@mseep/open-computer-use 1.0.0

package/skills/public/sub-agent/references/security-review.md

@@ -0,0 +1,153 @@
+# Security Review Prompt Template
+
+Use this prompt as a reference when creating security review tasks for sub-agent.
+
+---
+
+## ROLE
+You are a senior security engineer conducting a focused security review.
+
+## DIRECTIVE
+Perform a security-focused code review to identify HIGH-CONFIDENCE security vulnerabilities that could have real exploitation potential. Focus ONLY on security implications.
+
+## CONSTRAINTS
+CRITICAL INSTRUCTIONS:
+1. MINIMIZE FALSE POSITIVES: Only flag issues where you're >80% confident of actual exploitability
+2. AVOID NOISE: Skip theoretical issues, style concerns, or low-impact findings
+3. FOCUS ON IMPACT: Prioritize vulnerabilities that could lead to unauthorized access, data breaches, or system compromise
+4. EXCLUSIONS: Do NOT report:
+   - Denial of Service (DOS) vulnerabilities
+   - Secrets stored on disk (handled by other processes)
+   - Rate limiting or resource exhaustion issues
+
+## PROCESS
+
+### Phase 1 - Repository Context Research
+- Identify existing security frameworks and libraries in use
+- Look for established secure coding patterns in the codebase
+- Examine existing sanitization and validation patterns
+- Understand the project's security model and threat model
+
+### Phase 2 - Comparative Analysis
+- Compare code against existing security patterns
+- Identify deviations from established secure practices
+- Look for inconsistent security implementations
+- Flag code that introduces new attack surfaces
+
+### Phase 3 - Vulnerability Assessment
+- Examine each file for security implications
+- Trace data flow from user inputs to sensitive operations
+- Look for privilege boundaries being crossed unsafely
+- Identify injection points and unsafe deserialization
+
+## OUTPUT
+
+Create a markdown report with findings. For each vulnerability include:
+- File and line number
+- Severity (HIGH/MEDIUM/LOW)
+- Category (e.g., sql_injection, xss)
+- Description
+- Exploit Scenario
+- Recommendation
+
+**Example:**
+```markdown
+# Vuln 1: XSS: `foo.py:42`
+
+* Severity: High
+* Description: User input from `username` parameter is directly interpolated into HTML without escaping
+* Exploit Scenario: Attacker crafts URL like /bar?q=<script>alert(document.cookie)</script> to execute JavaScript
+* Recommendation: Use escape() function or templates with auto-escaping enabled
+```
+
+---
+
+## Security Categories to Examine
+
+**Input Validation Vulnerabilities:**
+- SQL injection via unsanitized user input
+- Command injection in system calls or subprocesses
+- XXE injection in XML parsing
+- Template injection in templating engines
+- NoSQL injection in database queries
+- Path traversal in file operations
+
+**Authentication & Authorization Issues:**
+- Authentication bypass logic
+- Privilege escalation paths
+- Session management flaws
+- JWT token vulnerabilities
+- Authorization logic bypasses
+
+**Crypto & Secrets Management:**
+- Hardcoded API keys, passwords, or tokens
+- Weak cryptographic algorithms or implementations
+- Improper key storage or management
+- Cryptographic randomness issues
+- Certificate validation bypasses
+
+**Injection & Code Execution:**
+- Remote code execution via deserialization
+- Pickle injection in Python
+- YAML deserialization vulnerabilities
+- Eval injection in dynamic code execution
+- XSS vulnerabilities in web applications
+
+**Data Exposure:**
+- Sensitive data logging or storage
+- PII handling violations
+- API endpoint data leakage
+- Debug information exposure
+
+---
+
+## Severity Guidelines
+
+- **HIGH**: Directly exploitable vulnerabilities leading to RCE, data breach, or authentication bypass
+- **MEDIUM**: Vulnerabilities requiring specific conditions but with significant impact
+- **LOW**: Defense-in-depth issues or lower-impact vulnerabilities
+
+## Confidence Scoring
+
+- 0.9-1.0: Certain exploit path identified
+- 0.8-0.9: Clear vulnerability pattern with known exploitation methods
+- 0.7-0.8: Suspicious pattern requiring specific conditions to exploit
+- Below 0.7: Don't report (too speculative)
+
+---
+
+## Hard Exclusions (False Positive Filtering)
+
+Automatically exclude findings matching these patterns:
+1. Denial of Service (DOS) or resource exhaustion attacks
+2. Secrets stored on disk if otherwise secured
+3. Rate limiting concerns
+4. Memory consumption or CPU exhaustion issues
+5. Lack of input validation on non-security-critical fields
+6. Input sanitization in GitHub Actions unless clearly triggerable via untrusted input
+7. Lack of hardening measures (only flag concrete vulnerabilities)
+8. Theoretical race conditions or timing attacks
+9. Outdated third-party libraries (managed separately)
+10. Memory safety issues in memory-safe languages (Rust, etc.)
+11. Files that are only unit tests
+12. Log spoofing concerns
+13. SSRF that only controls the path (not host/protocol)
+14. User-controlled content in AI system prompts
+15. Regex injection
+16. Findings in documentation files
+17. Lack of audit logs
+
+## Precedents
+
+1. Logging high-value secrets in plaintext IS a vulnerability. Logging URLs is safe.
+2. UUIDs can be assumed to be unguessable
+3. Environment variables and CLI flags are trusted values
+4. Resource management issues (memory/file descriptor leaks) are not valid
+5. Subtle web vulnerabilities (tabnabbing, XS-Leaks, prototype pollution, open redirects) - only report if extremely high confidence
+6. React and Angular are generally secure against XSS unless using dangerouslySetInnerHTML or bypassSecurityTrustHtml
+7. Most GitHub Actions vulnerabilities are not exploitable - ensure concrete attack path
+8. Client-side JS/TS doesn't need permission checking - backend handles it
+9. Only include MEDIUM findings if obvious and concrete
+10. Most ipython notebook vulnerabilities are not exploitable - ensure concrete attack path
+11. Logging non-PII data is not a vulnerability
+12. Command injection in shell scripts requires concrete untrusted input path

package/skills/public/sub-agent/references/usage.md

@@ -0,0 +1,207 @@
+# Sub-Agent Usage Guide
+
+Detailed templates and reference for sub_agent tool. For basic usage, see SKILL.md.
+
+**Scope reminder:** `sub_agent` is for complex CODE tasks that require 10+ iterative
+tool calls (multi-file refactoring with test loops, code review with fixes across
+many files, iterative test-fix cycles). Do **not** delegate presentations, research,
+documentation writing, or anything completable in under 10 tool calls — handle those
+yourself. Only delegate non-code work if the user explicitly asks.
+
+---
+
+## Task Templates
+
+### Refactoring
+
+```
+sub_agent(
+    task="""
+## ROLE
+You are a [LANGUAGE] refactoring specialist.
+
+## DIRECTIVE
+[Specific operation: rename class, extract method, migrate pattern]
+
+## CONSTRAINTS
+- Do NOT modify test assertions content
+- Do NOT refactor unrelated code
+- Follow existing code style: [formatter]
+
+## PROCESS
+1. Find target definition
+2. Identify all usages with grep
+3. Update definition and all usages
+4. Run formatter on changed files
+
+## OUTPUT
+- All affected files updated
+- Verify: run [test command] - all tests must pass
+- Create summary of changed files
+""",
+    description="[Brief description]",
+    max_turns=30
+)
+```
+
+---
+
+### Code Review
+
+```
+sub_agent(
+    task="""
+## ROLE
+You are a security engineer reviewing code for vulnerabilities.
+
+## DIRECTIVE
+Review [SCOPE] for [TYPE] issues and create report.
+
+## CONSTRAINTS
+- Focus on HIGH confidence issues only
+- Do NOT report theoretical vulnerabilities
+- Auto-fix only safe issues, report others
+
+## PROCESS
+1. Scan codebase for vulnerability patterns
+2. Trace data flow from inputs to sensitive operations
+3. Categorize findings by severity
+4. Create detailed report
+
+## OUTPUT
+- Create /mnt/user-data/outputs/security_review.md
+- Group by severity (Critical/High/Medium)
+- Include file:line references
+""",
+    description="[Brief description]",
+    model="<discover via list-subagent-models, then pick a high-reasoning option for code review>",
+    max_turns=40
+)
+```
+
+See `references/security-review.md` for detailed security review guidelines.
+
+---
+
+### Test-Fix Cycle
+
+```
+sub_agent(
+    task="""
+## ROLE
+You are a debugging specialist fixing test failures.
+
+## DIRECTIVE
+Run tests, analyze failures, fix issues until all pass.
+
+## CONSTRAINTS
+- Do NOT modify test assertions without approval
+- Fix only failing tests, not warnings
+- Max [N] fix attempts before reporting
+
+## PROCESS
+1. Run test suite: [command]
+2. Analyze failure output
+3. Fix identified issue
+4. Re-run tests
+5. Repeat until pass or max attempts
+
+## OUTPUT
+- All tests passing (or report unfixable)
+- Summary of fixes applied
+""",
+    description="[Brief description]",
+    max_turns=25
+)
+```
+
+---
+
+## Anti-Patterns
+
+### Vague Tasks
+```
+# BAD
+task="Fix the tests"
+task="Refactor the code"
+```
+
+### Missing Output Location
+```
+# BAD - where to save?
+task="Create an analysis report"
+
+# GOOD
+## OUTPUT
+- Save to /mnt/user-data/outputs/report.md
+```
+
+### No Verification
+```
+# BAD - how to verify?
+task="Update all imports"
+
+# GOOD
+## OUTPUT
+- Verify: run pytest - all tests must pass
+```
+
+### Missing Constraints
+```
+# BAD - what style? what to preserve?
+task="Add docstrings to functions"
+
+# GOOD
+## CONSTRAINTS
+- Use Google-style docstrings
+- Only public functions
+- Do NOT modify existing docstrings
+```
+
+---
+
+## Mode Selection
+
+| Mode | Use When |
+|------|----------|
+| `act` (default) | Execute immediately with full permissions |
+| `plan` | Planning only, no file modifications. Use to understand scope first |
+
+---
+
+## Model Selection
+
+Run `list-subagent-models` first; it prints the available ids for the active CLI. As guidance for picking among them:
+
+- **Fast / cheaper models**: refactoring, file processing, test-fix cycles, anything iterative.
+- **High-reasoning / more capable models**: complex debugging, architecture decisions, security analysis, anything single-shot needing depth.
+
+For claude, the canonical baseline alias is <!-- canonical-example -->`sonnet`<!-- /canonical-example --> (fast); the CLI internally resolves it. For opencode and codex, you MUST pass a concrete `<provider>/<model-id>` from the discovery output — there is no implicit fallback.
+
+---
+
+## Max Turns Guide
+
+Single-file or few-file work belongs in the main session — do not delegate
+those. The table starts at the smallest size that is still in-scope for
+`sub_agent` (multi-file refactors + test loops).
+
+| max_turns | Use Case |
+|-----------|----------|
+| 25 | (default) Short multi-file refactor with test verification |
+| 30-40 | Medium multi-file refactoring (5-10 files + tests) |
+| 50-80 | Large multi-file refactoring with test loops, iterative test-fix cycles |
+| 100+ | Full codebase refactoring |
+
+---
+
+## Environment
+
+The sub-agent has access to:
+- `/home/assistant` - Working directory
+- `/home/assistant/task_plan.md` - Task saved here (re-read if context compacts)
+- `/mnt/user-data/uploads` - User files (read-only)
+- `/mnt/user-data/outputs` - Output files (accessible to user)
+- `/mnt/skills/` - All skills documentation
+- Full internet access
+- All installed tools (Python, Node.js, LibreOffice, etc.)

package/skills/public/sub-agent/scripts/list_subagent_models.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: MIT
+# Copyright (c) 2025 Open Computer Use Contributors
+#
+# Thin wrapper around the canonical list-subagent-models Python tool.
+# Mirrors skills/public/gitlab-explorer/scripts/check_gitlab_auth.sh pattern.
+# Does NOT implement model enumeration — single source of truth is the Python tool.
+# Per D-04 / D-15 (01-CONTEXT.md): exec the canonical tool, no parallel implementations.
+#
+# Usage: bash /mnt/skills/public/sub-agent/scripts/list_subagent_models.sh
+
+set -euo pipefail
+
+if ! command -v list-subagent-models >/dev/null 2>&1; then
+    echo "list-subagent-models is not on \$PATH inside this sandbox." >&2
+    echo "Expected installation: /usr/local/bin/list-subagent-models (see Dockerfile)." >&2
+    exit 127
+fi
+
+echo "==> Discovering sub-agent models for SUBAGENT_CLI=${SUBAGENT_CLI:-claude} ..." >&2
+
+exec list-subagent-models "$@"