@hungpg/skill-audit 0.1.1 → 0.3.0

package/README.md

@@ -12,10 +12,109 @@ Security auditing CLI for AI agent skills.
 
 ## Installation
 
+### Option 1: Install via npm (Recommended for CLI)
+
 ```bash
 npm install -g @hungpg/skill-audit
 ```
 
+This installs the CLI globally and triggers the postinstall hook prompt.
+
+### Option 2: Install via bun (Fast Alternative)
+
+```bash
+bun install -g @hungpg/skill-audit
+```
+
+Bun is significantly faster than npm for installation.
+
+### Option 3: Install as a Skill (For Claude Code)
+
+```bash
+# Install from GitHub repo (not npm package name)
+npx skills add harrypham2000/skill-audit -g -y
+```
+
+> ⚠️ **Important**: The skills CLI expects `owner/repo` format, not npm scoped packages.
+> - ✅ Correct: `harrypham2000/skill-audit`
+> - ❌ Incorrect: `@hungpg/skill-audit`
+
+### Option 4: Install for Qwen Code
+
+```bash
+# Clone to Qwen skills directory
+mkdir -p ~/.qwen/skills
+git clone https://github.com/harrypham2000/skill-audit.git ~/.qwen/skills/skill-audit
+cd ~/.qwen/skills/skill-audit/skill-audit
+npm install && npm run build
+
+# Or with bun (faster)
+bun install && bun run build
+```
+
+### Option 5: Install for Gemini CLI
+
+```bash
+# Clone to Gemini skills directory
+mkdir -p ~/.gemini/skills
+git clone https://github.com/harrypham2000/skill-audit.git ~/.gemini/skills/skill-audit
+cd ~/.gemini/skills/skill-audit/skill-audit
+npm install && npm run build
+
+# Or with bun (faster)
+bun install && bun run build
+```
+
+## Automatic Hook Setup
+
+During npm installation, you'll be prompted to set up a **PreToolUse hook** that automatically audits skills before installation:
+
+```
+╔════════════════════════════════════════════════════════════╗
+║                 🛡️  skill-audit hook setup                 ║
+╠════════════════════════════════════════════════════════════╣
+║                                                            ║
+║  skill-audit can automatically audit skills before        ║
+║  installation to protect you from malicious packages.     ║
+║                                                            ║
+║  When you run 'npx skills add <package>', the hook will:  ║
+║    • Scan the skill for security vulnerabilities          ║
+║    • Check for prompt injection, secrets, code execution  ║
+║    • Block installation if risk score > 3.0               ║
+║                                                            ║
+╚════════════════════════════════════════════════════════════╝
+
+Options:
+  [Y] Yes, install the hook (recommended)
+  [N] No, skip for now
+  [S] Skip forever (don't ask again)
+```
+
+### Manual Hook Management
+
+```bash
+# Install hook manually
+skill-audit --install-hook
+
+# Install with custom threshold
+skill-audit --install-hook --hook-threshold 5.0
+
+# Check hook status
+skill-audit --hook-status
+
+# Remove hook
+skill-audit --uninstall-hook
+```
+
+### How the Hook Works
+
+1. **Trigger**: When you run `npx skills add <package>`
+2. **Scan**: skill-audit analyzes the skill before installation
+3. **Decision**:
+   - Risk score ≤ 3.0 → Installation proceeds
+   - Risk score > 3.0 → Installation blocked
+4. **Report**: Detailed findings shown in terminal
+
 ## Usage
 
 ```bash
@@ -59,6 +158,11 @@ skill-audit --update-db
 | `-o, --output <file>` | Save to file | |
 | `--no-deps` | Skip dependency scan | |
 | `-v, --verbose` | Verbose output | |
+| `--install-hook` | Install PreToolUse hook | |
+| `--uninstall-hook` | Remove PreToolUse hook | |
+| `--hook-threshold <score>` | Hook risk threshold | 3.0 |
+| `--hook-status` | Show hook status | |
+| `--block` | Exit 1 if threshold exceeded | |
 
 ## Exit Codes
 
@@ -89,9 +193,11 @@ Feeds are cached locally with automatic freshness checks:
 
 | Source | Update Frequency | Cache Lifetime |
 |--------|------------------|----------------|
-| CISA KEV | Daily | 7 days |
-| FIRST EPSS | Daily | 7 days |
+| CISA KEV | Daily | 1 day |
+| NIST NVD | Daily | 1 day |
+| FIRST EPSS | Daily | 3 days |
 | OSV.dev | On-query | 7 days |
+| GHSA | On-query | 3 days |
 
 **Automatic updates:**
 - Runs on `npm install` via `postinstall` hook
@@ -100,6 +206,20 @@ Feeds are cached locally with automatic freshness checks:
 
 **Stale cache warning:** Audit output warns if feeds are >3 days old.
 
+### NVD Synchronization
+
+The `--update-db` command fetches CVEs modified in the last 24 hours only.
+For initial setup or after extended offline periods, run multiple times to build historical data:
+
+```bash
+# Multiple updates to build historical data
+skill-audit --update-db
+skill-audit --update-db
+skill-audit --update-db
+```
+
+Note: NVD API rate limits apply (5 requests/30 sec without API key). Set `NVD_API_KEY` environment variable for 50 requests/30 sec.
+
 ## Trust Sources
 
 1. Static pattern matching for known attack vectors

package/SKILL.md

@@ -1,11 +1,11 @@
 ---
 name: skill-audit
-description: This skill should be used when the user asks to "audit AI agent skills for security vulnerabilities", "evaluate third-party skills before installing", "check for prompt injection or secrets leakage", "scan skills for code execution risks", "validate skills against Agent Skills specification", or "assess skill security posture with CVE/GHSA/KEV/EPSS intelligence".
+description: This skill should be used when the user asks to "audit AI agent skills for security vulnerabilities", "evaluate third-party skills before installing", "check for prompt injection or secrets leakage", "scan skills for code execution risks", "validate skills against Agent Skills specification", or "assess skill security posture with CVE/GHSA/KEV/EPSS/NVD intelligence".
 license: MIT
 compatibility: Node.js 18+ with npm or yarn
 metadata:
-  repo: https://github.com/vercel/skill-audit
-  version: 0.2.0
+  repo: https://github.com/harrypham2000/skill-audit
+  version: 0.3.0
 allowed-tools:
   - skill:exec
   - skill:read
@@ -14,7 +14,56 @@ allowed-tools:
 
 # skill-audit
 
-Security auditing CLI for AI agent skills in the Vercel ecosystem.
+Security auditing CLI for AI agent skills.
+
+## Installation for Agents
+
+### Claude Code
+
+```bash
+# Option 1: Install as skill from GitHub
+npx skills add harrypham2000/skill-audit -g -y
+
+# Option 2: Install CLI via npm
+npm install -g @hungpg/skill-audit
+
+# Option 3: Install CLI via bun (faster)
+bun install -g @hungpg/skill-audit
+```
+
+### Qwen Code
+
+```bash
+# Clone to Qwen skills directory
+mkdir -p ~/.qwen/skills
+git clone https://github.com/harrypham2000/skill-audit.git ~/.qwen/skills/skill-audit
+cd ~/.qwen/skills/skill-audit/skill-audit
+
+# Install with npm
+npm install && npm run build
+
+# Or with bun (faster)
+bun install && bun run build
+```
+
+### Gemini CLI
+
+```bash
+# Clone to Gemini skills directory
+mkdir -p ~/.gemini/skills
+git clone https://github.com/harrypham2000/skill-audit.git ~/.gemini/skills/skill-audit
+cd ~/.gemini/skills/skill-audit/skill-audit
+
+# Install with npm
+npm install && npm run build
+
+# Or with bun (faster)
+bun install && bun run build
+```
+
+> ⚠️ **Important for Skills CLI**: Use `owner/repo` format, not npm scoped names.
+> - ✅ Correct: `harrypham2000/skill-audit`
+> - ❌ Incorrect: `@hungpg/skill-audit`
 
 ## When to Use
 
@@ -75,6 +124,8 @@ Full security audit including:
 Pulls latest vulnerability intelligence:
 - CISA KEV (Known Exploited Vulnerabilities)
 - FIRST EPSS (Exploit Prediction Scoring) - via api.first.org/data/v1
+- NIST NVD (National Vulnerability Database) - CVSS scores, CWE mappings
+- GitHub Security Advisories (GHSA) - ecosystem-specific advisories
 - OSV.dev vulnerabilities
 
 Caches to `.cache/skill-audit/feeds/` for offline use.
@@ -148,7 +199,7 @@ npx skill-audit -g -o ./audit-report.json
 npx skill-audit -g -t 3.0
 
 # Update intelligence feeds
-npx skill-audit --update-db --source kev epss
+npx skill-audit --update-db --source kev epss nvd
 
 # Audit project-level skills only
 npx skill-audit -p --mode audit -v
@@ -164,7 +215,7 @@ Found 3 skills
    Safe: 1 | Risky: 1 | Dangerous: 1 | Malicious: 0
    Skills with spec issues: 1 | Security issues: 2
 
-⚠️  Vulnerability DB is stale (4.2 days for KEV, 5.1 days for EPSS)
+⚠️  Vulnerability DB is stale (4.2 days for KEV, 5.1 days for EPSS, 2.0 days for NVD)
    Run: npx skill-audit --update-db
 
 ❌ 1 skills exceed threshold 3.0
@@ -189,8 +240,9 @@ Three-layer validation approach:
    - Maps to OWASP Agentic Top 10
 
 3. **Intelligence Service**
-   - Caches CVE/GHSA/KEV/EPSS data
+   - Caches CVE/GHSA/KEV/EPSS/NVD data
    - Native HTTP/fetch (no shell dependencies)
+   - Differentiated cache lifetimes by source (KEV/NVD: 1 day, EPSS/GHSA: 3 days, OSV: 7 days)
 
 ## Related Skills
 
@@ -216,6 +268,8 @@ Three-layer validation approach:
 - **[OWASP AI Security Top 10](https://owasp.org/www-project-top-ten.html)** - ASI01-ASI10 threat categories
 - **[CISA KEV Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)** - Actively exploited vulnerabilities
 - **[FIRST EPSS](https://www.first.org/epss/)** - Exploit Prediction Scoring System
+- **[NIST NVD](https://nvd.nist.gov/)** - National Vulnerability Database (official CVE database)
+- **[GitHub Security Advisories](https://github.com/advisories)** - GHSA vulnerability database
 - **[OSV.dev](https://osv.dev/)** - Open Source Vulnerability database
 
 ### Intelligence Cache
@@ -223,5 +277,7 @@ Three-layer validation approach:
 | Source | Update Frequency | Max Cache Age | Warning Threshold |
 |--------|-----------------|---------------|-------------------|
 | CISA KEV | Daily | 1 day | 3 days |
+| NIST NVD | Daily | 1 day | 3 days |
+| GitHub GHSA | 3 days | 3 days | 3 days |
 | FIRST EPSS | 3-day cycle | 3 days | 3 days |
 | OSV.dev | On-query | 7 days | 3 days |

package/dist/deps.js

@@ -14,6 +14,52 @@ const OSV_ECOSYSTEMS = {
     'RubyGems': 'ruby',
     'Packagist': 'php',
     'Pub': 'dart',
+    'NuGet': 'dotnet',
+    'Hex': 'elixir',
+    'ConanCenter': 'cpp',
+    'Bioconductor': 'r',
+    'SwiftURL': 'swift',
+};
+// Supported lockfile patterns and their ecosystems
+const LOCKFILE_PATTERNS = {
+    // JavaScript/TypeScript
+    'package-lock.json': { ecosystem: 'npm', parser: 'json' },
+    'yarn.lock': { ecosystem: 'npm', parser: 'yarn' },
+    'pnpm-lock.yaml': { ecosystem: 'npm', parser: 'yaml' },
+    'bun.lockb': { ecosystem: 'npm', parser: 'binary' },
+    // Python
+    'requirements.txt': { ecosystem: 'PyPI', parser: 'text' },
+    'Pipfile.lock': { ecosystem: 'PyPI', parser: 'json' },
+    'poetry.lock': { ecosystem: 'PyPI', parser: 'toml' },
+    'pdm.lock': { ecosystem: 'PyPI', parser: 'toml' },
+    'uv.lock': { ecosystem: 'PyPI', parser: 'toml' },
+    'pylock.toml': { ecosystem: 'PyPI', parser: 'toml' },
+    // Rust
+    'Cargo.lock': { ecosystem: 'crates.io', parser: 'toml' },
+    // Ruby
+    'Gemfile.lock': { ecosystem: 'RubyGems', parser: 'text' },
+    'gems.locked': { ecosystem: 'RubyGems', parser: 'text' },
+    // PHP
+    'composer.lock': { ecosystem: 'Packagist', parser: 'json' },
+    // Java
+    'pom.xml': { ecosystem: 'Maven', parser: 'xml' },
+    'buildscript-gradle.lockfile': { ecosystem: 'Maven', parser: 'text' },
+    'gradle.lockfile': { ecosystem: 'Maven', parser: 'text' },
+    // Go
+    'go.mod': { ecosystem: 'Go', parser: 'text' },
+    'go.sum': { ecosystem: 'Go', parser: 'text' },
+    // .NET
+    'packages.lock.json': { ecosystem: 'NuGet', parser: 'json' },
+    'deps.json': { ecosystem: 'NuGet', parser: 'json' },
+    'packages.config': { ecosystem: 'NuGet', parser: 'xml' },
+    // Dart
+    'pubspec.lock': { ecosystem: 'Pub', parser: 'yaml' },
+    // Elixir
+    'mix.lock': { ecosystem: 'Hex', parser: 'elixir' },
+    // C/C++
+    'conan.lock': { ecosystem: 'ConanCenter', parser: 'text' },
+    // R
+    'renv.lock': { ecosystem: 'Bioconductor', parser: 'json' },
 };
 // Check if a scanner is available
 function isScannerAvailable(scanner) {
@@ -251,62 +297,214 @@ function extractPackagesFromLockfiles(resolvedPath) {
     const packages = [];
     try {
         const files = readdirSync(resolvedPath);
-        // Parse package-lock.json
-        const pkgLock = files.find(f => f === 'package-lock.json');
-        if (pkgLock) {
-            const content = JSON.parse(readFileSync(join(resolvedPath, pkgLock), 'utf-8'));
-            if (content.packages) {
-                for (const [path, pkg] of Object.entries(content.packages)) {
+        // Iterate through all supported lockfile patterns
+        for (const [filename, config] of Object.entries(LOCKFILE_PATTERNS)) {
+            const lockfile = files.find(f => f === filename);
+            if (!lockfile)
+                continue;
+            const filepath = join(resolvedPath, lockfile);
+            const content = readFileSync(filepath, 'utf-8');
+            try {
+                switch (config.parser) {
+                    case 'json':
+                        parseJSONLockfile(content, config.ecosystem, packages);
+                        break;
+                    case 'yaml':
+                        parseYAMLLockfile(content, config.ecosystem, packages);
+                        break;
+                    case 'toml':
+                        parseTOMLLockfile(content, config.ecosystem, packages);
+                        break;
+                    case 'text':
+                        parseTextLockfile(content, config.ecosystem, packages, filename);
+                        break;
+                    // Binary and XML parsers would require additional dependencies
+                    // For now, skip binary files and use basic XML parsing
+                }
+            }
+            catch (e) {
+                console.warn(`Failed to parse ${filename}:`, e);
+            }
+        }
+    }
+    catch (e) {
+        // Ignore top-level errors
+    }
+    return packages;
+}
+// Parse JSON lockfiles (package-lock.json, Pipfile.lock, composer.lock, etc.)
+function parseJSONLockfile(content, ecosystem, packages) {
+    const data = JSON.parse(content);
+    // package-lock.json format (object with packages)
+    if (data.packages && typeof data.packages === 'object' && !Array.isArray(data.packages)) {
+        for (const [path, pkg] of Object.entries(data.packages)) {
+            const p = pkg;
+            if (p.version && path !== '') {
+                const name = p.name || path.split('node_modules/').pop()?.split('/')[0];
+                if (name) {
+                    packages.push({ name, version: p.version.replace(/^\^|~/, ''), ecosystem });
+                }
+            }
+        }
+    }
+    // Pipfile.lock format
+    if (data.default || data.develop) {
+        for (const section of ['default', 'develop']) {
+            if (data[section]) {
+                for (const [name, pkg] of Object.entries(data[section])) {
                     const p = pkg;
-                    if (p.version && path !== '') {
-                        // Extract package name from path
-                        const name = path.split('node_modules/').pop()?.split('/')[0];
-                        if (name) {
-                            packages.push({ name, version: p.version.replace(/^\^|~/, ''), ecosystem: 'npm' });
-                        }
+                    if (p.version) {
+                        packages.push({ name: name.toLowerCase(), version: p.version.replace(/^[=<>!~]+/, ''), ecosystem });
                     }
                 }
             }
         }
-        // Parse requirements.txt
-        const reqTxt = files.find(f => f === 'requirements.txt');
-        if (reqTxt) {
-            const content = readFileSync(join(resolvedPath, reqTxt), 'utf-8');
-            for (const line of content.split('\n')) {
-                const match = line.match(/^([a-zA-Z0-9_-]+)([=<>!~]+)(.+)$/);
+    }
+    // composer.lock format (array of packages)
+    if (Array.isArray(data.packages)) {
+        for (const pkg of data.packages) {
+            if (pkg.name && pkg.version) {
+                packages.push({ name: pkg.name, version: pkg.version.replace(/^[=<>!~v]+/, ''), ecosystem });
+            }
+        }
+    }
+    // renv.lock format
+    if (data.Packages) {
+        for (const [name, pkg] of Object.entries(data.Packages)) {
+            const p = pkg;
+            if (p.Version) {
+                packages.push({ name, version: p.Version, ecosystem });
+            }
+        }
+    }
+}
+// Parse YAML lockfiles (yarn.lock, pubspec.lock, pnpm-lock.yaml)
+function parseYAMLLockfile(content, ecosystem, packages) {
+    // Simple YAML parsing without external dependency
+    // For production, consider using a YAML parser library
+    const lines = content.split('\n');
+    let currentPackage = '';
+    for (const line of lines) {
+        // yarn.lock format: "package@version":
+        const yarnMatch = line.match(/^"?([^@"]+)@([^"]+)":/);
+        if (yarnMatch) {
+            packages.push({ name: yarnMatch[1], version: yarnMatch[2].replace(/^[^0-9]*/, ''), ecosystem });
+            continue;
+        }
+        // pubspec.lock format
+        const pubMatch = line.match(/^\s+name:\s*(.+)$/);
+        if (pubMatch) {
+            currentPackage = pubMatch[1].trim();
+            continue;
+        }
+        const pubVersion = line.match(/^\s+version:\s*"?(.+)"?$/);
+        if (pubVersion && currentPackage) {
+            packages.push({ name: currentPackage, version: pubVersion[1], ecosystem });
+            currentPackage = '';
+        }
+    }
+}
+// Parse TOML lockfiles (Cargo.lock, poetry.lock, etc.)
+function parseTOMLLockfile(content, ecosystem, packages) {
+    // Simple TOML parsing without external dependency
+    const lines = content.split('\n');
+    let currentPackage = '';
+    for (const line of lines) {
+        // Cargo.lock format: [[package]]
+        if (line.startsWith('[[')) {
+            currentPackage = '';
+            continue;
+        }
+        const nameMatch = line.match(/^name\s*=\s*"(.+)"$/);
+        if (nameMatch) {
+            currentPackage = nameMatch[1];
+            continue;
+        }
+        const versionMatch = line.match(/^version\s*=\s*"(.+)"$/);
+        if (versionMatch && currentPackage) {
+            packages.push({ name: currentPackage, version: versionMatch[1], ecosystem });
+        }
+    }
+}
+// Parse text-based lockfiles (requirements.txt, Gemfile.lock, go.mod, etc.)
+function parseTextLockfile(content, ecosystem, packages, filename) {
+    const lines = content.split('\n');
+    // requirements.txt format
+    if (filename === 'requirements.txt') {
+        for (const line of lines) {
+            const match = line.match(/^([a-zA-Z0-9_-]+)([=<>!~]+)(.+)$/);
+            if (match) {
+                packages.push({ name: match[1], version: match[3].trim(), ecosystem });
+            }
+        }
+        return;
+    }
+    // Gemfile.lock format
+    if (filename === 'Gemfile.lock') {
+        let inSpecs = false;
+        for (const line of lines) {
+            if (line.includes('specs:')) {
+                inSpecs = true;
+                continue;
+            }
+            if (inSpecs && line.startsWith('    ')) {
+                const match = line.match(/^\s+([a-zA-Z0-9_-]+)\s+\(([^)]+)\)/);
                 if (match) {
-                    packages.push({ name: match[1], version: match[3].trim(), ecosystem: 'PyPI' });
+                    packages.push({ name: match[1], version: match[2], ecosystem });
                 }
             }
+            if (inSpecs && line.trim() && !line.startsWith(' ')) {
+                inSpecs = false;
+            }
         }
-        // Parse go.mod
-        const goMod = files.find(f => f === 'go.mod');
-        if (goMod) {
-            const content = readFileSync(join(resolvedPath, goMod), 'utf-8');
-            for (const line of content.split('\n')) {
-                const match = line.match(/^\s+([a-zA-Z0-9\/]+)\s+v?(.+)$/);
-                if (match && !match[1].startsWith('gopkg.in') && !match[1].startsWith('github.com/')) {
-                    packages.push({ name: match[1], version: match[2].replace(/^v/, ''), ecosystem: 'Go' });
+        return;
+    }
+    // go.mod format
+    if (filename === 'go.mod') {
+        let inRequire = false;
+        for (const line of lines) {
+            if (line.startsWith('require (')) {
+                inRequire = true;
+                continue;
+            }
+            if (inRequire) {
+                if (line === ')') {
+                    inRequire = false;
+                    continue;
+                }
+                const match = line.match(/^\s*([a-zA-Z0-9\/]+)\s+v?(.+)$/);
+                if (match) {
+                    packages.push({ name: match[1], version: match[2].replace(/^v/, ''), ecosystem });
                 }
             }
+            // Single-line require
+            const singleMatch = line.match(/^require\s+([a-zA-Z0-9\/]+)\s+v?(.+)$/);
+            if (singleMatch) {
+                packages.push({ name: singleMatch[1], version: singleMatch[2].replace(/^v/, ''), ecosystem });
+            }
         }
-        // Parse Cargo.lock
-        const cargoLock = files.find(f => f === 'Cargo.lock');
-        if (cargoLock) {
-            const content = JSON.parse(readFileSync(join(resolvedPath, cargoLock), 'utf-8'));
-            if (content.package) {
-                for (const pkg of content.package) {
-                    if (pkg.name && pkg.version) {
-                        packages.push({ name: pkg.name, version: pkg.version, ecosystem: 'crates.io' });
-                    }
-                }
+        return;
+    }
+    // go.sum format
+    if (filename === 'go.sum') {
+        for (const line of lines) {
+            const match = line.match(/^([a-zA-Z0-9\/]+)\s+v?([^\/\s]+)\//);
+            if (match) {
+                packages.push({ name: match[1], version: match[2].replace(/^v/, ''), ecosystem });
             }
         }
+        return;
     }
-    catch (e) {
-        // Ignore parse errors
+    // gradle.lockfile format
+    if (filename.includes('gradle.lockfile')) {
+        for (const line of lines) {
+            const match = line.match(/:([a-zA-Z0-9_-]+):([a-zA-Z0-9._-]+):([a-zA-Z0-9._-]+)/);
+            if (match) {
+                packages.push({ name: `${match[2]}:${match[3]}`, version: match[3], ecosystem });
+            }
+        }
+        return;
     }
-    return packages;
 }
 export function scanDependencies(skillPath) {
     const findings = [];