npm - @musashimiyamoto/agent-guard - Versions diffs - 0.2.2 → 0.3.1 - Mend

@musashimiyamoto/agent-guard 0.2.2 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -52,8 +52,7 @@ Every skill should include `skill.manifest.json`:
   "metadata": {
     "name": "my-skill",
     "version": "1.0.0",
-    "author": "agent:id",
-    "isnad_root": "human:owner"
+    "author": "developer-name"
   },
   "permissions": {
     "network": {
@@ -73,15 +72,6 @@ Every skill should include `skill.manifest.json`:
 }
 ```
-## Trust Tiers (Isnād)
-| Tier | Name | Meaning |
-|------|------|---------|
-| 🥇 | Thiqah | Audited by 3+ trusted agents, signed |
-| 🥈 | Hasan | Reputable author, signed manifest |
-| 🥉 | Da'if | Unsigned/unaudited, sandbox required |
-| 💀 | Matruk | Confirmed malicious, blocked |
 ## Exit Codes
 - `0` — No critical findings

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@musashimiyamoto/agent-guard",
-  "version": "0.2.2",
+  "version": "0.3.1",
   "description": "Security scanner for AI agent configurations. Detects misconfigurations, exposed secrets, and unsafe skill patterns.",
   "main": "src/index.js",
   "bin": {

package/src/cli.js CHANGED Viewed

@@ -8,7 +8,7 @@ import { resolve } from 'path';
 import { createProxy } from './proxy/index.js';
-const VERSION = '0.2.2';
+const VERSION = '0.3.1';
 const FEEDBACK_URL = 'https://github.com/MusashiMiyamoto1-cloud/agent-guard/issues/new';
 const REPO_URL = 'https://github.com/MusashiMiyamoto1-cloud/agent-guard';

package/src/rules/index.js CHANGED Viewed

@@ -74,10 +74,13 @@ export const rules = [
     severity: 'critical',
     description: 'Finds OpenAI API keys in agent files',
     patterns: [
-      /sk-[a-zA-Z0-9]{20,}/g,
-      /sk-proj-[a-zA-Z0-9]{20,}/g
+      /sk-proj-[a-zA-Z0-9_-]{10,}/g,
+      /sk-live-[a-zA-Z0-9_-]{10,}/g,
+      /sk-test-[a-zA-Z0-9_-]{10,}/g,
+      /sk-[a-zA-Z0-9_-]{20,}/g,
+      /OPENAI_API_KEY\s*[:=]\s*["']?[a-zA-Z0-9_-]{10,}["']?/g
     ],
-    files: ['*.md', '*.yaml', '*.yml', '*.json', '*.txt', 'SOUL.md', 'HEARTBEAT.md']
+    files: ['*']
   },
   {
     id: 'SEC-002',
@@ -89,7 +92,7 @@ export const rules = [
       /gho_[a-zA-Z0-9]{36}/g,
       /github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}/g
     ],
-    files: ['*.md', '*.yaml', '*.yml', '*.json', '*.txt', '.env']
+    files: ['*']
   },
   {
     id: 'SEC-003',
@@ -120,11 +123,12 @@ export const rules = [
     severity: 'high',
     description: 'Finds generic hardcoded secrets',
     patterns: [
-      /api[_-]?key\s*[:=]\s*["'][a-zA-Z0-9]{16,}["']/gi,
-      /secret\s*[:=]\s*["'][a-zA-Z0-9]{16,}["']/gi,
-      /token\s*[:=]\s*["'][a-zA-Z0-9]{16,}["']/gi
+      /api[_-]?key\s*[:=]\s*["'][a-zA-Z0-9_-]{10,}["']/gi,
+      /secret\s*[:=]\s*["'][a-zA-Z0-9_-]{10,}["']/gi,
+      /token\s*[:=]\s*["'][a-zA-Z0-9_-]{10,}["']/gi,
+      /["']?apiKey["']?\s*[:=]\s*["'][a-zA-Z0-9_-]{10,}["']/gi
     ],
-    files: ['*.md', '*.yaml', '*.yml', '*.json', 'SOUL.md']
+    files: ['*']
   },
   {
@@ -211,9 +215,11 @@ export const rules = [
     severity: 'critical',
     description: 'Finds Stripe API keys',
     patterns: [
-      /sk_live_[0-9a-zA-Z]{24,}/g,
-      /sk_test_[0-9a-zA-Z]{24,}/g,
-      /rk_live_[0-9a-zA-Z]{24,}/g
+      /sk_live_[0-9a-zA-Z]{8,}/g,
+      /sk_test_[0-9a-zA-Z]{8,}/g,
+      /rk_live_[0-9a-zA-Z]{8,}/g,
+      /pk_live_[0-9a-zA-Z]{8,}/g,
+      /pk_test_[0-9a-zA-Z]{8,}/g
     ],
     files: ['*']
   },
@@ -375,12 +381,57 @@ export const rules = [
     severity: 'critical',
     description: 'Tool allows unrestricted filesystem or network access',
     patterns: [
-      /allow_all_tools\s*[:=]\s*true/gi,
-      /tool_restrictions\s*[:=]\s*false/gi,
-      /sandbox\s*[:=]\s*false/gi,
-      /unrestricted\s*[:=]\s*true/gi
+      /allow_all_tools["']?\s*[:=]\s*true/gi,
+      /tool_restrictions["']?\s*[:=]\s*false/gi,
+      /["']?sandbox["']?\s*[:=]\s*["']?false["']?/gi,
+      /["']?unrestricted["']?\s*[:=]\s*["']?true["']?/gi
+    ],
+    files: ['*.yaml', '*.yml', '*.json', 'config.*', 'AGENTS.md', 'openclaw.json']
+  },
+  // Wildcard Allowlist
+  {
+    id: 'TOOL-002',
+    name: 'Wildcard Allowlist',
+    severity: 'critical',
+    description: 'Tool or skill has wildcard allowlist permitting all operations',
+    patterns: [
+      /allowlist["']?\s*[:=]\s*\[\s*["']\*["']\s*\]/gi,
+      /allowlist["']?\s*[:=]\s*["']\*["']/gi,
+      /allow["']?\s*[:=]\s*\[\s*["']\*["']\s*\]/gi,
+      /permissions["']?\s*[:=]\s*["']\*["']/gi
+    ],
+    files: ['*.yaml', '*.yml', '*.json', 'config.*', 'openclaw.json']
+  },
+  // Database URL with embedded credentials
+  {
+    id: 'SEC-017',
+    name: 'Database URL with Credentials',
+    severity: 'critical',
+    description: 'Database connection string with embedded password',
+    patterns: [
+      /(?:postgres|mysql|mongodb|redis|amqp)(?:ql)?:\/\/[^:]+:[^@]+@[^\s"']+/gi,
+      /DATABASE_URL\s*[:=]\s*["']?[^\s"']+:\/\/[^:]+:[^@]+@/gi
+    ],
+    files: ['*']
+  },
+  // Prompt Injection Vulnerability
+  {
+    id: 'INJ-002',
+    name: 'Prompt Injection Risk',
+    severity: 'high',
+    description: 'System prompt contains patterns vulnerable to injection attacks',
+    patterns: [
+      /follow\s+(?:all|any)\s+instructions/gi,
+      /do\s+whatever\s+(?:the\s+)?(?:user|they|anyone)\s+asks/gi,
+      /obey\s+(?:all|any)\s+(?:commands|instructions|requests)/gi,
+      /no\s+restrictions/gi,
+      /ignore\s+(?:previous|prior|all)\s+(?:instructions|rules|guidelines)/gi,
+      /you\s+have\s+no\s+(?:limits|boundaries|restrictions)/gi
     ],
-    files: ['*.yaml', '*.yml', '*.json', 'config.*', 'AGENTS.md']
+    files: ['SOUL.md', 'SYSTEM.md', '*.md', 'system_prompt.*']
   }
 ];

package/src/scanner.js CHANGED Viewed

@@ -105,6 +105,8 @@ export class Scanner {
       if (pattern.startsWith('*.')) {
         const ext = pattern.slice(1);
         if (fileName.endsWith(ext)) return true;
+      } else if (pattern === '.env' && (fileName === '.env' || fileName.startsWith('.env.'))) {
+        return true;
       } else if (fileName === pattern) {
         return true;
       } else if (pattern.includes('*')) {
@@ -175,6 +177,12 @@ export class Scanner {
       }
     }
+    // Deduplicate: skip if same rule+file+line already recorded
+    const isDuplicate = this.findings.some(f =>
+      f.rule === rule.id && f.file === filePath && f.line === lineNum
+    );
+    if (isDuplicate) return;
     // Redact sensitive values
     const redactedMatch = this.redactSensitive(match);
@@ -207,11 +215,16 @@ export class Scanner {
     const low = this.findings.filter(f => f.severity === 'low');
     // Calculate score (0-100)
-    // Weights: Critical=30, High=20, Medium=5, Low=2
-    // 1 High = 80 (B), 1 Critical = 70 (C)
+    // Weights: Critical=30, High=15, Medium=5, Low=2
+    // But multiple criticals compound: 2+ criticals = max 30, 4+ = max 10
+    const criticalPenalty = critical.length === 0 ? 0 :
+      critical.length === 1 ? 30 :
+      critical.length <= 3 ? 30 + (critical.length - 1) * 20 :
+      90 + (critical.length - 3) * 3; // 4+ criticals → near zero
     const score = Math.max(0, 100 - (
-      critical.length * 30 +
-      high.length * 20 +
+      criticalPenalty +
+      high.length * 15 +
       medium.length * 5 +
       low.length * 2
     ));