@guava-parity/guard-scanner 16.0.2 → 17.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/README.md +6 -2
  2. package/README_ja.md +5 -1
  3. package/dist/cli.cjs +97 -16
  4. package/dist/cli.mjs +97 -16
  5. package/dist/index.cjs +97 -16
  6. package/dist/index.mjs +97 -16
  7. package/dist/mcp-server.cjs +97 -16
  8. package/dist/mcp-server.mjs +97 -16
  9. package/dist/openclaw-plugin.cjs +97 -16
  10. package/dist/openclaw-plugin.mjs +97 -16
  11. package/docs/data/benchmark-ledger.json +1 -1
  12. package/docs/data/fp-ledger.json +1 -1
  13. package/docs/spec/capabilities.json +74 -12
  14. package/openclaw.plugin.json +1 -1
  15. package/package.json +3 -2
package/dist/index.mjs CHANGED
@@ -942,7 +942,7 @@ var CATEGORY_LAYER = {
942
942
  };
943
943
  var CATEGORY_OWASP_ASI = {
944
944
  "prompt-injection": ["ASI01"],
945
- "malicious-code": ["ASI02"],
945
+ "malicious-code": ["ASI02", "ASI05"],
946
946
  "suspicious-download": ["ASI02", "ASI04"],
947
947
  "credential-handling": ["ASI02", "ASI07"],
948
948
  "secret-detection": ["ASI02", "ASI07"],
@@ -960,7 +960,25 @@ var CATEGORY_OWASP_ASI = {
960
960
  "config-impact": ["ASI10"],
961
961
  "trust-boundary": ["ASI01", "ASI07"],
962
962
  "runtime-policy": ["ASI07"],
963
- "pii-exposure": ["ASI02", "ASI06"]
963
+ "pii-exposure": ["ASI02", "ASI06"],
964
+ // ── v17: OWASP Agentic Top 10 2026 完全カバレッジ ──
965
+ "autonomous-risk": ["ASI03", "ASI08", "ASI10"],
966
+ "sandbox-escape": ["ASI05"],
967
+ "supply-chain-v2": ["ASI04"],
968
+ "model-poisoning": ["ASI06"],
969
+ "inference-manipulation": ["ASI01", "ASI09"],
970
+ "api-abuse": ["ASI02", "ASI03"],
971
+ "safeguard-bypass": ["ASI01", "ASI09"],
972
+ "prompt-worm": ["ASI07", "ASI08"],
973
+ "leaky-skills": ["ASI02", "ASI06"],
974
+ "obfuscation": ["ASI01"],
975
+ "advanced-exfil": ["ASI02", "ASI06"],
976
+ "vdb-injection": ["ASI06"],
977
+ "data-exposure": ["ASI02", "ASI06"],
978
+ "canvas-injection": ["ASI05"],
979
+ "context-crush": ["ASI08"],
980
+ "solana-identity-bypass": ["ASI03", "ASI10"],
981
+ "cve-patterns": ["ASI04", "ASI05"]
964
982
  };
965
983
  function unique(values) {
966
984
  return [...new Set((values || []).filter(Boolean))];
@@ -1747,13 +1765,13 @@ function analyzeMetaGuard(input = {}) {
1747
1765
  // package.json
1748
1766
  var package_default = {
1749
1767
  name: "@guava-parity/guard-scanner",
1750
- version: "16.0.2",
1768
+ version: "17.0.0",
1751
1769
  type: "module",
1752
1770
  publishConfig: {
1753
1771
  access: "public",
1754
1772
  registry: "https://registry.npmjs.org/"
1755
1773
  },
1756
- description: "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v16)",
1774
+ description: "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v17 \u2014 OWASP Agentic Top 10 2026 Full Coverage)",
1757
1775
  openclaw: {
1758
1776
  extensions: [
1759
1777
  "./dist/openclaw-plugin.mjs"
@@ -1828,6 +1846,7 @@ var package_default = {
1828
1846
  "compaction-persistence",
1829
1847
  "threat-signatures",
1830
1848
  "owasp",
1849
+ "owasp-agentic-top-10",
1831
1850
  "discovery",
1832
1851
  "daemon",
1833
1852
  "typescript"
@@ -4254,8 +4273,8 @@ import os2 from "os";
4254
4273
 
4255
4274
  // docs/spec/capabilities.json
4256
4275
  var capabilities_default = {
4257
- package_version: "16.0.2",
4258
- plugin_version: "16.0.2",
4276
+ package_version: "17.0.0",
4277
+ plugin_version: "17.0.0",
4259
4278
  static_pattern_count: 364,
4260
4279
  threat_category_count: 35,
4261
4280
  runtime_check_count: 27,
@@ -4368,53 +4387,115 @@ var capabilities_default = {
4368
4387
  owasp_asi_coverage: [
4369
4388
  {
4370
4389
  id: "ASI01",
4371
- count: 11,
4390
+ count: 46,
4372
4391
  categories: [
4373
- "prompt-injection"
4392
+ "inference-manipulation",
4393
+ "obfuscation",
4394
+ "prompt-injection",
4395
+ "safeguard-bypass",
4396
+ "trust-boundary"
4374
4397
  ]
4375
4398
  },
4376
4399
  {
4377
4400
  id: "ASI02",
4378
- count: 28,
4401
+ count: 85,
4379
4402
  categories: [
4403
+ "advanced-exfil",
4404
+ "api-abuse",
4380
4405
  "credential-handling",
4406
+ "data-exposure",
4381
4407
  "exfiltration",
4408
+ "leaky-skills",
4382
4409
  "malicious-code",
4383
4410
  "pii-exposure",
4384
4411
  "secret-detection",
4385
4412
  "suspicious-download"
4386
4413
  ]
4387
4414
  },
4415
+ {
4416
+ id: "ASI03",
4417
+ count: 21,
4418
+ categories: [
4419
+ "api-abuse",
4420
+ "autonomous-risk",
4421
+ "solana-identity-bypass"
4422
+ ]
4423
+ },
4388
4424
  {
4389
4425
  id: "ASI04",
4390
- count: 8,
4426
+ count: 69,
4391
4427
  categories: [
4428
+ "cve-patterns",
4429
+ "supply-chain-v2",
4392
4430
  "suspicious-download",
4393
4431
  "unverifiable-deps"
4394
4432
  ]
4395
4433
  },
4396
4434
  {
4397
4435
  id: "ASI05",
4398
- count: 2,
4436
+ count: 78,
4399
4437
  categories: [
4400
- "financial-access"
4438
+ "canvas-injection",
4439
+ "cve-patterns",
4440
+ "financial-access",
4441
+ "malicious-code",
4442
+ "sandbox-escape"
4401
4443
  ]
4402
4444
  },
4403
4445
  {
4404
4446
  id: "ASI06",
4405
- count: 10,
4447
+ count: 65,
4406
4448
  categories: [
4449
+ "advanced-exfil",
4450
+ "data-exposure",
4407
4451
  "exfiltration",
4452
+ "leaky-skills",
4408
4453
  "memory-poisoning",
4409
- "pii-exposure"
4454
+ "model-poisoning",
4455
+ "pii-exposure",
4456
+ "vdb-injection"
4410
4457
  ]
4411
4458
  },
4412
4459
  {
4413
4460
  id: "ASI07",
4414
- count: 9,
4461
+ count: 76,
4415
4462
  categories: [
4463
+ "a2a-contagion",
4464
+ "agent-protocol",
4416
4465
  "credential-handling",
4417
- "secret-detection"
4466
+ "mcp-security",
4467
+ "prompt-worm",
4468
+ "secret-detection",
4469
+ "trust-boundary"
4470
+ ]
4471
+ },
4472
+ {
4473
+ id: "ASI08",
4474
+ count: 31,
4475
+ categories: [
4476
+ "autonomous-risk",
4477
+ "context-crush",
4478
+ "persistence",
4479
+ "prompt-worm"
4480
+ ]
4481
+ },
4482
+ {
4483
+ id: "ASI09",
4484
+ count: 23,
4485
+ categories: [
4486
+ "inference-manipulation",
4487
+ "safeguard-bypass",
4488
+ "trust-exploitation"
4489
+ ]
4490
+ },
4491
+ {
4492
+ id: "ASI10",
4493
+ count: 46,
4494
+ categories: [
4495
+ "autonomous-risk",
4496
+ "config-impact",
4497
+ "identity-hijack",
4498
+ "solana-identity-bypass"
4418
4499
  ]
4419
4500
  }
4420
4501
  ],
package/dist/mcp-server.cjs CHANGED
@@ -972,7 +972,7 @@ var CATEGORY_LAYER = {
972
972
  };
973
973
  var CATEGORY_OWASP_ASI = {
974
974
  "prompt-injection": ["ASI01"],
975
- "malicious-code": ["ASI02"],
975
+ "malicious-code": ["ASI02", "ASI05"],
976
976
  "suspicious-download": ["ASI02", "ASI04"],
977
977
  "credential-handling": ["ASI02", "ASI07"],
978
978
  "secret-detection": ["ASI02", "ASI07"],
@@ -990,7 +990,25 @@ var CATEGORY_OWASP_ASI = {
990
990
  "config-impact": ["ASI10"],
991
991
  "trust-boundary": ["ASI01", "ASI07"],
992
992
  "runtime-policy": ["ASI07"],
993
- "pii-exposure": ["ASI02", "ASI06"]
993
+ "pii-exposure": ["ASI02", "ASI06"],
994
+ // ── v17: OWASP Agentic Top 10 2026 完全カバレッジ ──
995
+ "autonomous-risk": ["ASI03", "ASI08", "ASI10"],
996
+ "sandbox-escape": ["ASI05"],
997
+ "supply-chain-v2": ["ASI04"],
998
+ "model-poisoning": ["ASI06"],
999
+ "inference-manipulation": ["ASI01", "ASI09"],
1000
+ "api-abuse": ["ASI02", "ASI03"],
1001
+ "safeguard-bypass": ["ASI01", "ASI09"],
1002
+ "prompt-worm": ["ASI07", "ASI08"],
1003
+ "leaky-skills": ["ASI02", "ASI06"],
1004
+ "obfuscation": ["ASI01"],
1005
+ "advanced-exfil": ["ASI02", "ASI06"],
1006
+ "vdb-injection": ["ASI06"],
1007
+ "data-exposure": ["ASI02", "ASI06"],
1008
+ "canvas-injection": ["ASI05"],
1009
+ "context-crush": ["ASI08"],
1010
+ "solana-identity-bypass": ["ASI03", "ASI10"],
1011
+ "cve-patterns": ["ASI04", "ASI05"]
994
1012
  };
995
1013
  function unique(values) {
996
1014
  return [...new Set((values || []).filter(Boolean))];
@@ -1777,13 +1795,13 @@ function analyzeMetaGuard(input = {}) {
1777
1795
  // package.json
1778
1796
  var package_default = {
1779
1797
  name: "@guava-parity/guard-scanner",
1780
- version: "16.0.2",
1798
+ version: "17.0.0",
1781
1799
  type: "module",
1782
1800
  publishConfig: {
1783
1801
  access: "public",
1784
1802
  registry: "https://registry.npmjs.org/"
1785
1803
  },
1786
- description: "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v16)",
1804
+ description: "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v17 \u2014 OWASP Agentic Top 10 2026 Full Coverage)",
1787
1805
  openclaw: {
1788
1806
  extensions: [
1789
1807
  "./dist/openclaw-plugin.mjs"
@@ -1858,6 +1876,7 @@ var package_default = {
1858
1876
  "compaction-persistence",
1859
1877
  "threat-signatures",
1860
1878
  "owasp",
1879
+ "owasp-agentic-top-10",
1861
1880
  "discovery",
1862
1881
  "daemon",
1863
1882
  "typescript"
@@ -4284,8 +4303,8 @@ var import_os2 = __toESM(require("os"), 1);
4284
4303
 
4285
4304
  // docs/spec/capabilities.json
4286
4305
  var capabilities_default = {
4287
- package_version: "16.0.2",
4288
- plugin_version: "16.0.2",
4306
+ package_version: "17.0.0",
4307
+ plugin_version: "17.0.0",
4289
4308
  static_pattern_count: 364,
4290
4309
  threat_category_count: 35,
4291
4310
  runtime_check_count: 27,
@@ -4398,53 +4417,115 @@ var capabilities_default = {
4398
4417
  owasp_asi_coverage: [
4399
4418
  {
4400
4419
  id: "ASI01",
4401
- count: 11,
4420
+ count: 46,
4402
4421
  categories: [
4403
- "prompt-injection"
4422
+ "inference-manipulation",
4423
+ "obfuscation",
4424
+ "prompt-injection",
4425
+ "safeguard-bypass",
4426
+ "trust-boundary"
4404
4427
  ]
4405
4428
  },
4406
4429
  {
4407
4430
  id: "ASI02",
4408
- count: 28,
4431
+ count: 85,
4409
4432
  categories: [
4433
+ "advanced-exfil",
4434
+ "api-abuse",
4410
4435
  "credential-handling",
4436
+ "data-exposure",
4411
4437
  "exfiltration",
4438
+ "leaky-skills",
4412
4439
  "malicious-code",
4413
4440
  "pii-exposure",
4414
4441
  "secret-detection",
4415
4442
  "suspicious-download"
4416
4443
  ]
4417
4444
  },
4445
+ {
4446
+ id: "ASI03",
4447
+ count: 21,
4448
+ categories: [
4449
+ "api-abuse",
4450
+ "autonomous-risk",
4451
+ "solana-identity-bypass"
4452
+ ]
4453
+ },
4418
4454
  {
4419
4455
  id: "ASI04",
4420
- count: 8,
4456
+ count: 69,
4421
4457
  categories: [
4458
+ "cve-patterns",
4459
+ "supply-chain-v2",
4422
4460
  "suspicious-download",
4423
4461
  "unverifiable-deps"
4424
4462
  ]
4425
4463
  },
4426
4464
  {
4427
4465
  id: "ASI05",
4428
- count: 2,
4466
+ count: 78,
4429
4467
  categories: [
4430
- "financial-access"
4468
+ "canvas-injection",
4469
+ "cve-patterns",
4470
+ "financial-access",
4471
+ "malicious-code",
4472
+ "sandbox-escape"
4431
4473
  ]
4432
4474
  },
4433
4475
  {
4434
4476
  id: "ASI06",
4435
- count: 10,
4477
+ count: 65,
4436
4478
  categories: [
4479
+ "advanced-exfil",
4480
+ "data-exposure",
4437
4481
  "exfiltration",
4482
+ "leaky-skills",
4438
4483
  "memory-poisoning",
4439
- "pii-exposure"
4484
+ "model-poisoning",
4485
+ "pii-exposure",
4486
+ "vdb-injection"
4440
4487
  ]
4441
4488
  },
4442
4489
  {
4443
4490
  id: "ASI07",
4444
- count: 9,
4491
+ count: 76,
4445
4492
  categories: [
4493
+ "a2a-contagion",
4494
+ "agent-protocol",
4446
4495
  "credential-handling",
4447
- "secret-detection"
4496
+ "mcp-security",
4497
+ "prompt-worm",
4498
+ "secret-detection",
4499
+ "trust-boundary"
4500
+ ]
4501
+ },
4502
+ {
4503
+ id: "ASI08",
4504
+ count: 31,
4505
+ categories: [
4506
+ "autonomous-risk",
4507
+ "context-crush",
4508
+ "persistence",
4509
+ "prompt-worm"
4510
+ ]
4511
+ },
4512
+ {
4513
+ id: "ASI09",
4514
+ count: 23,
4515
+ categories: [
4516
+ "inference-manipulation",
4517
+ "safeguard-bypass",
4518
+ "trust-exploitation"
4519
+ ]
4520
+ },
4521
+ {
4522
+ id: "ASI10",
4523
+ count: 46,
4524
+ categories: [
4525
+ "autonomous-risk",
4526
+ "config-impact",
4527
+ "identity-hijack",
4528
+ "solana-identity-bypass"
4448
4529
  ]
4449
4530
  }
4450
4531
  ],
package/dist/mcp-server.mjs CHANGED
@@ -942,7 +942,7 @@ var CATEGORY_LAYER = {
942
942
  };
943
943
  var CATEGORY_OWASP_ASI = {
944
944
  "prompt-injection": ["ASI01"],
945
- "malicious-code": ["ASI02"],
945
+ "malicious-code": ["ASI02", "ASI05"],
946
946
  "suspicious-download": ["ASI02", "ASI04"],
947
947
  "credential-handling": ["ASI02", "ASI07"],
948
948
  "secret-detection": ["ASI02", "ASI07"],
@@ -960,7 +960,25 @@ var CATEGORY_OWASP_ASI = {
960
960
  "config-impact": ["ASI10"],
961
961
  "trust-boundary": ["ASI01", "ASI07"],
962
962
  "runtime-policy": ["ASI07"],
963
- "pii-exposure": ["ASI02", "ASI06"]
963
+ "pii-exposure": ["ASI02", "ASI06"],
964
+ // ── v17: OWASP Agentic Top 10 2026 完全カバレッジ ──
965
+ "autonomous-risk": ["ASI03", "ASI08", "ASI10"],
966
+ "sandbox-escape": ["ASI05"],
967
+ "supply-chain-v2": ["ASI04"],
968
+ "model-poisoning": ["ASI06"],
969
+ "inference-manipulation": ["ASI01", "ASI09"],
970
+ "api-abuse": ["ASI02", "ASI03"],
971
+ "safeguard-bypass": ["ASI01", "ASI09"],
972
+ "prompt-worm": ["ASI07", "ASI08"],
973
+ "leaky-skills": ["ASI02", "ASI06"],
974
+ "obfuscation": ["ASI01"],
975
+ "advanced-exfil": ["ASI02", "ASI06"],
976
+ "vdb-injection": ["ASI06"],
977
+ "data-exposure": ["ASI02", "ASI06"],
978
+ "canvas-injection": ["ASI05"],
979
+ "context-crush": ["ASI08"],
980
+ "solana-identity-bypass": ["ASI03", "ASI10"],
981
+ "cve-patterns": ["ASI04", "ASI05"]
964
982
  };
965
983
  function unique(values) {
966
984
  return [...new Set((values || []).filter(Boolean))];
@@ -1747,13 +1765,13 @@ function analyzeMetaGuard(input = {}) {
1747
1765
  // package.json
1748
1766
  var package_default = {
1749
1767
  name: "@guava-parity/guard-scanner",
1750
- version: "16.0.2",
1768
+ version: "17.0.0",
1751
1769
  type: "module",
1752
1770
  publishConfig: {
1753
1771
  access: "public",
1754
1772
  registry: "https://registry.npmjs.org/"
1755
1773
  },
1756
- description: "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v16)",
1774
+ description: "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v17 \u2014 OWASP Agentic Top 10 2026 Full Coverage)",
1757
1775
  openclaw: {
1758
1776
  extensions: [
1759
1777
  "./dist/openclaw-plugin.mjs"
@@ -1828,6 +1846,7 @@ var package_default = {
1828
1846
  "compaction-persistence",
1829
1847
  "threat-signatures",
1830
1848
  "owasp",
1849
+ "owasp-agentic-top-10",
1831
1850
  "discovery",
1832
1851
  "daemon",
1833
1852
  "typescript"
@@ -4254,8 +4273,8 @@ import os2 from "os";
4254
4273
 
4255
4274
  // docs/spec/capabilities.json
4256
4275
  var capabilities_default = {
4257
- package_version: "16.0.2",
4258
- plugin_version: "16.0.2",
4276
+ package_version: "17.0.0",
4277
+ plugin_version: "17.0.0",
4259
4278
  static_pattern_count: 364,
4260
4279
  threat_category_count: 35,
4261
4280
  runtime_check_count: 27,
@@ -4368,53 +4387,115 @@ var capabilities_default = {
4368
4387
  owasp_asi_coverage: [
4369
4388
  {
4370
4389
  id: "ASI01",
4371
- count: 11,
4390
+ count: 46,
4372
4391
  categories: [
4373
- "prompt-injection"
4392
+ "inference-manipulation",
4393
+ "obfuscation",
4394
+ "prompt-injection",
4395
+ "safeguard-bypass",
4396
+ "trust-boundary"
4374
4397
  ]
4375
4398
  },
4376
4399
  {
4377
4400
  id: "ASI02",
4378
- count: 28,
4401
+ count: 85,
4379
4402
  categories: [
4403
+ "advanced-exfil",
4404
+ "api-abuse",
4380
4405
  "credential-handling",
4406
+ "data-exposure",
4381
4407
  "exfiltration",
4408
+ "leaky-skills",
4382
4409
  "malicious-code",
4383
4410
  "pii-exposure",
4384
4411
  "secret-detection",
4385
4412
  "suspicious-download"
4386
4413
  ]
4387
4414
  },
4415
+ {
4416
+ id: "ASI03",
4417
+ count: 21,
4418
+ categories: [
4419
+ "api-abuse",
4420
+ "autonomous-risk",
4421
+ "solana-identity-bypass"
4422
+ ]
4423
+ },
4388
4424
  {
4389
4425
  id: "ASI04",
4390
- count: 8,
4426
+ count: 69,
4391
4427
  categories: [
4428
+ "cve-patterns",
4429
+ "supply-chain-v2",
4392
4430
  "suspicious-download",
4393
4431
  "unverifiable-deps"
4394
4432
  ]
4395
4433
  },
4396
4434
  {
4397
4435
  id: "ASI05",
4398
- count: 2,
4436
+ count: 78,
4399
4437
  categories: [
4400
- "financial-access"
4438
+ "canvas-injection",
4439
+ "cve-patterns",
4440
+ "financial-access",
4441
+ "malicious-code",
4442
+ "sandbox-escape"
4401
4443
  ]
4402
4444
  },
4403
4445
  {
4404
4446
  id: "ASI06",
4405
- count: 10,
4447
+ count: 65,
4406
4448
  categories: [
4449
+ "advanced-exfil",
4450
+ "data-exposure",
4407
4451
  "exfiltration",
4452
+ "leaky-skills",
4408
4453
  "memory-poisoning",
4409
- "pii-exposure"
4454
+ "model-poisoning",
4455
+ "pii-exposure",
4456
+ "vdb-injection"
4410
4457
  ]
4411
4458
  },
4412
4459
  {
4413
4460
  id: "ASI07",
4414
- count: 9,
4461
+ count: 76,
4415
4462
  categories: [
4463
+ "a2a-contagion",
4464
+ "agent-protocol",
4416
4465
  "credential-handling",
4417
- "secret-detection"
4466
+ "mcp-security",
4467
+ "prompt-worm",
4468
+ "secret-detection",
4469
+ "trust-boundary"
4470
+ ]
4471
+ },
4472
+ {
4473
+ id: "ASI08",
4474
+ count: 31,
4475
+ categories: [
4476
+ "autonomous-risk",
4477
+ "context-crush",
4478
+ "persistence",
4479
+ "prompt-worm"
4480
+ ]
4481
+ },
4482
+ {
4483
+ id: "ASI09",
4484
+ count: 23,
4485
+ categories: [
4486
+ "inference-manipulation",
4487
+ "safeguard-bypass",
4488
+ "trust-exploitation"
4489
+ ]
4490
+ },
4491
+ {
4492
+ id: "ASI10",
4493
+ count: 46,
4494
+ categories: [
4495
+ "autonomous-risk",
4496
+ "config-impact",
4497
+ "identity-hijack",
4498
+ "solana-identity-bypass"
4418
4499
  ]
4419
4500
  }
4420
4501
  ],