 -0
  55. package/docs/rules/memory-poisoning.md +84 -0
  56. package/docs/rules/model-poisoning.md +44 -0
  57. package/docs/rules/obfuscation.md +60 -0
  58. package/docs/rules/persistence.md +108 -0
  59. package/docs/rules/pii-exposure.md +116 -0
  60. package/docs/rules/prompt-injection.md +148 -0
  61. package/docs/rules/prompt-worm.md +44 -0
  62. package/docs/rules/safeguard-bypass.md +44 -0
  63. package/docs/rules/sandbox-escape.md +100 -0
  64. package/docs/rules/secret-detection.md +44 -0
  65. package/docs/rules/supply-chain-v2.md +92 -0
  66. package/docs/rules/suspicious-download.md +60 -0
  67. package/docs/rules/trust-boundary.md +76 -0
  68. package/docs/rules/trust-exploitation.md +92 -0
  69. package/docs/rules/unverifiable-deps.md +84 -0
  70. package/docs/rules/vdb-injection.md +84 -0
  71. package/docs/security-vulnerability-report-20260312.md +53 -0
  72. package/docs/spec/PRD_V2_ARCHITECTURE.md +55 -0
  73. package/docs/spec/capabilities.json +174 -0
  74. package/docs/spec/finding.schema.json +104 -0
  75. package/docs/spec/integration-manifest.md +39 -0
  76. package/docs/spec/plugin-trust.json +11 -0
  77. package/docs/spec/sbom.json +33 -0
  78. package/docs/threat-model.md +65 -0
  79. package/docs/v13-architecture-manifest.md +55 -0
  80. package/hooks/context.ts +306 -0
  81. package/hooks/guard-scanner/plugin.ts +24 -1
  82. package/openclaw-plugin.mts +107 -0
  83. package/openclaw.plugin.json +30 -53
  84. package/package.json +66 -13
  85. package/src/asset-auditor.js +0 -508
  86. package/src/ci-reporter.js +0 -135
  87. package/src/cli.js +0 -294
  88. package/src/html-template.js +0 -239
  89. package/src/ioc-db.js +0 -54
  90. package/src/mcp-server.js +0 -702
  91. package/src/patterns.js +0 -611
  92. package/src/quarantine.js +0 -41
  93. package/src/runtime-guard.js +0 -346
  94. package/src/scanner.js +0 -1157
  95. package/src/vt-client.js +0 -202
  96. package/src/watcher.js +0 -170
package/docs/data/benchmark-ledger.json ADDED
@@ -0,0 +1,1428 @@
1
+ {
2
+ "benchmark_version": "2026-03-13.quality-v1",
3
+ "contract_version": "2026-03-13.quality-v1",
4
+ "generatedAt": "2026-03-14T05:45:37.147Z",
5
+ "layers": [
6
+ {
7
+ "layer": "layer_a",
8
+ "corpus_version": "unversioned",
9
+ "counts": {
10
+ "benign": 17,
11
+ "malicious": 15,
12
+ "true_positives": 15,
13
+ "false_negatives": 0,
14
+ "false_positives": 0,
15
+ "true_negatives": 17
16
+ },
17
+ "metrics": {
18
+ "precision": 1,
19
+ "recall": 1,
20
+ "false_positive_rate": 0,
21
+ "false_negative_rate": 0,
22
+ "category_coverage": 1
23
+ },
24
+ "benign_results": [
25
+ {
26
+ "id": "benign-log",
27
+ "title": "benign-log",
28
+ "expected": "benign",
29
+ "detected": false,
30
+ "risk": 0,
31
+ "safe": true,
32
+ "matchedCategories": [],
33
+ "categoryCoverage": 1,
34
+ "detections": []
35
+ },
36
+ {
37
+ "id": "benign-api",
38
+ "title": "benign-api",
39
+ "expected": "benign",
40
+ "detected": false,
41
+ "risk": 0,
42
+ "safe": true,
43
+ "matchedCategories": [],
44
+ "categoryCoverage": 1,
45
+ "detections": []
46
+ },
47
+ {
48
+ "id": "benign-array",
49
+ "title": "benign-array",
50
+ "expected": "benign",
51
+ "detected": false,
52
+ "risk": 0,
53
+ "safe": true,
54
+ "matchedCategories": [],
55
+ "categoryCoverage": 1,
56
+ "detections": []
57
+ },
58
+ {
59
+ "id": "benign-readme",
60
+ "title": "benign-readme",
61
+ "expected": "benign",
62
+ "detected": false,
63
+ "risk": 0,
64
+ "safe": true,
65
+ "matchedCategories": [],
66
+ "categoryCoverage": 1,
67
+ "detections": []
68
+ },
69
+ {
70
+ "id": "benign-json-parse",
71
+ "title": "benign-json-parse",
72
+ "expected": "benign",
73
+ "detected": false,
74
+ "risk": 0,
75
+ "safe": true,
76
+ "matchedCategories": [],
77
+ "categoryCoverage": 1,
78
+ "detections": []
79
+ },
80
+ {
81
+ "id": "benign-safe-fetch",
82
+ "title": "benign-safe-fetch",
83
+ "expected": "benign",
84
+ "detected": false,
85
+ "risk": 0,
86
+ "safe": true,
87
+ "matchedCategories": [],
88
+ "categoryCoverage": 1,
89
+ "detections": []
90
+ },
91
+ {
92
+ "id": "benign-file-read",
93
+ "title": "benign-file-read",
94
+ "expected": "benign",
95
+ "detected": false,
96
+ "risk": 0,
97
+ "safe": true,
98
+ "matchedCategories": [],
99
+ "categoryCoverage": 1,
100
+ "detections": []
101
+ },
102
+ {
103
+ "id": "benign-path-join",
104
+ "title": "benign-path-join",
105
+ "expected": "benign",
106
+ "detected": false,
107
+ "risk": 0,
108
+ "safe": true,
109
+ "matchedCategories": [],
110
+ "categoryCoverage": 1,
111
+ "detections": []
112
+ },
113
+ {
114
+ "id": "benign-git-command",
115
+ "title": "benign-git-command",
116
+ "expected": "benign",
117
+ "detected": false,
118
+ "risk": 0,
119
+ "safe": true,
120
+ "matchedCategories": [],
121
+ "categoryCoverage": 1,
122
+ "detections": []
123
+ },
124
+ {
125
+ "id": "benign-docs-security",
126
+ "title": "benign-docs-security",
127
+ "expected": "benign",
128
+ "detected": false,
129
+ "risk": 0,
130
+ "safe": true,
131
+ "matchedCategories": [],
132
+ "categoryCoverage": 1,
133
+ "detections": []
134
+ },
135
+ {
136
+ "id": "benign-cron-doc",
137
+ "title": "benign-cron-doc",
138
+ "expected": "benign",
139
+ "detected": false,
140
+ "risk": 0,
141
+ "safe": true,
142
+ "matchedCategories": [],
143
+ "categoryCoverage": 1,
144
+ "detections": []
145
+ },
146
+ {
147
+ "id": "benign-env-name",
148
+ "title": "benign-env-name",
149
+ "expected": "benign",
150
+ "detected": false,
151
+ "risk": 0,
152
+ "safe": true,
153
+ "matchedCategories": [],
154
+ "categoryCoverage": 1,
155
+ "detections": []
156
+ },
157
+ {
158
+ "id": "benign-yaml",
159
+ "title": "benign-yaml",
160
+ "expected": "benign",
161
+ "detected": false,
162
+ "risk": 0,
163
+ "safe": true,
164
+ "matchedCategories": [],
165
+ "categoryCoverage": 1,
166
+ "detections": []
167
+ },
168
+ {
169
+ "id": "benign-unit-test",
170
+ "title": "benign-unit-test",
171
+ "expected": "benign",
172
+ "detected": false,
173
+ "risk": 0,
174
+ "safe": true,
175
+ "matchedCategories": [],
176
+ "categoryCoverage": 1,
177
+ "detections": []
178
+ },
179
+ {
180
+ "id": "benign-html",
181
+ "title": "benign-html",
182
+ "expected": "benign",
183
+ "detected": false,
184
+ "risk": 0,
185
+ "safe": true,
186
+ "matchedCategories": [],
187
+ "categoryCoverage": 1,
188
+ "detections": []
189
+ },
190
+ {
191
+ "id": "benign-typescript",
192
+ "title": "benign-typescript",
193
+ "expected": "benign",
194
+ "detected": false,
195
+ "risk": 0,
196
+ "safe": true,
197
+ "matchedCategories": [],
198
+ "categoryCoverage": 1,
199
+ "detections": []
200
+ },
201
+ {
202
+ "id": "benign-safe-api",
203
+ "title": "benign-safe-api",
204
+ "expected": "benign",
205
+ "detected": false,
206
+ "risk": 0,
207
+ "safe": true,
208
+ "matchedCategories": [],
209
+ "categoryCoverage": 1,
210
+ "detections": []
211
+ }
212
+ ],
213
+ "malicious_results": [
214
+ {
215
+ "id": "mal-fetch-exec",
216
+ "title": "mal-fetch-exec",
217
+ "expected": "malicious",
218
+ "detected": true,
219
+ "risk": 66,
220
+ "safe": false,
221
+ "matchedCategories": [
222
+ "malicious-code",
223
+ "trust-boundary",
224
+ "data-flow"
225
+ ],
226
+ "categoryCoverage": 1,
227
+ "detections": [
228
+ {
229
+ "id": "MAL_EXEC",
230
+ "severity": "MEDIUM",
231
+ "category": "malicious-code"
232
+ },
233
+ {
234
+ "id": "TRUST_WEB_EXEC",
235
+ "severity": "HIGH",
236
+ "category": "trust-boundary"
237
+ },
238
+ {
239
+ "id": "AST_FETCH_TO_EXEC",
240
+ "severity": "CRITICAL",
241
+ "category": "data-flow"
242
+ }
243
+ ]
244
+ },
245
+ {
246
+ "id": "mal-curl-bash",
247
+ "title": "mal-curl-bash",
248
+ "expected": "malicious",
249
+ "detected": true,
250
+ "risk": 38,
251
+ "safe": false,
252
+ "matchedCategories": [
253
+ "suspicious-download"
254
+ ],
255
+ "categoryCoverage": 1,
256
+ "detections": [
257
+ {
258
+ "id": "DL_CURL_BASH",
259
+ "severity": "CRITICAL",
260
+ "category": "suspicious-download"
261
+ }
262
+ ]
263
+ },
264
+ {
265
+ "id": "mal-env-curl",
266
+ "title": "mal-env-curl",
267
+ "expected": "malicious",
268
+ "detected": true,
269
+ "risk": 40,
270
+ "safe": false,
271
+ "matchedCategories": [
272
+ "exfiltration"
273
+ ],
274
+ "categoryCoverage": 1,
275
+ "detections": [
276
+ {
277
+ "id": "CHAIN_ENV_TO_CURL",
278
+ "severity": "CRITICAL",
279
+ "category": "exfiltration"
280
+ }
281
+ ]
282
+ },
283
+ {
284
+ "id": "mal-process-env-exfil",
285
+ "title": "mal-process-env-exfil",
286
+ "expected": "malicious",
287
+ "detected": true,
288
+ "risk": 12,
289
+ "safe": true,
290
+ "matchedCategories": [
291
+ "exfiltration"
292
+ ],
293
+ "categoryCoverage": 1,
294
+ "detections": [
295
+ {
296
+ "id": "EXFIL_POST",
297
+ "severity": "HIGH",
298
+ "category": "exfiltration"
299
+ }
300
+ ]
301
+ },
302
+ {
303
+ "id": "mal-websocket-hijack",
304
+ "title": "mal-websocket-hijack",
305
+ "expected": "malicious",
306
+ "detected": true,
307
+ "risk": 70,
308
+ "safe": false,
309
+ "matchedCategories": [
310
+ "malicious-code",
311
+ "cve-patterns",
312
+ "agent-protocol"
313
+ ],
314
+ "categoryCoverage": 1,
315
+ "detections": [
316
+ {
317
+ "id": "MAL_EXEC",
318
+ "severity": "MEDIUM",
319
+ "category": "malicious-code"
320
+ },
321
+ {
322
+ "id": "OPENCLAW_WSS_HIJACK",
323
+ "severity": "CRITICAL",
324
+ "category": "cve-patterns"
325
+ },
326
+ {
327
+ "id": "PROTO_WS_INSECURE_TRANSPORT",
328
+ "severity": "HIGH",
329
+ "category": "agent-protocol"
330
+ }
331
+ ]
332
+ },
333
+ {
334
+ "id": "mal-oauth-callback-inject",
335
+ "title": "mal-oauth-callback-inject",
336
+ "expected": "malicious",
337
+ "detected": true,
338
+ "risk": 41,
339
+ "safe": false,
340
+ "matchedCategories": [
341
+ "malicious-code",
342
+ "mcp-security"
343
+ ],
344
+ "categoryCoverage": 1,
345
+ "detections": [
346
+ {
347
+ "id": "MAL_EXEC",
348
+ "severity": "MEDIUM",
349
+ "category": "malicious-code"
350
+ },
351
+ {
352
+ "id": "MCP_OAUTH_CMD_INJECT",
353
+ "severity": "CRITICAL",
354
+ "category": "mcp-security"
355
+ }
356
+ ]
357
+ },
358
+ {
359
+ "id": "mal-soul-overwrite",
360
+ "title": "mal-soul-overwrite",
361
+ "expected": "malicious",
362
+ "detected": true,
363
+ "risk": 76,
364
+ "safe": false,
365
+ "matchedCategories": [
366
+ "identity-hijack"
367
+ ],
368
+ "categoryCoverage": 1,
369
+ "detections": [
370
+ {
371
+ "id": "SOUL_FS_WRITE",
372
+ "severity": "CRITICAL",
373
+ "category": "identity-hijack"
374
+ }
375
+ ]
376
+ },
377
+ {
378
+ "id": "mal-memory-poison",
379
+ "title": "mal-memory-poison",
380
+ "expected": "malicious",
381
+ "detected": true,
382
+ "risk": 57,
383
+ "safe": false,
384
+ "matchedCategories": [
385
+ "memory-poisoning"
386
+ ],
387
+ "categoryCoverage": 1,
388
+ "detections": [
389
+ {
390
+ "id": "ASI06_MEMORY_POISONING",
391
+ "severity": "CRITICAL",
392
+ "category": "memory-poisoning"
393
+ }
394
+ ]
395
+ },
396
+ {
397
+ "id": "mal-shadow-ai-pii",
398
+ "title": "mal-shadow-ai-pii",
399
+ "expected": "malicious",
400
+ "detected": true,
401
+ "risk": 100,
402
+ "safe": false,
403
+ "matchedCategories": [
404
+ "pii-exposure"
405
+ ],
406
+ "categoryCoverage": 1,
407
+ "detections": [
408
+ {
409
+ "id": "PII_HARDCODED_SSN",
410
+ "severity": "CRITICAL",
411
+ "category": "pii-exposure"
412
+ },
413
+ {
414
+ "id": "PII_SEND_NETWORK",
415
+ "severity": "CRITICAL",
416
+ "category": "pii-exposure"
417
+ },
418
+ {
419
+ "id": "SHADOW_AI_OPENAI",
420
+ "severity": "HIGH",
421
+ "category": "pii-exposure"
422
+ },
423
+ {
424
+ "id": "SHADOW_AI_GENERIC",
425
+ "severity": "MEDIUM",
426
+ "category": "pii-exposure"
427
+ }
428
+ ]
429
+ },
430
+ {
431
+ "id": "mal-typosquat-install",
432
+ "title": "mal-typosquat-install",
433
+ "expected": "malicious",
434
+ "detected": true,
435
+ "risk": 12,
436
+ "safe": true,
437
+ "matchedCategories": [
438
+ "suspicious-download"
439
+ ],
440
+ "categoryCoverage": 1,
441
+ "detections": [
442
+ {
443
+ "id": "SLOPSQUATTING_INSTALL",
444
+ "severity": "HIGH",
445
+ "category": "suspicious-download"
446
+ }
447
+ ]
448
+ },
449
+ {
450
+ "id": "mal-browser-prompt-chain",
451
+ "title": "mal-browser-prompt-chain",
452
+ "expected": "malicious",
453
+ "detected": true,
454
+ "risk": 100,
455
+ "safe": false,
456
+ "matchedCategories": [
457
+ "trust-boundary",
458
+ "exfiltration"
459
+ ],
460
+ "categoryCoverage": 1,
461
+ "detections": [
462
+ {
463
+ "id": "TRUST_CALENDAR_EXEC",
464
+ "severity": "CRITICAL",
465
+ "category": "trust-boundary"
466
+ },
467
+ {
468
+ "id": "TRUST_CALENDAR_AI",
469
+ "severity": "CRITICAL",
470
+ "category": "trust-boundary"
471
+ },
472
+ {
473
+ "id": "TRUST_AGENTIC_BROWSER_PI",
474
+ "severity": "CRITICAL",
475
+ "category": "trust-boundary"
476
+ },
477
+ {
478
+ "id": "AGENTIC_BROWSER_EXFIL_CHAIN",
479
+ "severity": "CRITICAL",
480
+ "category": "trust-boundary"
481
+ },
482
+ {
483
+ "id": "FETCH_EXFIL_CHAIN",
484
+ "severity": "CRITICAL",
485
+ "category": "exfiltration"
486
+ }
487
+ ]
488
+ },
489
+ {
490
+ "id": "mal-prompt-injection-doc",
491
+ "title": "mal-prompt-injection-doc",
492
+ "expected": "malicious",
493
+ "detected": true,
494
+ "risk": 38,
495
+ "safe": false,
496
+ "matchedCategories": [
497
+ "mcp-security"
498
+ ],
499
+ "categoryCoverage": 1,
500
+ "detections": [
501
+ {
502
+ "id": "MCP_TOOL_POISON",
503
+ "severity": "CRITICAL",
504
+ "category": "mcp-security"
505
+ }
506
+ ]
507
+ },
508
+ {
509
+ "id": "mal-path-inject",
510
+ "title": "mal-path-inject",
511
+ "expected": "malicious",
512
+ "detected": true,
513
+ "risk": 70,
514
+ "safe": false,
515
+ "matchedCategories": [
516
+ "malicious-code",
517
+ "cve-patterns"
518
+ ],
519
+ "categoryCoverage": 1,
520
+ "detections": [
521
+ {
522
+ "id": "MAL_EXEC",
523
+ "severity": "MEDIUM",
524
+ "category": "malicious-code"
525
+ },
526
+ {
527
+ "id": "OPENCLAW_DOCKER_PATH_INJECT",
528
+ "severity": "CRITICAL",
529
+ "category": "cve-patterns"
530
+ }
531
+ ]
532
+ },
533
+ {
534
+ "id": "mal-reverse-shell",
535
+ "title": "mal-reverse-shell",
536
+ "expected": "malicious",
537
+ "detected": true,
538
+ "risk": 70,
539
+ "safe": false,
540
+ "matchedCategories": [
541
+ "malicious-code",
542
+ "cve-patterns",
543
+ "unverifiable-deps"
544
+ ],
545
+ "categoryCoverage": 1,
546
+ "detections": [
547
+ {
548
+ "id": "MAL_CHILD",
549
+ "severity": "MEDIUM",
550
+ "category": "malicious-code"
551
+ },
552
+ {
553
+ "id": "MAL_EXEC",
554
+ "severity": "MEDIUM",
555
+ "category": "malicious-code"
556
+ },
557
+ {
558
+ "id": "HAVOC_DEVTCP",
559
+ "severity": "CRITICAL",
560
+ "category": "cve-patterns"
561
+ },
562
+ {
563
+ "id": "DEPS_PHANTOM_IMPORT",
564
+ "severity": "LOW",
565
+ "category": "unverifiable-deps"
566
+ }
567
+ ]
568
+ },
569
+ {
570
+ "id": "mal-secret-webhook",
571
+ "title": "mal-secret-webhook",
572
+ "expected": "malicious",
573
+ "detected": true,
574
+ "risk": 100,
575
+ "safe": false,
576
+ "matchedCategories": [
577
+ "exfiltration"
578
+ ],
579
+ "categoryCoverage": 1,
580
+ "detections": [
581
+ {
582
+ "id": "IOC_DOMAIN",
583
+ "severity": "HIGH",
584
+ "category": "exfiltration"
585
+ },
586
+ {
587
+ "id": "EXFIL_WEBHOOK",
588
+ "severity": "CRITICAL",
589
+ "category": "exfiltration"
590
+ },
591
+ {
592
+ "id": "EXFIL_POST",
593
+ "severity": "HIGH",
594
+ "category": "exfiltration"
595
+ },
596
+ {
597
+ "id": "FETCH_EXFIL_CHAIN",
598
+ "severity": "CRITICAL",
599
+ "category": "exfiltration"
600
+ }
601
+ ]
602
+ }
603
+ ]
604
+ },
605
+ {
606
+ "layer": "layer_b",
607
+ "corpus_version": "layer-b-2026-03-13",
608
+ "counts": {
609
+ "benign": 12,
610
+ "malicious": 12,
611
+ "true_positives": 11,
612
+ "false_negatives": 1,
613
+ "false_positives": 1,
614
+ "true_negatives": 11
615
+ },
616
+ "metrics": {
617
+ "precision": 0.9167,
618
+ "recall": 0.9167,
619
+ "false_positive_rate": 0.0833,
620
+ "false_negative_rate": 0.0833,
621
+ "category_coverage": 0.7917
622
+ },
623
+ "benign_results": [
624
+ {
625
+ "id": "adv-benign-01",
626
+ "title": "security-doc-prompt",
627
+ "expected": "benign",
628
+ "detected": false,
629
+ "risk": 0,
630
+ "safe": true,
631
+ "matchedCategories": [],
632
+ "categoryCoverage": 1,
633
+ "detections": []
634
+ },
635
+ {
636
+ "id": "adv-benign-02",
637
+ "title": "unicode-doc",
638
+ "expected": "benign",
639
+ "detected": false,
640
+ "risk": 0,
641
+ "safe": true,
642
+ "matchedCategories": [],
643
+ "categoryCoverage": 1,
644
+ "detections": []
645
+ },
646
+ {
647
+ "id": "adv-benign-03",
648
+ "title": "network-doc",
649
+ "expected": "benign",
650
+ "detected": false,
651
+ "risk": 0,
652
+ "safe": true,
653
+ "matchedCategories": [],
654
+ "categoryCoverage": 1,
655
+ "detections": []
656
+ },
657
+ {
658
+ "id": "adv-benign-04",
659
+ "title": "memory-policy-doc",
660
+ "expected": "benign",
661
+ "detected": false,
662
+ "risk": 0,
663
+ "safe": true,
664
+ "matchedCategories": [],
665
+ "categoryCoverage": 1,
666
+ "detections": []
667
+ },
668
+ {
669
+ "id": "adv-benign-05",
670
+ "title": "supply-chain-note",
671
+ "expected": "benign",
672
+ "detected": false,
673
+ "risk": 0,
674
+ "safe": true,
675
+ "matchedCategories": [],
676
+ "categoryCoverage": 1,
677
+ "detections": []
678
+ },
679
+ {
680
+ "id": "adv-benign-06",
681
+ "title": "secret-placeholder",
682
+ "expected": "benign",
683
+ "detected": true,
684
+ "risk": 3,
685
+ "safe": true,
686
+ "matchedCategories": [
687
+ "credential-handling"
688
+ ],
689
+ "categoryCoverage": 1,
690
+ "detections": [
691
+ {
692
+ "id": "CRED_ENV_REF",
693
+ "severity": "MEDIUM",
694
+ "category": "credential-handling"
695
+ }
696
+ ]
697
+ },
698
+ {
699
+ "id": "adv-benign-07",
700
+ "title": "cloud-doc",
701
+ "expected": "benign",
702
+ "detected": false,
703
+ "risk": 0,
704
+ "safe": true,
705
+ "matchedCategories": [],
706
+ "categoryCoverage": 1,
707
+ "detections": []
708
+ },
709
+ {
710
+ "id": "adv-benign-08",
711
+ "title": "trust-model-doc",
712
+ "expected": "benign",
713
+ "detected": false,
714
+ "risk": 0,
715
+ "safe": true,
716
+ "matchedCategories": [],
717
+ "categoryCoverage": 1,
718
+ "detections": []
719
+ },
720
+ {
721
+ "id": "adv-benign-09",
722
+ "title": "shell-education",
723
+ "expected": "benign",
724
+ "detected": false,
725
+ "risk": 0,
726
+ "safe": true,
727
+ "matchedCategories": [],
728
+ "categoryCoverage": 1,
729
+ "detections": []
730
+ },
731
+ {
732
+ "id": "adv-benign-10",
733
+ "title": "registry-note",
734
+ "expected": "benign",
735
+ "detected": false,
736
+ "risk": 0,
737
+ "safe": true,
738
+ "matchedCategories": [],
739
+ "categoryCoverage": 1,
740
+ "detections": []
741
+ },
742
+ {
743
+ "id": "adv-benign-11",
744
+ "title": "config-doc",
745
+ "expected": "benign",
746
+ "detected": false,
747
+ "risk": 0,
748
+ "safe": true,
749
+ "matchedCategories": [],
750
+ "categoryCoverage": 1,
751
+ "detections": []
752
+ },
753
+ {
754
+ "id": "adv-benign-12",
755
+ "title": "memory-article",
756
+ "expected": "benign",
757
+ "detected": false,
758
+ "risk": 0,
759
+ "safe": true,
760
+ "matchedCategories": [],
761
+ "categoryCoverage": 1,
762
+ "detections": []
763
+ }
764
+ ],
765
+ "malicious_results": [
766
+ {
767
+ "id": "adv-mal-01",
768
+ "title": "prompt-basic",
769
+ "expected": "malicious",
770
+ "detected": false,
771
+ "risk": 0,
772
+ "safe": true,
773
+ "matchedCategories": [],
774
+ "categoryCoverage": 0,
775
+ "detections": []
776
+ },
777
+ {
778
+ "id": "adv-mal-02",
779
+ "title": "curl-bash",
780
+ "expected": "malicious",
781
+ "detected": true,
782
+ "risk": 38,
783
+ "safe": false,
784
+ "matchedCategories": [
785
+ "suspicious-download"
786
+ ],
787
+ "categoryCoverage": 1,
788
+ "detections": [
789
+ {
790
+ "id": "DL_CURL_BASH",
791
+ "severity": "CRITICAL",
792
+ "category": "suspicious-download"
793
+ }
794
+ ]
795
+ },
796
+ {
797
+ "id": "adv-mal-03",
798
+ "title": "env-exfil",
799
+ "expected": "malicious",
800
+ "detected": true,
801
+ "risk": 40,
802
+ "safe": false,
803
+ "matchedCategories": [
804
+ "exfiltration"
805
+ ],
806
+ "categoryCoverage": 1,
807
+ "detections": [
808
+ {
809
+ "id": "CHAIN_ENV_TO_CURL",
810
+ "severity": "CRITICAL",
811
+ "category": "exfiltration"
812
+ }
813
+ ]
814
+ },
815
+ {
816
+ "id": "adv-mal-04",
817
+ "title": "fetch-exec",
818
+ "expected": "malicious",
819
+ "detected": true,
820
+ "risk": 62,
821
+ "safe": false,
822
+ "matchedCategories": [
823
+ "trust-boundary",
824
+ "data-flow"
825
+ ],
826
+ "categoryCoverage": 1,
827
+ "detections": [
828
+ {
829
+ "id": "TRUST_WEB_EXEC",
830
+ "severity": "HIGH",
831
+ "category": "trust-boundary"
832
+ },
833
+ {
834
+ "id": "AST_FETCH_TO_EXEC",
835
+ "severity": "CRITICAL",
836
+ "category": "data-flow"
837
+ }
838
+ ]
839
+ },
840
+ {
841
+ "id": "adv-mal-05",
842
+ "title": "cloud-meta",
843
+ "expected": "malicious",
844
+ "detected": true,
845
+ "risk": 76,
846
+ "safe": false,
847
+ "matchedCategories": [
848
+ "mcp-security",
849
+ "credential-handling"
850
+ ],
851
+ "categoryCoverage": 1,
852
+ "detections": [
853
+ {
854
+ "id": "MCP_SSRF_META",
855
+ "severity": "CRITICAL",
856
+ "category": "mcp-security"
857
+ },
858
+ {
859
+ "id": "CRED_CLOUD_METADATA",
860
+ "severity": "CRITICAL",
861
+ "category": "credential-handling"
862
+ }
863
+ ]
864
+ },
865
+ {
866
+ "id": "adv-mal-06",
867
+ "title": "webhook-exfil",
868
+ "expected": "malicious",
869
+ "detected": true,
870
+ "risk": 100,
871
+ "safe": false,
872
+ "matchedCategories": [
873
+ "exfiltration",
874
+ "credential-handling"
875
+ ],
876
+ "categoryCoverage": 1,
877
+ "detections": [
878
+ {
879
+ "id": "IOC_DOMAIN",
880
+ "severity": "HIGH",
881
+ "category": "exfiltration"
882
+ },
883
+ {
884
+ "id": "CRED_ENV_REF",
885
+ "severity": "MEDIUM",
886
+ "category": "credential-handling"
887
+ },
888
+ {
889
+ "id": "EXFIL_WEBHOOK",
890
+ "severity": "CRITICAL",
891
+ "category": "exfiltration"
892
+ },
893
+ {
894
+ "id": "EXFIL_POST",
895
+ "severity": "HIGH",
896
+ "category": "exfiltration"
897
+ },
898
+ {
899
+ "id": "FETCH_EXFIL_CHAIN",
900
+ "severity": "CRITICAL",
901
+ "category": "exfiltration"
902
+ }
903
+ ]
904
+ },
905
+ {
906
+ "id": "adv-mal-07",
907
+ "title": "b64-shell",
908
+ "expected": "malicious",
909
+ "detected": true,
910
+ "risk": 38,
911
+ "safe": false,
912
+ "matchedCategories": [
913
+ "obfuscation"
914
+ ],
915
+ "categoryCoverage": 0.5,
916
+ "detections": [
917
+ {
918
+ "id": "OBF_BASE64_BASH",
919
+ "severity": "CRITICAL",
920
+ "category": "obfuscation"
921
+ }
922
+ ]
923
+ },
924
+ {
925
+ "id": "adv-mal-08",
926
+ "title": "runtime-trust",
927
+ "expected": "malicious",
928
+ "detected": true,
929
+ "risk": 12,
930
+ "safe": true,
931
+ "matchedCategories": [
932
+ "trust-exploitation"
933
+ ],
934
+ "categoryCoverage": 0,
935
+ "detections": [
936
+ {
937
+ "id": "COG_TRUST_BIAS_V16",
938
+ "severity": "HIGH",
939
+ "category": "trust-exploitation"
940
+ }
941
+ ]
942
+ },
943
+ {
944
+ "id": "adv-mal-09",
945
+ "title": "config-tamper",
946
+ "expected": "malicious",
947
+ "detected": true,
948
+ "risk": 100,
949
+ "safe": false,
950
+ "matchedCategories": [
951
+ "cve-patterns",
952
+ "config-impact"
953
+ ],
954
+ "categoryCoverage": 1,
955
+ "detections": [
956
+ {
957
+ "id": "CVE_SANDBOX_DISABLE",
958
+ "severity": "CRITICAL",
959
+ "category": "cve-patterns"
960
+ },
961
+ {
962
+ "id": "CVE_API_GUARDRAIL_OFF",
963
+ "severity": "CRITICAL",
964
+ "category": "cve-patterns"
965
+ },
966
+ {
967
+ "id": "CFG_EXEC_HOST_GW",
968
+ "severity": "CRITICAL",
969
+ "category": "config-impact"
970
+ }
971
+ ]
972
+ },
973
+ {
974
+ "id": "adv-mal-10",
975
+ "title": "supply-chain-remote",
976
+ "expected": "malicious",
977
+ "detected": true,
978
+ "risk": 88,
979
+ "safe": false,
980
+ "matchedCategories": [
981
+ "suspicious-download",
982
+ "supply-chain-v2"
983
+ ],
984
+ "categoryCoverage": 1,
985
+ "detections": [
986
+ {
987
+ "id": "DL_CURL_BASH",
988
+ "severity": "CRITICAL",
989
+ "category": "suspicious-download"
990
+ },
991
+ {
992
+ "id": "SUPPLY_STAR_VERSION",
993
+ "severity": "HIGH",
994
+ "category": "supply-chain-v2"
995
+ },
996
+ {
997
+ "id": "SUPPLY_POSTINSTALL_RCE",
998
+ "severity": "CRITICAL",
999
+ "category": "supply-chain-v2"
1000
+ }
1001
+ ]
1002
+ },
1003
+ {
1004
+ "id": "adv-mal-11",
1005
+ "title": "webhook-hardcoded",
1006
+ "expected": "malicious",
1007
+ "detected": true,
1008
+ "risk": 100,
1009
+ "safe": false,
1010
+ "matchedCategories": [
1011
+ "exfiltration"
1012
+ ],
1013
+ "categoryCoverage": 1,
1014
+ "detections": [
1015
+ {
1016
+ "id": "IOC_DOMAIN",
1017
+ "severity": "HIGH",
1018
+ "category": "exfiltration"
1019
+ },
1020
+ {
1021
+ "id": "EXFIL_WEBHOOK",
1022
+ "severity": "CRITICAL",
1023
+ "category": "exfiltration"
1024
+ },
1025
+ {
1026
+ "id": "EXFIL_POST",
1027
+ "severity": "HIGH",
1028
+ "category": "exfiltration"
1029
+ },
1030
+ {
1031
+ "id": "FETCH_EXFIL_CHAIN",
1032
+ "severity": "CRITICAL",
1033
+ "category": "exfiltration"
1034
+ }
1035
+ ]
1036
+ },
1037
+ {
1038
+ "id": "adv-mal-12",
1039
+ "title": "destructive-exec",
1040
+ "expected": "malicious",
1041
+ "detected": true,
1042
+ "risk": 46,
1043
+ "safe": false,
1044
+ "matchedCategories": [
1045
+ "malicious-code",
1046
+ "suspicious-download",
1047
+ "unverifiable-deps"
1048
+ ],
1049
+ "categoryCoverage": 1,
1050
+ "detections": [
1051
+ {
1052
+ "id": "MAL_CHILD",
1053
+ "severity": "MEDIUM",
1054
+ "category": "malicious-code"
1055
+ },
1056
+ {
1057
+ "id": "MAL_EXEC",
1058
+ "severity": "MEDIUM",
1059
+ "category": "malicious-code"
1060
+ },
1061
+ {
1062
+ "id": "DL_CURL_BASH",
1063
+ "severity": "CRITICAL",
1064
+ "category": "suspicious-download"
1065
+ },
1066
+ {
1067
+ "id": "DEPS_PHANTOM_IMPORT",
1068
+ "severity": "LOW",
1069
+ "category": "unverifiable-deps"
1070
+ }
1071
+ ]
1072
+ }
1073
+ ]
1074
+ },
1075
+ {
1076
+ "layer": "layer_c",
1077
+ "corpus_version": "layer-c-2026-03-13",
1078
+ "counts": {
1079
+ "benign": 8,
1080
+ "malicious": 8,
1081
+ "true_positives": 8,
1082
+ "false_negatives": 0,
1083
+ "false_positives": 0,
1084
+ "true_negatives": 8
1085
+ },
1086
+ "metrics": {
1087
+ "precision": 1,
1088
+ "recall": 1,
1089
+ "false_positive_rate": 0,
1090
+ "false_negative_rate": 0,
1091
+ "category_coverage": 0.7291
1092
+ },
1093
+ "benign_results": [
1094
+ {
1095
+ "id": "eco-benign-01",
1096
+ "title": "openclaw-setup-doc",
1097
+ "expected": "benign",
1098
+ "detected": false,
1099
+ "risk": 0,
1100
+ "safe": true,
1101
+ "matchedCategories": [],
1102
+ "categoryCoverage": 1,
1103
+ "detections": []
1104
+ },
1105
+ {
1106
+ "id": "eco-benign-02",
1107
+ "title": "mcp-readme",
1108
+ "expected": "benign",
1109
+ "detected": false,
1110
+ "risk": 0,
1111
+ "safe": true,
1112
+ "matchedCategories": [],
1113
+ "categoryCoverage": 1,
1114
+ "detections": []
1115
+ },
1116
+ {
1117
+ "id": "eco-benign-03",
1118
+ "title": "copilot-mcp-note",
1119
+ "expected": "benign",
1120
+ "detected": false,
1121
+ "risk": 0,
1122
+ "safe": true,
1123
+ "matchedCategories": [],
1124
+ "categoryCoverage": 1,
1125
+ "detections": []
1126
+ },
1127
+ {
1128
+ "id": "eco-benign-04",
1129
+ "title": "security-policy",
1130
+ "expected": "benign",
1131
+ "detected": false,
1132
+ "risk": 0,
1133
+ "safe": true,
1134
+ "matchedCategories": [],
1135
+ "categoryCoverage": 1,
1136
+ "detections": []
1137
+ },
1138
+ {
1139
+ "id": "eco-benign-05",
1140
+ "title": "sbom-note",
1141
+ "expected": "benign",
1142
+ "detected": false,
1143
+ "risk": 0,
1144
+ "safe": true,
1145
+ "matchedCategories": [],
1146
+ "categoryCoverage": 1,
1147
+ "detections": []
1148
+ },
1149
+ {
1150
+ "id": "eco-benign-06",
1151
+ "title": "sandbox-spec",
1152
+ "expected": "benign",
1153
+ "detected": false,
1154
+ "risk": 0,
1155
+ "safe": true,
1156
+ "matchedCategories": [],
1157
+ "categoryCoverage": 1,
1158
+ "detections": []
1159
+ },
1160
+ {
1161
+ "id": "eco-benign-07",
1162
+ "title": "quality-contract",
1163
+ "expected": "benign",
1164
+ "detected": false,
1165
+ "risk": 0,
1166
+ "safe": true,
1167
+ "matchedCategories": [],
1168
+ "categoryCoverage": 1,
1169
+ "detections": []
1170
+ },
1171
+ {
1172
+ "id": "eco-benign-08",
1173
+ "title": "cve-summary",
1174
+ "expected": "benign",
1175
+ "detected": false,
1176
+ "risk": 0,
1177
+ "safe": true,
1178
+ "matchedCategories": [],
1179
+ "categoryCoverage": 1,
1180
+ "detections": []
1181
+ }
1182
+ ],
1183
+ "malicious_results": [
1184
+ {
1185
+ "id": "eco-mal-01",
1186
+ "title": "mcp-shadow",
1187
+ "expected": "malicious",
1188
+ "detected": true,
1189
+ "risk": 12,
1190
+ "safe": true,
1191
+ "matchedCategories": [
1192
+ "trust-boundary"
1193
+ ],
1194
+ "categoryCoverage": 0.5,
1195
+ "detections": [
1196
+ {
1197
+ "id": "TRUST_WEB_EXEC",
1198
+ "severity": "HIGH",
1199
+ "category": "trust-boundary"
1200
+ }
1201
+ ]
1202
+ },
1203
+ {
1204
+ "id": "eco-mal-02",
1205
+ "title": "a2a-replay",
1206
+ "expected": "malicious",
1207
+ "detected": true,
1208
+ "risk": 50,
1209
+ "safe": false,
1210
+ "matchedCategories": [
1211
+ "exfiltration"
1212
+ ],
1213
+ "categoryCoverage": 1,
1214
+ "detections": [
1215
+ {
1216
+ "id": "IOC_DOMAIN",
1217
+ "severity": "HIGH",
1218
+ "category": "exfiltration"
1219
+ },
1220
+ {
1221
+ "id": "EXFIL_WEBHOOK",
1222
+ "severity": "CRITICAL",
1223
+ "category": "exfiltration"
1224
+ }
1225
+ ]
1226
+ },
1227
+ {
1228
+ "id": "eco-mal-03",
1229
+ "title": "runtime-hijack",
1230
+ "expected": "malicious",
1231
+ "detected": true,
1232
+ "risk": 70,
1233
+ "safe": false,
1234
+ "matchedCategories": [
1235
+ "cve-patterns",
1236
+ "agent-protocol"
1237
+ ],
1238
+ "categoryCoverage": 1,
1239
+ "detections": [
1240
+ {
1241
+ "id": "CVE_GATEWAY_URL",
1242
+ "severity": "CRITICAL",
1243
+ "category": "cve-patterns"
1244
+ },
1245
+ {
1246
+ "id": "PROTO_WS_INSECURE_TRANSPORT",
1247
+ "severity": "HIGH",
1248
+ "category": "agent-protocol"
1249
+ }
1250
+ ]
1251
+ },
1252
+ {
1253
+ "id": "eco-mal-04",
1254
+ "title": "copilot-tool-abuse",
1255
+ "expected": "malicious",
1256
+ "detected": true,
1257
+ "risk": 50,
1258
+ "safe": false,
1259
+ "matchedCategories": [
1260
+ "exfiltration"
1261
+ ],
1262
+ "categoryCoverage": 1,
1263
+ "detections": [
1264
+ {
1265
+ "id": "IOC_DOMAIN",
1266
+ "severity": "HIGH",
1267
+ "category": "exfiltration"
1268
+ },
1269
+ {
1270
+ "id": "EXFIL_WEBHOOK",
1271
+ "severity": "CRITICAL",
1272
+ "category": "exfiltration"
1273
+ }
1274
+ ]
1275
+ },
1276
+ {
1277
+ "id": "eco-mal-05",
1278
+ "title": "skill-poison",
1279
+ "expected": "malicious",
1280
+ "detected": true,
1281
+ "risk": 38,
1282
+ "safe": false,
1283
+ "matchedCategories": [
1284
+ "suspicious-download"
1285
+ ],
1286
+ "categoryCoverage": 0.333,
1287
+ "detections": [
1288
+ {
1289
+ "id": "DL_CURL_BASH",
1290
+ "severity": "CRITICAL",
1291
+ "category": "suspicious-download"
1292
+ }
1293
+ ]
1294
+ },
1295
+ {
1296
+ "id": "eco-mal-06",
1297
+ "title": "memory-retrieval-poison",
1298
+ "expected": "malicious",
1299
+ "detected": true,
1300
+ "risk": 100,
1301
+ "safe": false,
1302
+ "matchedCategories": [
1303
+ "exfiltration",
1304
+ "credential-handling"
1305
+ ],
1306
+ "categoryCoverage": 1,
1307
+ "detections": [
1308
+ {
1309
+ "id": "IOC_DOMAIN",
1310
+ "severity": "HIGH",
1311
+ "category": "exfiltration"
1312
+ },
1313
+ {
1314
+ "id": "CRED_ENV_REF",
1315
+ "severity": "MEDIUM",
1316
+ "category": "credential-handling"
1317
+ },
1318
+ {
1319
+ "id": "EXFIL_WEBHOOK",
1320
+ "severity": "CRITICAL",
1321
+ "category": "exfiltration"
1322
+ },
1323
+ {
1324
+ "id": "EXFIL_POST",
1325
+ "severity": "HIGH",
1326
+ "category": "exfiltration"
1327
+ },
1328
+ {
1329
+ "id": "FETCH_EXFIL_CHAIN",
1330
+ "severity": "CRITICAL",
1331
+ "category": "exfiltration"
1332
+ },
1333
+ {
1334
+ "id": "PROTO_CRED_FLOW_TRACE_V16",
1335
+ "severity": "CRITICAL",
1336
+ "category": "credential-handling"
1337
+ }
1338
+ ]
1339
+ },
1340
+ {
1341
+ "id": "eco-mal-07",
1342
+ "title": "secret-network",
1343
+ "expected": "malicious",
1344
+ "detected": true,
1345
+ "risk": 100,
1346
+ "safe": false,
1347
+ "matchedCategories": [
1348
+ "exfiltration",
1349
+ "credential-handling"
1350
+ ],
1351
+ "categoryCoverage": 1,
1352
+ "detections": [
1353
+ {
1354
+ "id": "IOC_DOMAIN",
1355
+ "severity": "HIGH",
1356
+ "category": "exfiltration"
1357
+ },
1358
+ {
1359
+ "id": "EXFIL_WEBHOOK",
1360
+ "severity": "CRITICAL",
1361
+ "category": "exfiltration"
1362
+ },
1363
+ {
1364
+ "id": "PROTO_CRED_FLOW_TRACE_V16",
1365
+ "severity": "CRITICAL",
1366
+ "category": "credential-handling"
1367
+ }
1368
+ ]
1369
+ },
1370
+ {
1371
+ "id": "eco-mal-08",
1372
+ "title": "policy-bypass",
1373
+ "expected": "malicious",
1374
+ "detected": true,
1375
+ "risk": 12,
1376
+ "safe": true,
1377
+ "matchedCategories": [
1378
+ "trust-exploitation"
1379
+ ],
1380
+ "categoryCoverage": 0,
1381
+ "detections": [
1382
+ {
1383
+ "id": "COG_TRUST_BIAS_V16",
1384
+ "severity": "HIGH",
1385
+ "category": "trust-exploitation"
1386
+ }
1387
+ ]
1388
+ }
1389
+ ]
1390
+ }
1391
+ ],
1392
+ "aggregate": {
1393
+ "counts": {
1394
+ "benign": 37,
1395
+ "malicious": 35,
1396
+ "true_positives": 34,
1397
+ "false_negatives": 1,
1398
+ "false_positives": 1,
1399
+ "true_negatives": 36
1400
+ },
1401
+ "metrics": {
1402
+ "precision": 0.9714,
1403
+ "recall": 0.9714,
1404
+ "false_positive_rate": 0.027,
1405
+ "false_negative_rate": 0.0286
1406
+ }
1407
+ },
1408
+ "explainability": {
1409
+ "complete": 358,
1410
+ "total": 358,
1411
+ "rate": 1
1412
+ },
1413
+ "quality_targets": {
1414
+ "precision_min": 0.9,
1415
+ "recall_min": 0.9,
1416
+ "false_positive_rate_max": 0.1,
1417
+ "false_negative_rate_max": 0.1,
1418
+ "explainability_completeness_rate_min": 1,
1419
+ "runtime_check_latency_budget_ms": 5,
1420
+ "false_positive_budget_by_category": {
1421
+ "prompt-injection": 0.05,
1422
+ "runtime-policy": 0.02,
1423
+ "secret-detection": 0.08,
1424
+ "supply-chain": 0.05,
1425
+ "memory-poisoning": 0.03
1426
+ }
1427
+ }
1428
+ }