@lowwattlabs/clawsec 2.2.1 → 2.3.1

package/api/src/routes.js

@@ -27,6 +27,34 @@ function sanitizeSlug(slug) {
     return slug;
 }
 
+// Strip execute permissions from all files in a directory tree.
+// Security: downloaded skills are READ ONLY during scanning — never executed.
+function hardenSkillDir(dir) {
+    try {
+        const entries = fs.readdirSync(dir, { withFileTypes: true });
+        for (const entry of entries) {
+            const fullPath = path.join(dir, entry.name);
+            if (entry.isDirectory()) {
+                hardenSkillDir(fullPath);
+            } else {
+                try {
+                    const mode = fs.statSync(fullPath).mode;
+                    // Remove all execute bits (user, group, other)
+                    fs.chmodSync(fullPath, mode & ~0o111);
+                } catch {}
+            }
+        }
+    } catch {}
+}
+
+// Create a restricted temp directory for skill downloads.
+// Returns the path to the temp dir.
+function createScanTempDir() {
+    const tmpDir = path.join(os.tmpdir(), 'clawsec-scan-' + uuidv4().slice(0, 8));
+    fs.mkdirSync(tmpDir, { recursive: true, mode: 0o700 });
+    return tmpDir;
+}
+
 router.post('/scan', (req, res) => {
     const { slug, content, path: reqPath } = req.body;
 
@@ -44,42 +72,50 @@ router.post('/scan', (req, res) => {
         if (reqPath && fs.existsSync(reqPath)) {
             targetDir = reqPath;
         } else if (slug) {
-            // P1-4: Validate slug before passing to clawhub install
+            // Validate slug before passing to clawhub install
             const safeSlug = sanitizeSlug(slug);
             if (!safeSlug) {
                 return res.status(400).json({ error: 'Invalid slug: must be alphanumeric with hyphens/underscores, max 128 chars' });
             }
-            // Try to install from ClawHub
-            const tmpDir = '/tmp/clawsec-scan-' + uuidv4().slice(0, 8);
+            // Download from ClawHub into restricted temp directory
+            const tmpDir = createScanTempDir();
             try {
-                execFileSync('clawhub', ['install', safeSlug, '--dir', tmpDir], {
-                    timeout: 60000, encoding: 'utf8'
+                // SECURITY: suppress npm postinstall scripts from the downloaded skill
+                execFileSync('clawhub', ['install', safeSlug, '--dir', tmpDir, '--no-input'], {
+                    timeout: 60000,
+                    encoding: 'utf8',
+                    env: { ...process.env, npm_config_ignore_scripts: 'true' }
                 });
-                // Find the installed skill
+                // Find the installed skill directory
                 const dirs = fs.readdirSync(tmpDir);
                 if (dirs.length > 0) {
                     targetDir = path.join(tmpDir, dirs[0]);
-                    cleanup = true;
                 }
+                // SECURITY: strip execute permissions from all downloaded files
+                if (targetDir) {
+                    hardenSkillDir(targetDir);
+                }
+                cleanup = true;
             } catch (e) {
+                // Clean up on failure
+                try { fs.rmSync(tmpDir, { recursive: true }); } catch {}
                 return res.status(404).json({ error: 'Skill not found: ' + slug });
             }
         } else if (content) {
             // Write content to temp dir
-            const tmpDir = '/tmp/clawsec-scan-' + uuidv4().slice(0, 8);
-            fs.mkdirSync(tmpDir, { recursive: true });
+            const tmpDir = createScanTempDir();
 
             if (typeof content === 'string') {
                 fs.writeFileSync(path.join(tmpDir, 'SKILL.md'), content);
             } else if (typeof content === 'object') {
                 // Object with file contents
                 for (const [filename, fileContent] of Object.entries(content)) {
-                    // P0: Sanitize filename against path traversal
+                    // Sanitize filename against path traversal
                     const safeName = path.basename(filename).replace(/\.\./g, '');
                     if (safeName !== filename || filename.includes('..')) {
                         return res.status(400).json({ error: 'Invalid filename: ' + filename });
                     }
-                    // P0: Ensure resolved path stays within tmpDir
+                    // Ensure resolved path stays within tmpDir
                     const filePath = path.resolve(tmpDir, filename);
                     if (!filePath.startsWith(path.resolve(tmpDir) + path.sep)) {
                         return res.status(400).json({ error: 'Path traversal in filename: ' + filename });
@@ -136,8 +172,13 @@ router.post('/scan', (req, res) => {
         res.json({ report_id: reportId, ...result });
 
     } finally {
-        if (cleanup && targetDir && targetDir.startsWith('/tmp/clawsec-scan-')) {
+        if (cleanup && targetDir) {
             try { fs.rmSync(targetDir, { recursive: true }); } catch {}
+            // Also try cleaning parent if it's a scan temp dir
+            const parentDir = path.dirname(targetDir);
+            if (parentDir.includes('clawsec-scan-')) {
+                try { fs.rmSync(parentDir, { recursive: true }); } catch {}
+            }
         }
     }
 });
@@ -181,4 +222,4 @@ router.get('/status', (req, res) => {
     res.json(manifest);
 });
 
-module.exports = router;
+module.exports = router;

package/api/src/server.js

@@ -39,7 +39,7 @@ app.use('/api/v1', routes);
 
 // Health check
 app.get('/health', (req, res) => {
-    res.json({ status: 'ok', version: '2.0.0', uptime: process.uptime() });
+    res.json({ status: 'ok', version: '2.3.1', uptime: process.uptime() });
 });
 
 // Error handler
@@ -53,6 +53,6 @@ app.use((err, req, res, next) => {
 
 // Start
 app.listen(PORT, '0.0.0.0', () => {
-    console.log("⚡ ClawSec API v2.0.0 listening on 0.0.0.0:" + PORT);
+    console.log("⚡ ClawSec API v2.3.1 listening on 0.0.0.0:" + PORT);
     fs.mkdirSync(REPORTS_DIR, { recursive: true });
 });

package/cli/clawsec.py

@@ -15,13 +15,14 @@ import argparse
 import json
 import os
 import shutil
+import stat
 import subprocess
 import sys
 import tempfile
 import time
 from pathlib import Path
 
-VERSION = "2.2.0"
+VERSION = "2.3.1"
 CLAWSEC_DIR = os.environ.get("CLAWSEC_HOME", os.path.expanduser("~/.clawsec"))
 INTEL_DIR = os.environ.get("CLAWSEC_INTEL_DIR", os.path.join(CLAWSEC_DIR, "intel"))
 REPORTS_DIR = os.environ.get("CLAWSEC_REPORTS_DIR", os.path.join(CLAWSEC_DIR, "reports"))
@@ -40,6 +41,7 @@ BOLD = "\033[1m"
 DIM = "\033[2m"
 RESET = "\033[0m"
 
+
 def banner():
     print(f"""{BOLD}
   ╔═════════════════════════════════════════╗
@@ -48,6 +50,7 @@ def banner():
   ╚═════════════════════════════════════════╝{RESET}
 """)
 
+
 def is_slug(target):
     """Check if target looks like a ClawHub slug (no path separators, no dots, not a local path)."""
     if os.path.exists(target):
@@ -59,13 +62,45 @@ def is_slug(target):
         return False
     return True
 
+
+def harden_skill_dir(skill_dir):
+    """
+    Remove execute permissions from all files in the skill directory.
+    This prevents any scripts from being executed accidentally before or during scanning.
+    We only need to READ these files, never execute them.
+    """
+    for root, dirs, files in os.walk(skill_dir):
+        for f in files:
+            fpath = os.path.join(root, f)
+            try:
+                current_mode = os.stat(fpath).st_mode
+                # Remove all execute bits (user, group, other)
+                os.chmod(fpath, current_mode & ~(stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH))
+            except OSError:
+                pass
+
+
 def download_slug(slug):
-    """Download a skill from ClawHub by slug. Returns the path or None."""
+    """
+    Download a skill from ClawHub by slug.
+    
+    Security measures:
+    - Downloads to a restricted temp directory (0700 permissions)
+    - Strips execute permissions from all downloaded files before returning
+    - Uses --no-input flag to prevent any interactive prompts
+    - Does NOT run any postinstall scripts from the downloaded skill
+    
+    Returns (skill_path, cleanup_dir) or None on failure.
+    """
+    # Create temp dir with restricted permissions (owner only)
     tmpdir = tempfile.mkdtemp(prefix="clawsec-scan-")
+    os.chmod(tmpdir, stat.S_IRWXU)  # 0700 — owner read/write/exec only
+
     try:
         result = subprocess.run(
-            ["clawhub", "install", slug, "--dir", tmpdir],
-            capture_output=True, text=True, timeout=120
+            ["clawhub", "install", slug, "--dir", tmpdir, "--no-input"],
+            capture_output=True, text=True, timeout=120,
+            env={**os.environ, "npm_config_ignore_scripts": "true"}  # Never run skill's postinstall
         )
         if result.returncode != 0:
             print(f"{R}Error:{RESET} Failed to install '{slug}' from ClawHub", file=sys.stderr)
@@ -73,19 +108,28 @@ def download_slug(slug):
                 print(f"  {DIM}{result.stderr.strip()}{RESET}", file=sys.stderr)
             shutil.rmtree(tmpdir, ignore_errors=True)
             return None
+
         # Find the installed skill directory
         entries = list(Path(tmpdir).iterdir())
         if not entries:
             print(f"{R}Error:{RESET} ClawHub install produced no output for '{slug}'", file=sys.stderr)
             shutil.rmtree(tmpdir, ignore_errors=True)
             return None
-        # If only one directory, use it directly
+
+        # Determine skill path
         if len(entries) == 1 and entries[0].is_dir():
-            return str(entries[0]), tmpdir
-        # Multiple entries — use the tmpdir itself
-        return tmpdir, tmpdir
+            skill_path = str(entries[0])
+        else:
+            skill_path = tmpdir
+
+        # SECURITY: Strip execute permissions from ALL downloaded files.
+        # We only need to read them for scanning — never execute them.
+        harden_skill_dir(skill_path)
+
+        return skill_path, tmpdir
+
     except FileNotFoundError:
-        print(f"{R}Error:{RESET} 'clawhub' CLI not found. Install it with: npm install -g @anthropic/clawhub", file=sys.stderr)
+        print(f"{R}Error:{RESET} 'clawhub' CLI not found. Install it with: npm install -g clawhub", file=sys.stderr)
         shutil.rmtree(tmpdir, ignore_errors=True)
         return None
     except subprocess.TimeoutExpired:
@@ -93,6 +137,7 @@ def download_slug(slug):
         shutil.rmtree(tmpdir, ignore_errors=True)
         return None
 
+
 def cmd_scan(args):
     """Run verification against a skill path or ClawHub slug."""
     target = args.target
@@ -137,6 +182,7 @@ def cmd_scan(args):
 
     sys.exit(result.returncode)
 
+
 def cmd_sync(args):
     """Run intel sync."""
     # Ensure intel directories exist
@@ -156,6 +202,7 @@ def cmd_sync(args):
     result = subprocess.run(cmd, text=True)
     sys.exit(result.returncode)
 
+
 def cmd_status(args):
     """Show cache status."""
     manifest_py = os.path.join(PKG_ROOT, "lib", "intel-sync", "manifest.py")
@@ -202,6 +249,7 @@ def cmd_status(args):
         pass
     print(f"  Last full sync: {updated}")
 
+
 def cmd_report(args):
     """View a saved report."""
     report_id = args.report_id
@@ -257,6 +305,7 @@ def cmd_report(args):
 
     print()
 
+
 def main():
     parser = argparse.ArgumentParser(
         prog="clawsec",
@@ -314,5 +363,6 @@ def main():
         parser.print_help()
         sys.exit(1)
 
+
 if __name__ == "__main__":
     main()

package/lib/skill-verify/verify.sh

@@ -3,7 +3,7 @@
 # Runs all 7 security checks against a skill, produces JSON report
 set -euo pipefail
 
-VERSION="2.0.0"
+VERSION="2.3.1"
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 CHECKS_DIR="${SCRIPT_DIR}/checks"
 
@@ -260,7 +260,8 @@ end_time=$(date +%s%N)
 elapsed_ms=$(( (end_time - start_time) / 1000000 ))
 
 # Generate report via safe temp file approach
-results_tmpfile=$(mktemp /tmp/clawsec-results.XXXXXX.json)
+results_tmpfile=$(mktemp ${TMPDIR:-/tmp}/clawsec-results.XXXXXX.json)
+trap "rm -f $results_tmpfile" EXIT INT TERM
 echo "$check_results" > "$results_tmpfile"
 
 report_json=$(python3 -c "
@@ -282,7 +283,7 @@ if [[ -z "$report_json" ]]; then
         --arg verdict "$verdict" \
         --arg path "$skill_path" \
         --argjson duration "$elapsed_ms" \
-        '{schema_version:"2.0.0",version:"2.0.0",verdict:$verdict,skill_path:$path,checks:.,scan_duration_ms:$duration}')
+        '{schema_version:"2.3.0",version:"2.3.0",verdict:$verdict,skill_path:$path,checks:.,scan_duration_ms:$duration}')
 fi
 
 verdict=$(echo "$report_json" | jq -r '.verdict')

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lowwattlabs/clawsec",
-  "version": "2.2.1",
+  "version": "2.3.1",
   "description": "ClawSec - Security Verification for ClawHub Skills",
   "bin": {
     "clawsec": "./bin/clawsec.js",
@@ -11,8 +11,7 @@
     "cli/",
     "lib/",
     "api/",
-    "requirements.txt",
-    "setup.sh"
+    "requirements.txt"
   ],
   "scripts": {
     "start": "node api/src/server.js",

package/setup.sh

@@ -1,200 +0,0 @@
-#!/usr/bin/env bash
-# ⚡ ClawSec v2 Dependency Setup
-# Installs all required tools for intel-sync and skill-verify
-set -euo pipefail
-
-VERSION="2.0.0"
-SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
-source "${SCRIPT_DIR}/lib/common/config.sh"
-INTEL_DIR="${CLAWSEC_INTEL_DIR}"
-CLAWSEC_USER="$(whoami)"
-
-RED='\033[0;31m'
-GREEN='\033[0;32m'
-YELLOW='\033[0;33m'
-BLUE='\033[0;34m'
-BOLD='\033[1m'
-RESET='\033[0m'
-
-log_info()  { echo -e "${BLUE}[INFO]${RESET} $*"; }
-log_ok()    { echo -e "${GREEN}[ OK ]${RESET} $*"; }
-log_warn()  { echo -e "${YELLOW}[WARN]${RESET} $*"; }
-log_err()   { echo -e "${RED}[ERR ]${RESET} $*"; }
-
-banner() {
-    echo -e "${BOLD}"
-    echo "  ╔═══════════════════════════════════════╗"
-    echo "  ║     ClawSec v${VERSION} Setup               ║"
-    echo "  ║     ⚡ Security Verification for Skills ║"
-    echo "  ╚═══════════════════════════════════════╝"
-    echo -e "${RESET}"
-}
-
-check_cmd() {
-    if command -v "$1" &>/dev/null; then
-        log_ok "$1 already installed: $(command -v "$1")"
-        return 0
-    else
-        return 1
-    fi
-}
-
-install_system_deps() {
-    log_info "Installing system dependencies..."
-    local needed=()
-    for pkg in curl wget git jq python3 python3-pip python3-venv libyara-dev yara; do
-        if ! dpkg -l "$pkg" &>/dev/null 2>&1; then
-            needed+=("$pkg")
-        fi
-    done
-
-    if [[ ${#needed[@]} -gt 0 ]]; then
-        sudo apt-get update -qq
-        sudo apt-get install -y -qq "${needed[@]}"
-        log_ok "System packages installed: ${needed[*]}"
-    else
-        log_ok "All system packages already installed"
-    fi
-}
-
-install_semgrep() {
-    if check_cmd semgrep; then return 0; fi
-    log_info "Installing Semgrep..."
-    pip3 install --user semgrep 2>/dev/null || pip install --user semgrep 2>/dev/null
-    export PATH="$HOME/.local/bin:$PATH"
-    if check_cmd semgrep; then
-        log_ok "Semgrep installed"
-    else
-        log_warn "Semgrep pip install failed, trying direct binary..."
-        curl -fsSL https://raw.githubusercontent.com/returntocorp/semgrep/main/install.sh | bash
-        log_ok "Semgrep installed via script"
-    fi
-}
-
-install_gitleaks() {
-    if check_cmd gitleaks; then return 0; fi
-    log_info "Installing Gitleaks..."
-    local arch="$(uname -m)"
-    local gitleaks_arch="x64"
-    [[ "$arch" == "aarch64" ]] && gitleaks_arch="arm64"
-
-    local latest
-    latest=$(curl -fsSL https://api.github.com/repos/gitleaks/gitleaks/releases/latest | jq -r '.tag_name')
-    local url="https://github.com/gitleaks/gitleaks/releases/download/${latest}/gitleaks_${latest:1}_linux_${gitleaks_arch}.tar.gz"
-
-    local tmpdir
-    tmpdir=$(mktemp -d)
-    curl -fsSL "$url" | tar -xz -C "$tmpdir"
-    mkdir -p "$HOME/.local/bin"
-    mv "$tmpdir/gitleaks" "$HOME/.local/bin/gitleaks"
-    chmod +x "$HOME/.local/bin/gitleaks"
-    rm -rf "$tmpdir"
-    log_ok "Gitleaks ${latest} installed"
-}
-
-install_yara_python() {
-    log_info "Checking yara-python..."
-    if python3 -c "import yara" 2>/dev/null; then
-        log_ok "yara-python already available"
-        return 0
-    fi
-    pip3 install --user yara-python 2>/dev/null || pip install --user yara-python 2>/dev/null
-    if python3 -c "import yara" 2>/dev/null; then
-        log_ok "yara-python installed"
-    else
-        log_warn "yara-python install failed — YARA scans may not work"
-    fi
-}
-
-setup_dirs() {
-    log_info "Setting up directory structure at ${CLAWSEC_HOME}..."
-    mkdir -p "${INTEL_DIR}"/{cisa-kev,osv,epss,malwarebazaar,urlhaus,threatfox,feodo,yara-rules,semgrep-rules}
-    mkdir -p "${CLAWSEC_HOME}/reports"
-    mkdir -p "${CLAWSEC_HOME}/venv"
-    log_ok "Directory structure ready at ${CLAWSEC_HOME}"
-}
-
-clone_rule_repos() {
-    log_info "Cloning/pulling rule repos..."
-
-    # YARA rules - Neo23x0/signature-base
-    local yara_dir="${INTEL_DIR}/yara-rules/repo"
-    if [[ -d "$yara_dir/.git" ]]; then
-        git -C "$yara_dir" pull --quiet 2>/dev/null && log_ok "YARA rules updated" || log_warn "YARA rules pull failed"
-    else
-        rm -rf "$yara_dir"
-        git clone --depth 1 https://github.com/Neo23x0/signature-base.git "$yara_dir" 2>/dev/null && log_ok "YARA rules cloned" || log_warn "YARA rules clone failed"
-    fi
-
-    # Semgrep rules
-    local semgrep_dir="${INTEL_DIR}/semgrep-rules/repo"
-    if [[ -d "$semgrep_dir/.git" ]]; then
-        git -C "$semgrep_dir" pull --quiet 2>/dev/null && log_ok "Semgrep rules updated" || log_warn "Semgrep rules pull failed"
-    else
-        rm -rf "$semgrep_dir"
-        git clone --depth 1 https://github.com/returntocorp/semgrep-rules.git "$semgrep_dir" 2>/dev/null && log_ok "Semgrep rules cloned" || log_warn "Semgrep rules clone failed"
-    fi
-}
-
-setup_python_env() {
-    log_info "Setting up Python virtual environment..."
-    local venv_dir="${CLAWSEC_HOME}/venv"
-    if [[ ! -d "$venv_dir" ]] || [[ ! -f "$venv_dir/bin/python3" ]]; then
-        python3 -m venv "$venv_dir"
-    fi
-    source "$venv_dir/bin/activate"
-    pip install --quiet --upgrade pip
-    if [[ -f "${SCRIPT_DIR}/requirements.txt" ]]; then
-        pip install --quiet -r "${SCRIPT_DIR}/requirements.txt"
-    fi
-    deactivate
-    log_ok "Python venv ready at $venv_dir"
-}
-
-verify_install() {
-    echo ""
-    log_info "Verifying installations..."
-    echo ""
-    local all_ok=true
-
-    for cmd in python3 jq curl git; do
-        if check_cmd "$cmd"; then :; else
-            log_err "$cmd NOT found"
-            all_ok=false
-        fi
-    done
-
-    for cmd in semgrep gitleaks yara; do
-        if check_cmd "$cmd"; then :; else
-            log_warn "$cmd NOT found — some checks will be unavailable"
-        fi
-    done
-
-    echo ""
-    if $all_ok; then
-        log_ok "Core dependencies verified"
-    else
-        log_err "Some core dependencies missing — review above"
-    fi
-}
-
-main() {
-    banner
-
-    export PATH="$HOME/.local/bin:$PATH"
-
-    install_system_deps
-    install_semgrep
-    install_gitleaks
-    install_yara_python
-    setup_dirs
-    clone_rule_repos
-    setup_python_env
-    verify_install
-
-    echo ""
-    log_ok "Setup complete. Run: clawsec scan <path>  (to verify a skill)"
-    log_ok "               clawsec sync          (to populate intel cache)"
-}
-
-main "$@"