npm - @panguard-ai/panguard-skill-auditor - Versions diffs - 0.1.0 - Mend

@panguard-ai/panguard-skill-auditor 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/LICENSE +21 -0
package/dist/checks/code-check.d.ts +7 -0
package/dist/checks/code-check.d.ts.map +1 -0
package/dist/checks/code-check.js +67 -0
package/dist/checks/code-check.js.map +1 -0
package/dist/checks/dependency-check.d.ts +10 -0
package/dist/checks/dependency-check.d.ts.map +1 -0
package/dist/checks/dependency-check.js +99 -0
package/dist/checks/dependency-check.js.map +1 -0
package/dist/checks/instruction-check.d.ts +13 -0
package/dist/checks/instruction-check.d.ts.map +1 -0
package/dist/checks/instruction-check.js +158 -0
package/dist/checks/instruction-check.js.map +1 -0
package/dist/checks/manifest-check.d.ts +7 -0
package/dist/checks/manifest-check.d.ts.map +1 -0
package/dist/checks/manifest-check.js +75 -0
package/dist/checks/manifest-check.js.map +1 -0
package/dist/checks/permission-check.d.ts +10 -0
package/dist/checks/permission-check.d.ts.map +1 -0
package/dist/checks/permission-check.js +63 -0
package/dist/checks/permission-check.js.map +1 -0
package/dist/index.d.ts +22 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +59 -0
package/dist/index.js.map +1 -0
package/dist/manifest-parser.d.ts +16 -0
package/dist/manifest-parser.d.ts.map +1 -0
package/dist/manifest-parser.js +74 -0
package/dist/manifest-parser.js.map +1 -0
package/dist/risk-scorer.d.ts +17 -0
package/dist/risk-scorer.d.ts.map +1 -0
package/dist/risk-scorer.js +36 -0
package/dist/risk-scorer.js.map +1 -0
package/dist/types.d.ts +66 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +8 -0
package/dist/types.js.map +1 -0
package/package.json +34 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025-2026 Panguard AI Team
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/checks/code-check.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Code security check - wraps panguard-scan SAST + secrets scanners
+ * 程式碼安全檢查 - 包裝 panguard-scan 的 SAST 和密鑰掃描器
+ */
+import type { CheckResult } from '../types.js';
+export declare function checkCode(skillDir: string): Promise<CheckResult>;
+//# sourceMappingURL=code-check.d.ts.map

package/dist/checks/code-check.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"code-check.d.ts","sourceRoot":"","sources":["../../src/checks/code-check.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAgB,WAAW,EAAE,MAAM,aAAa,CAAC;AAG7D,wBAAsB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAsEtE"}

package/dist/checks/code-check.js ADDED Viewed

@@ -0,0 +1,67 @@
+/**
+ * Code security check - wraps panguard-scan SAST + secrets scanners
+ * 程式碼安全檢查 - 包裝 panguard-scan 的 SAST 和密鑰掃描器
+ */
+export async function checkCode(skillDir) {
+    const findings = [];
+    // Dynamic import to handle case where panguard-scan is not available
+    let checkSourceCode = null;
+    let checkHardcodedSecrets = null;
+    try {
+        const scan = await import('@panguard-ai/panguard-scan');
+        if (typeof scan.checkSourceCode === 'function') {
+            checkSourceCode = scan.checkSourceCode;
+        }
+        if (typeof scan.checkHardcodedSecrets === 'function') {
+            checkHardcodedSecrets = scan.checkHardcodedSecrets;
+        }
+    }
+    catch {
+        return {
+            status: 'info',
+            label: 'Code: panguard-scan not available, skipping code analysis',
+            findings: [],
+        };
+    }
+    const [codeResults, secretResults] = await Promise.all([
+        checkSourceCode ? checkSourceCode(skillDir) : Promise.resolve([]),
+        checkHardcodedSecrets ? checkHardcodedSecrets(skillDir) : Promise.resolve([]),
+    ]);
+    let scriptFileCount = 0;
+    for (const finding of codeResults) {
+        findings.push({
+            id: `code-${finding.id}`,
+            title: finding.title,
+            description: finding.description,
+            severity: finding.severity,
+            category: 'code',
+            location: finding.details,
+        });
+    }
+    scriptFileCount += codeResults.length > 0 ? codeResults.length : 0;
+    for (const finding of secretResults) {
+        findings.push({
+            id: `secret-${finding.id}`,
+            title: finding.title,
+            description: finding.description,
+            severity: finding.severity,
+            category: 'secrets',
+            location: finding.details,
+        });
+    }
+    const hasCritical = findings.some((f) => f.severity === 'critical');
+    const hasHigh = findings.some((f) => f.severity === 'high');
+    const status = hasCritical ? 'fail' : hasHigh ? 'warn' : findings.length > 0 ? 'warn' : 'pass';
+    const codeLabel = findings.filter((f) => f.category === 'code').length === 0
+        ? `Code: No vulnerabilities found`
+        : `Code: ${findings.filter((f) => f.category === 'code').length} issue(s) found`;
+    const secretLabel = findings.filter((f) => f.category === 'secrets').length === 0
+        ? 'Secrets: No hardcoded credentials found'
+        : `Secrets: ${findings.filter((f) => f.category === 'secrets').length} credential(s) exposed`;
+    return {
+        status,
+        label: `${codeLabel}; ${secretLabel}`,
+        findings,
+    };
+}
+//# sourceMappingURL=code-check.js.map

package/dist/checks/code-check.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"code-check.js","sourceRoot":"","sources":["../../src/checks/code-check.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,QAAgB;IAC9C,MAAM,QAAQ,GAAmB,EAAE,CAAC;IAEpC,qEAAqE;IACrE,IAAI,eAAe,GAAuI,IAAI,CAAC;IAC/J,IAAI,qBAAqB,GAAuI,IAAI,CAAC;IAErK,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,4BAA4B,CAAC,CAAC;QACxD,IAAI,OAAO,IAAI,CAAC,eAAe,KAAK,UAAU,EAAE,CAAC;YAC/C,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC;QACzC,CAAC;QACD,IAAI,OAAO,IAAI,CAAC,qBAAqB,KAAK,UAAU,EAAE,CAAC;YACrD,qBAAqB,GAAG,IAAI,CAAC,qBAAqB,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,MAAM;YACd,KAAK,EAAE,2DAA2D;YAClE,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACrD,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACjE,qBAAqB,CAAC,CAAC,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;KAC9E,CAAC,CAAC;IAEH,IAAI,eAAe,GAAG,CAAC,CAAC;IAExB,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,QAAQ,OAAO,CAAC,EAAE,EAAE;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,OAAO,CAAC,OAAO;SAC1B,CAAC,CAAC;IACL,CAAC;IACD,eAAe,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnE,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,UAAU,OAAO,CAAC,EAAE,EAAE;YAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,OAAO,CAAC,OAAO;SAC1B,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IACpE,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IAE/F,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC;QAC1E,CAAC,CAAC,gCAAgC;QAClC,CAAC,CAAC,SAAS,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,iBAAiB,CAAC;IAEnF,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,MAAM,KAAK,CAAC;QAC/E,CAAC,CAAC,yCAAyC;QAC3C,CAAC,CAAC,YAAY,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,MAAM,wBAAwB,CAAC;IAEhG,OAAO;QACL,MAAM;QACN,KAAK,EAAE,GAAG,SAAS,KAAK,WAAW,EAAE;QACrC,QAAQ;KACT,CAAC;AACJ,CAAC"}

package/dist/checks/dependency-check.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Dependency and external resource analysis
+ * 依賴和外部資源分析
+ *
+ * Extracts URLs, API endpoints, and tool references from skill instructions.
+ * 從技能指令中擷取 URL、API 端點和工具引用。
+ */
+import type { SkillManifest, CheckResult } from '../types.js';
+export declare function checkDependencies(manifest: SkillManifest): CheckResult;
+//# sourceMappingURL=dependency-check.d.ts.map

package/dist/checks/dependency-check.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"dependency-check.d.ts","sourceRoot":"","sources":["../../src/checks/dependency-check.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAgB,WAAW,EAAE,MAAM,aAAa,CAAC;AAe5E,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,aAAa,GAAG,WAAW,CAuFtE"}

package/dist/checks/dependency-check.js ADDED Viewed

@@ -0,0 +1,99 @@
+/**
+ * Dependency and external resource analysis
+ * 依賴和外部資源分析
+ *
+ * Extracts URLs, API endpoints, and tool references from skill instructions.
+ * 從技能指令中擷取 URL、API 端點和工具引用。
+ */
+/** Well-known safe domains */
+const SAFE_DOMAINS = new Set([
+    'github.com', 'gitlab.com', 'bitbucket.org',
+    'npmjs.com', 'pypi.org', 'crates.io',
+    'google.com', 'googleapis.com', 'microsoft.com',
+    'stackoverflow.com', 'developer.mozilla.org',
+    'docs.python.org', 'nodejs.org',
+]);
+const URL_RE = /https?:\/\/[^\s"'<>)\]]+/gi;
+const NPM_INSTALL_RE = /npm\s+install\s+(?:-[gD]\s+)?([^\s;|&]+)/gi;
+const PIP_INSTALL_RE = /pip\s+install\s+([^\s;|&]+)/gi;
+export function checkDependencies(manifest) {
+    const findings = [];
+    const instructions = manifest.instructions;
+    // Extract URLs
+    const urls = [...new Set(instructions.match(URL_RE) ?? [])];
+    const externalDomains = [];
+    for (const url of urls) {
+        try {
+            const parsed = new URL(url);
+            const domain = parsed.hostname;
+            const baseDomain = domain.split('.').slice(-2).join('.');
+            if (!SAFE_DOMAINS.has(baseDomain) && !SAFE_DOMAINS.has(domain)) {
+                externalDomains.push(domain);
+            }
+        }
+        catch {
+            // Invalid URL, skip
+        }
+    }
+    if (externalDomains.length > 0) {
+        findings.push({
+            id: 'dep-external-urls',
+            title: `References ${externalDomains.length} external domain(s)`,
+            description: `Skill references non-standard domains: ${externalDomains.join(', ')}. Verify these are legitimate.`,
+            severity: 'low',
+            category: 'dependency',
+        });
+    }
+    // Check for npm/pip installs
+    const npmPackages = [];
+    let npmMatch;
+    while ((npmMatch = NPM_INSTALL_RE.exec(instructions)) !== null) {
+        if (npmMatch[1])
+            npmPackages.push(npmMatch[1]);
+    }
+    const pipPackages = [];
+    let pipMatch;
+    while ((pipMatch = PIP_INSTALL_RE.exec(instructions)) !== null) {
+        if (pipMatch[1])
+            pipPackages.push(pipMatch[1]);
+    }
+    if (npmPackages.length > 0 || pipPackages.length > 0) {
+        const all = [...npmPackages.map((p) => `npm:${p}`), ...pipPackages.map((p) => `pip:${p}`)];
+        findings.push({
+            id: 'dep-package-installs',
+            title: 'Skill installs external packages',
+            description: `Packages: ${all.join(', ')}. Review these for supply chain risks.`,
+            severity: 'medium',
+            category: 'dependency',
+        });
+    }
+    // Check metadata requires
+    const requires = manifest.metadata?.openclaw?.requires;
+    if (requires?.bins && requires.bins.length > 0) {
+        findings.push({
+            id: 'dep-required-bins',
+            title: `Requires ${requires.bins.length} system binary(ies)`,
+            description: `Required binaries: ${requires.bins.join(', ')}`,
+            severity: 'low',
+            category: 'dependency',
+        });
+    }
+    if (requires?.env && requires.env.length > 0) {
+        findings.push({
+            id: 'dep-required-env',
+            title: `Requires ${requires.env.length} environment variable(s)`,
+            description: `Required env vars: ${requires.env.join(', ')}. Ensure these don't expose sensitive credentials.`,
+            severity: 'low',
+            category: 'dependency',
+        });
+    }
+    const status = findings.some((f) => f.severity === 'high' || f.severity === 'critical')
+        ? 'warn'
+        : 'info';
+    const urlCount = urls.length;
+    const label = urlCount > 0
+        ? `Dependencies: ${urlCount} URL(s), ${externalDomains.length} external domain(s)`
+        : 'Dependencies: No external references found';
+    return { status, label, findings };
+}
+//# sourceMappingURL=dependency-check.js.map

package/dist/checks/dependency-check.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dependency-check.js","sourceRoot":"","sources":["../../src/checks/dependency-check.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,8BAA8B;AAC9B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,YAAY,EAAE,YAAY,EAAE,eAAe;IAC3C,WAAW,EAAE,UAAU,EAAE,WAAW;IACpC,YAAY,EAAE,gBAAgB,EAAE,eAAe;IAC/C,mBAAmB,EAAE,uBAAuB;IAC5C,iBAAiB,EAAE,YAAY;CAChC,CAAC,CAAC;AAEH,MAAM,MAAM,GAAG,4BAA4B,CAAC;AAC5C,MAAM,cAAc,GAAG,4CAA4C,CAAC;AACpE,MAAM,cAAc,GAAG,+BAA+B,CAAC;AAEvD,MAAM,UAAU,iBAAiB,CAAC,QAAuB;IACvD,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC;IAE3C,eAAe;IACf,MAAM,IAAI,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC5D,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC;YAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACzD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC/D,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,oBAAoB;QACtB,CAAC;IACH,CAAC;IAED,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,mBAAmB;YACvB,KAAK,EAAE,cAAc,eAAe,CAAC,MAAM,qBAAqB;YAChE,WAAW,EAAE,0CAA0C,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,gCAAgC;YACjH,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAC;IACL,CAAC;IAED,6BAA6B;IAC7B,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,IAAI,QAAgC,CAAC;IACrC,OAAO,CAAC,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC/D,IAAI,QAAQ,CAAC,CAAC,CAAC;YAAE,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,IAAI,QAAgC,CAAC;IACrC,OAAO,CAAC,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC/D,IAAI,QAAQ,CAAC,CAAC,CAAC;YAAE,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrD,MAAM,GAAG,GAAG,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3F,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,sBAAsB;YAC1B,KAAK,EAAE,kCAAkC;YACzC,WAAW,EAAE,aAAa,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,wCAAwC;YAChF,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAC;IACL,CAAC;IAED,0BAA0B;IAC1B,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;IACvD,IAAI,QAAQ,EAAE,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/C,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,mBAAmB;YACvB,KAAK,EAAE,YAAY,QAAQ,CAAC,IAAI,CAAC,MAAM,qBAAqB;YAC5D,WAAW,EAAE,sBAAsB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC7D,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,QAAQ,EAAE,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7C,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,kBAAkB;YACtB,KAAK,EAAE,YAAY,QAAQ,CAAC,GAAG,CAAC,MAAM,0BAA0B;YAChE,WAAW,EAAE,sBAAsB,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,oDAAoD;YAC9G,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC;QACrF,CAAC,CAAC,MAAM;QACR,CAAC,CAAC,MAAM,CAAC;IAEX,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC;IAC7B,MAAM,KAAK,GAAG,QAAQ,GAAG,CAAC;QACxB,CAAC,CAAC,iBAAiB,QAAQ,YAAY,eAAe,CAAC,MAAM,qBAAqB;QAClF,CAAC,CAAC,4CAA4C,CAAC;IAEjD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AACrC,CAAC"}

package/dist/checks/instruction-check.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Prompt injection and tool poisoning detection
+ * 提示注入和工具投毒偵測
+ *
+ * Scans skill instructions for patterns that indicate:
+ * 1. Prompt injection — hidden directives that override system prompts
+ * 2. Tool poisoning — redefining tools or escalating privileges
+ * 3. Hidden Unicode — zero-width chars, RTL overrides, homoglyph attacks
+ * 4. Encoded payloads — Base64 or hex-encoded suspicious content
+ */
+import type { CheckResult } from '../types.js';
+export declare function checkInstructions(instructions: string): CheckResult;
+//# sourceMappingURL=instruction-check.d.ts.map

package/dist/checks/instruction-check.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"instruction-check.d.ts","sourceRoot":"","sources":["../../src/checks/instruction-check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAgB,WAAW,EAAE,MAAM,aAAa,CAAC;AAoG7D,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,WAAW,CAiEnE"}

package/dist/checks/instruction-check.js ADDED Viewed

@@ -0,0 +1,158 @@
+/**
+ * Prompt injection and tool poisoning detection
+ * 提示注入和工具投毒偵測
+ *
+ * Scans skill instructions for patterns that indicate:
+ * 1. Prompt injection — hidden directives that override system prompts
+ * 2. Tool poisoning — redefining tools or escalating privileges
+ * 3. Hidden Unicode — zero-width chars, RTL overrides, homoglyph attacks
+ * 4. Encoded payloads — Base64 or hex-encoded suspicious content
+ */
+const PATTERNS = [
+    // Prompt injection patterns
+    {
+        id: 'pi-ignore-previous',
+        title: 'Prompt injection: ignore previous instructions',
+        regex: /\b(ignore|disregard|forget|override)\b.{0,30}\b(previous|above|prior|earlier|system)\b.{0,20}\b(instructions?|prompt|rules?|context)\b/i,
+        severity: 'critical',
+        category: 'prompt-injection',
+    },
+    {
+        id: 'pi-you-are-now',
+        title: 'Prompt injection: identity override',
+        regex: /\b(you are now|act as|pretend to be|assume the role|from now on you)\b/i,
+        severity: 'high',
+        category: 'prompt-injection',
+    },
+    {
+        id: 'pi-system-prompt',
+        title: 'Prompt injection: system prompt manipulation',
+        regex: /\b(system prompt|system message|system instruction|<\|system\|>|<<SYS>>)\b/i,
+        severity: 'critical',
+        category: 'prompt-injection',
+    },
+    {
+        id: 'pi-do-anything',
+        title: 'Prompt injection: jailbreak pattern',
+        regex: /\b(DAN|do anything now|jailbreak|bypass safety|ignore safety|no restrictions)\b/i,
+        severity: 'critical',
+        category: 'prompt-injection',
+    },
+    {
+        id: 'pi-hidden-text',
+        title: 'Hidden text via HTML/markdown comments',
+        regex: /<!--[\s\S]*?(ignore|override|system|inject|bypass)[\s\S]*?-->/i,
+        severity: 'high',
+        category: 'prompt-injection',
+    },
+    // Tool poisoning patterns
+    {
+        id: 'tp-sudo-escalation',
+        title: 'Privilege escalation via sudo/admin',
+        regex: /\b(sudo\s|as\s+root|run\s+as\s+admin|--privileged|chmod\s+777|chmod\s+u\+s)\b/i,
+        severity: 'high',
+        category: 'tool-poisoning',
+    },
+    {
+        id: 'tp-reverse-shell',
+        title: 'Reverse shell pattern detected',
+        regex: /\b(nc\s+-[elp]|ncat\s+-|bash\s+-i\s+>&|\/dev\/tcp\/|mkfifo|socat\s.*exec)/i,
+        severity: 'critical',
+        category: 'tool-poisoning',
+    },
+    {
+        id: 'tp-curl-pipe-bash',
+        title: 'Remote code execution via curl|bash',
+        regex: /\b(curl|wget)\s+.*\|\s*(bash|sh|zsh|python|node|perl)/i,
+        severity: 'high',
+        category: 'tool-poisoning',
+    },
+    {
+        id: 'tp-env-exfil',
+        title: 'Environment variable exfiltration',
+        regex: /\b(printenv|env\b|set\b).*\|\s*(curl|wget|nc\b)|curl.*\$\{?\w*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)/i,
+        severity: 'critical',
+        category: 'tool-poisoning',
+    },
+    {
+        id: 'tp-file-exfil',
+        title: 'Sensitive file access pattern',
+        regex: /\b(cat|less|more|head|tail)\s+.*(\/etc\/shadow|\/etc\/passwd|~\/\.ssh|\.env|credentials|\.aws\/)/i,
+        severity: 'high',
+        category: 'tool-poisoning',
+    },
+    {
+        id: 'tp-rm-destructive',
+        title: 'Destructive file operations',
+        regex: /\brm\s+(-rf?|--recursive).*\s+(\/|~|\$HOME|\$\(pwd\))\b/i,
+        severity: 'high',
+        category: 'tool-poisoning',
+    },
+];
+/** Zero-width and invisible Unicode characters */
+const HIDDEN_UNICODE_RE = /[\u200B\u200C\u200D\u200E\u200F\u202A-\u202E\u2060\u2061\u2062\u2063\u2064\uFEFF\u00AD]/;
+/** Base64-encoded suspicious keywords */
+const BASE64_BLOCK_RE = /[A-Za-z0-9+/]{40,}={0,2}/g;
+const SUSPICIOUS_DECODED = /(eval|exec|system|import\s+os|subprocess|child_process|require\s*\(|__import__|curl|wget)/i;
+export function checkInstructions(instructions) {
+    const findings = [];
+    // Pattern matching
+    for (const pattern of PATTERNS) {
+        const match = pattern.regex.exec(instructions);
+        if (match) {
+            const lineNum = instructions.substring(0, match.index).split('\n').length;
+            findings.push({
+                id: pattern.id,
+                title: pattern.title,
+                description: `Detected near line ${lineNum}: "${match[0].substring(0, 80)}"`,
+                severity: pattern.severity,
+                category: pattern.category,
+                location: `SKILL.md:${lineNum}`,
+            });
+        }
+    }
+    // Hidden Unicode check
+    const unicodeMatch = HIDDEN_UNICODE_RE.exec(instructions);
+    if (unicodeMatch) {
+        const lineNum = instructions.substring(0, unicodeMatch.index).split('\n').length;
+        const charCode = unicodeMatch[0]?.codePointAt(0) ?? 0;
+        findings.push({
+            id: 'hidden-unicode',
+            title: 'Hidden Unicode characters detected',
+            description: `Found invisible character U+${charCode.toString(16).toUpperCase().padStart(4, '0')} at line ${lineNum}. This may be used to hide malicious instructions.`,
+            severity: 'high',
+            category: 'prompt-injection',
+            location: `SKILL.md:${lineNum}`,
+        });
+    }
+    // Base64-encoded suspicious content
+    const b64Matches = instructions.match(BASE64_BLOCK_RE);
+    if (b64Matches) {
+        for (const b64 of b64Matches) {
+            try {
+                const decoded = Buffer.from(b64, 'base64').toString('utf-8');
+                if (SUSPICIOUS_DECODED.test(decoded)) {
+                    findings.push({
+                        id: 'encoded-payload',
+                        title: 'Base64-encoded suspicious payload',
+                        description: `Decoded content contains executable patterns: "${decoded.substring(0, 60)}..."`,
+                        severity: 'critical',
+                        category: 'prompt-injection',
+                    });
+                    break; // One finding is enough
+                }
+            }
+            catch {
+                // Not valid base64, skip
+            }
+        }
+    }
+    const hasCritical = findings.some((f) => f.severity === 'critical');
+    const hasHigh = findings.some((f) => f.severity === 'high');
+    const status = hasCritical ? 'fail' : hasHigh ? 'warn' : findings.length > 0 ? 'warn' : 'pass';
+    const label = findings.length === 0
+        ? 'Prompt Safety: No injection patterns detected'
+        : `Prompt Safety: ${findings.length} suspicious pattern(s) detected`;
+    return { status, label, findings };
+}
+//# sourceMappingURL=instruction-check.js.map

package/dist/checks/instruction-check.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"instruction-check.js","sourceRoot":"","sources":["../../src/checks/instruction-check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAYH,MAAM,QAAQ,GAAc;IAC1B,4BAA4B;IAC5B;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,gDAAgD;QACvD,KAAK,EAAE,yIAAyI;QAChJ,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,qCAAqC;QAC5C,KAAK,EAAE,yEAAyE;QAChF,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,8CAA8C;QACrD,KAAK,EAAE,6EAA6E;QACpF,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,qCAAqC;QAC5C,KAAK,EAAE,kFAAkF;QACzF,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,wCAAwC;QAC/C,KAAK,EAAE,gEAAgE;QACvE,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;KAC7B;IAED,0BAA0B;IAC1B;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,qCAAqC;QAC5C,KAAK,EAAE,gFAAgF;QACvF,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,gCAAgC;QACvC,KAAK,EAAE,4EAA4E;QACnF,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,qCAAqC;QAC5C,KAAK,EAAE,wDAAwD;QAC/D,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,cAAc;QAClB,KAAK,EAAE,mCAAmC;QAC1C,KAAK,EAAE,uGAAuG;QAC9G,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,+BAA+B;QACtC,KAAK,EAAE,mGAAmG;QAC1G,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,6BAA6B;QACpC,KAAK,EAAE,0DAA0D;QACjE,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;KAC3B;CACF,CAAC;AAEF,kDAAkD;AAClD,MAAM,iBAAiB,GAAG,yFAAyF,CAAC;AAEpH,yCAAyC;AACzC,MAAM,eAAe,GAAG,2BAA2B,CAAC;AACpD,MAAM,kBAAkB,GAAG,4FAA4F,CAAC;AAExH,MAAM,UAAU,iBAAiB,CAAC,YAAoB;IACpD,MAAM,QAAQ,GAAmB,EAAE,CAAC;IAEpC,mBAAmB;IACnB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC/C,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAC1E,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,WAAW,EAAE,sBAAsB,OAAO,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG;gBAC5E,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,YAAY,OAAO,EAAE;aAChC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC1D,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QACjF,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,gBAAgB;YACpB,KAAK,EAAE,oCAAoC;YAC3C,WAAW,EAAE,+BAA+B,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,YAAY,OAAO,oDAAoD;YACvK,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,kBAAkB;YAC5B,QAAQ,EAAE,YAAY,OAAO,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAED,oCAAoC;IACpC,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACvD,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAC7D,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACrC,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,iBAAiB;wBACrB,KAAK,EAAE,mCAAmC;wBAC1C,WAAW,EAAE,kDAAkD,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM;wBAC7F,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,kBAAkB;qBAC7B,CAAC,CAAC;oBACH,MAAM,CAAC,wBAAwB;gBACjC,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,yBAAyB;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IACpE,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IAE/F,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC;QACjC,CAAC,CAAC,+CAA+C;QACjD,CAAC,CAAC,kBAAkB,QAAQ,CAAC,MAAM,iCAAiC,CAAC;IAEvE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AACrC,CAAC"}

package/dist/checks/manifest-check.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Manifest structure validation
+ * 清單結構驗證
+ */
+import type { SkillManifest, CheckResult } from '../types.js';
+export declare function checkManifest(manifest: SkillManifest | null): CheckResult;
+//# sourceMappingURL=manifest-check.d.ts.map

package/dist/checks/manifest-check.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"manifest-check.d.ts","sourceRoot":"","sources":["../../src/checks/manifest-check.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAgB,WAAW,EAAE,MAAM,aAAa,CAAC;AAE5E,wBAAgB,aAAa,CAAC,QAAQ,EAAE,aAAa,GAAG,IAAI,GAAG,WAAW,CA8EzE"}

package/dist/checks/manifest-check.js ADDED Viewed

@@ -0,0 +1,75 @@
+/**
+ * Manifest structure validation
+ * 清單結構驗證
+ */
+export function checkManifest(manifest) {
+    const findings = [];
+    if (!manifest) {
+        findings.push({
+            id: 'manifest-missing',
+            title: 'SKILL.md not found',
+            description: 'No SKILL.md file found in the skill directory. This is required for all valid skills.',
+            severity: 'critical',
+            category: 'manifest',
+        });
+        return { status: 'fail', label: 'Manifest: SKILL.md not found', findings };
+    }
+    if (!manifest.name || manifest.name.trim() === '') {
+        findings.push({
+            id: 'manifest-no-name',
+            title: 'Missing skill name',
+            description: 'SKILL.md frontmatter must include a "name" field.',
+            severity: 'high',
+            category: 'manifest',
+        });
+    }
+    if (!manifest.description || manifest.description.trim() === '') {
+        findings.push({
+            id: 'manifest-no-description',
+            title: 'Missing skill description',
+            description: 'SKILL.md frontmatter should include a "description" field.',
+            severity: 'medium',
+            category: 'manifest',
+        });
+    }
+    if (!manifest.license) {
+        findings.push({
+            id: 'manifest-no-license',
+            title: 'No license declared',
+            description: 'Skill does not declare a license. Consider adding one for trust and legal clarity.',
+            severity: 'low',
+            category: 'manifest',
+        });
+    }
+    if (manifest.instructions.trim().length < 50) {
+        findings.push({
+            id: 'manifest-short-instructions',
+            title: 'Suspiciously short instructions',
+            description: `Skill instructions are only ${manifest.instructions.trim().length} characters. This may indicate an incomplete or placeholder skill.`,
+            severity: 'medium',
+            category: 'manifest',
+        });
+    }
+    if (manifest.metadata?.version) {
+        const semverRe = /^\d+\.\d+\.\d+(-[\w.]+)?$/;
+        if (!semverRe.test(manifest.metadata.version)) {
+            findings.push({
+                id: 'manifest-bad-version',
+                title: 'Invalid version format',
+                description: `Version "${manifest.metadata.version}" is not valid semver (expected X.Y.Z).`,
+                severity: 'low',
+                category: 'manifest',
+            });
+        }
+    }
+    const status = findings.some((f) => f.severity === 'critical' || f.severity === 'high')
+        ? 'fail'
+        : findings.length > 0
+            ? 'warn'
+            : 'pass';
+    const label = status === 'pass'
+        ? 'Manifest: Valid SKILL.md with all required fields'
+        : `Manifest: ${findings.length} issue(s) found`;
+    return { status, label, findings };
+}
+//# sourceMappingURL=manifest-check.js.map

package/dist/checks/manifest-check.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"manifest-check.js","sourceRoot":"","sources":["../../src/checks/manifest-check.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,UAAU,aAAa,CAAC,QAA8B;IAC1D,MAAM,QAAQ,GAAmB,EAAE,CAAC;IAEpC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,kBAAkB;YACtB,KAAK,EAAE,oBAAoB;YAC3B,WAAW,EAAE,uFAAuF;YACpG,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,UAAU;SACrB,CAAC,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,8BAA8B,EAAE,QAAQ,EAAE,CAAC;IAC7E,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAClD,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,kBAAkB;YACtB,KAAK,EAAE,oBAAoB;YAC3B,WAAW,EAAE,mDAAmD;YAChE,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,UAAU;SACrB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,WAAW,IAAI,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAChE,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,yBAAyB;YAC7B,KAAK,EAAE,2BAA2B;YAClC,WAAW,EAAE,4DAA4D;YACzE,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,UAAU;SACrB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,qBAAqB;YACzB,KAAK,EAAE,qBAAqB;YAC5B,WAAW,EAAE,oFAAoF;YACjG,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,UAAU;SACrB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,QAAQ,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC7C,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,6BAA6B;YACjC,KAAK,EAAE,iCAAiC;YACxC,WAAW,EAAE,+BAA+B,QAAQ,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,MAAM,oEAAoE;YACnJ,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,UAAU;SACrB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,2BAA2B,CAAC;QAC7C,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9C,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,sBAAsB;gBAC1B,KAAK,EAAE,wBAAwB;gBAC/B,WAAW,EAAE,YAAY,QAAQ,CAAC,QAAQ,CAAC,OAAO,yCAAyC;gBAC3F,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,UAAU;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QACrF,CAAC,CAAC,MAAM;QACR,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;YACnB,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,MAAM,CAAC;IAEb,MAAM,KAAK,GAAG,MAAM,KAAK,MAAM;QAC7B,CAAC,CAAC,mDAAmD;QACrD,CAAC,CAAC,aAAa,QAAQ,CAAC,MAAM,iBAAiB,CAAC;IAElD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AACrC,CAAC"}

package/dist/checks/permission-check.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Permission scope analysis
+ * 權限範圍分析
+ *
+ * Analyzes what tools and permissions a skill requires based on its instructions.
+ * 根據技能指令分析其需要的工具和權限。
+ */
+import type { SkillManifest, CheckResult } from '../types.js';
+export declare function checkPermissions(manifest: SkillManifest): CheckResult;
+//# sourceMappingURL=permission-check.d.ts.map

package/dist/checks/permission-check.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"permission-check.d.ts","sourceRoot":"","sources":["../../src/checks/permission-check.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAgB,WAAW,EAAE,MAAM,aAAa,CAAC;AAmB5E,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,aAAa,GAAG,WAAW,CAoDrE"}

package/dist/checks/permission-check.js ADDED Viewed

@@ -0,0 +1,63 @@
+/**
+ * Permission scope analysis
+ * 權限範圍分析
+ *
+ * Analyzes what tools and permissions a skill requires based on its instructions.
+ * 根據技能指令分析其需要的工具和權限。
+ */
+const TOOL_PATTERNS = [
+    { name: 'Bash/Shell', regex: /\b(bash|shell|terminal|command line|execute.*command|run.*command)\b/i, risk: 'high', reason: 'Can execute arbitrary system commands' },
+    { name: 'File Write', regex: /\b(write.*file|create.*file|save.*to.*disk|overwrite)\b/i, risk: 'medium', reason: 'Can modify files on disk' },
+    { name: 'File Read', regex: /\b(read.*file|cat\s|open.*file|load.*from)\b/i, risk: 'low', reason: 'Can read files from disk' },
+    { name: 'Network/HTTP', regex: /\b(fetch|http request|api call|curl|wget|download|upload)\b/i, risk: 'medium', reason: 'Can make network requests' },
+    { name: 'Browser', regex: /\b(browser|open.*url|navigate.*to|web.*scrape|playwright|puppeteer)\b/i, risk: 'medium', reason: 'Can open URLs and interact with web pages' },
+    { name: 'Database', regex: /\b(database|sql|query|insert|update|delete.*from|mongodb|postgres|mysql)\b/i, risk: 'high', reason: 'Can access and modify database contents' },
+    { name: 'Credentials', regex: /\b(api[_\s]?key|token|password|secret|credential|auth)\b/i, risk: 'medium', reason: 'Handles sensitive credentials' },
+];
+export function checkPermissions(manifest) {
+    const findings = [];
+    const instructions = manifest.instructions;
+    const detectedTools = [];
+    for (const pattern of TOOL_PATTERNS) {
+        if (pattern.regex.test(instructions)) {
+            detectedTools.push({ name: pattern.name, risk: pattern.risk });
+            if (pattern.risk === 'high') {
+                findings.push({
+                    id: `perm-${pattern.name.toLowerCase().replace(/[^a-z]/g, '-')}`,
+                    title: `Skill uses ${pattern.name} (${pattern.risk} risk)`,
+                    description: pattern.reason,
+                    severity: 'medium',
+                    category: 'permission',
+                });
+            }
+        }
+    }
+    // Check for command-dispatch tools (can bypass model safety)
+    if (manifest.commandDispatch === 'tool') {
+        findings.push({
+            id: 'perm-command-dispatch',
+            title: 'Skill uses tool dispatch mode',
+            description: 'This skill dispatches directly to a tool, bypassing the AI model. Verify the dispatched tool is safe.',
+            severity: 'medium',
+            category: 'permission',
+        });
+    }
+    // Check if model invocation is disabled (unusual)
+    if (manifest.disableModelInvocation) {
+        findings.push({
+            id: 'perm-no-model',
+            title: 'Model invocation disabled',
+            description: 'This skill is excluded from model prompts. It can only be invoked via slash command.',
+            severity: 'low',
+            category: 'permission',
+        });
+    }
+    const highRiskCount = detectedTools.filter((t) => t.risk === 'high').length;
+    const status = highRiskCount > 0 ? 'warn' : 'pass';
+    const toolNames = detectedTools.map((t) => t.name).join(', ');
+    const label = detectedTools.length > 0
+        ? `Permissions: Uses ${toolNames}`
+        : 'Permissions: No special tool usage detected';
+    return { status, label, findings };
+}
+//# sourceMappingURL=permission-check.js.map

package/dist/checks/permission-check.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permission-check.js","sourceRoot":"","sources":["../../src/checks/permission-check.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAWH,MAAM,aAAa,GAAkB;IACnC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,uEAAuE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,uCAAuC,EAAE;IACrK,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,0DAA0D,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,0BAA0B,EAAE;IAC7I,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,+CAA+C,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,0BAA0B,EAAE;IAC9H,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,8DAA8D,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,2BAA2B,EAAE;IACpJ,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,wEAAwE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,2CAA2C,EAAE;IACzK,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,6EAA6E,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,yCAAyC,EAAE;IAC3K,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,2DAA2D,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,+BAA+B,EAAE;CACrJ,CAAC;AAEF,MAAM,UAAU,gBAAgB,CAAC,QAAuB;IACtD,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC;IAC3C,MAAM,aAAa,GAA0C,EAAE,CAAC;IAEhE,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACrC,aAAa,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YAE/D,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC5B,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,QAAQ,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,EAAE;oBAChE,KAAK,EAAE,cAAc,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,QAAQ;oBAC1D,WAAW,EAAE,OAAO,CAAC,MAAM;oBAC3B,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,YAAY;iBACvB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IAAI,QAAQ,CAAC,eAAe,KAAK,MAAM,EAAE,CAAC;QACxC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,uBAAuB;YAC3B,KAAK,EAAE,+BAA+B;YACtC,WAAW,EAAE,uGAAuG;YACpH,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAC;IACL,CAAC;IAED,kDAAkD;IAClD,IAAI,QAAQ,CAAC,sBAAsB,EAAE,CAAC;QACpC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,eAAe;YACnB,KAAK,EAAE,2BAA2B;YAClC,WAAW,EAAE,sFAAsF;YACnG,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,aAAa,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC5E,MAAM,MAAM,GAAG,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IAEnD,MAAM,SAAS,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,aAAa,CAAC,MAAM,GAAG,CAAC;QACpC,CAAC,CAAC,qBAAqB,SAAS,EAAE;QAClC,CAAC,CAAC,6CAA6C,CAAC;IAElD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AACrC,CAAC"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * Panguard Skill Auditor - Main entry
+ * Panguard 技能審計器 - 主入口
+ *
+ * Security auditor for OpenClaw/AgentSkills SKILL.md files.
+ * Checks manifest validity, prompt injection, code security,
+ * dependencies, and permissions.
+ *
+ * @module @panguard-ai/panguard-skill-auditor
+ */
+import type { AuditReport } from './types.js';
+export type { AuditReport, AuditFinding, CheckResult, SkillManifest } from './types.js';
+export { parseSkillManifest } from './manifest-parser.js';
+/**
+ * Audit a skill directory for security issues.
+ * 審計技能目錄的安全問題。
+ *
+ * @param skillDir - Path to the skill directory containing SKILL.md
+ * @returns Complete audit report
+ */
+export declare function auditSkill(skillDir: string): Promise<AuditReport>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AASH,OAAO,KAAK,EAAE,WAAW,EAAe,MAAM,YAAY,CAAC;AAE3D,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AACxF,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D;;;;;;GAMG;AACH,wBAAsB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CA0CvE"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,59 @@
+/**
+ * Panguard Skill Auditor - Main entry
+ * Panguard 技能審計器 - 主入口
+ *
+ * Security auditor for OpenClaw/AgentSkills SKILL.md files.
+ * Checks manifest validity, prompt injection, code security,
+ * dependencies, and permissions.
+ *
+ * @module @panguard-ai/panguard-skill-auditor
+ */
+import { parseSkillManifest } from './manifest-parser.js';
+import { checkManifest } from './checks/manifest-check.js';
+import { checkInstructions } from './checks/instruction-check.js';
+import { checkCode } from './checks/code-check.js';
+import { checkDependencies } from './checks/dependency-check.js';
+import { checkPermissions } from './checks/permission-check.js';
+import { calculateRiskScore } from './risk-scorer.js';
+export { parseSkillManifest } from './manifest-parser.js';
+/**
+ * Audit a skill directory for security issues.
+ * 審計技能目錄的安全問題。
+ *
+ * @param skillDir - Path to the skill directory containing SKILL.md
+ * @returns Complete audit report
+ */
+export async function auditSkill(skillDir) {
+    const startTime = Date.now();
+    // 1. Parse manifest
+    const manifest = await parseSkillManifest(skillDir);
+    // 2. Run all checks
+    const checks = [];
+    // Manifest validation
+    checks.push(checkManifest(manifest));
+    if (manifest) {
+        // Prompt injection + tool poisoning
+        checks.push(checkInstructions(manifest.instructions));
+        // Dependencies
+        checks.push(checkDependencies(manifest));
+        // Permissions
+        checks.push(checkPermissions(manifest));
+    }
+    // Code security (SAST + secrets) — always run on directory
+    checks.push(await checkCode(skillDir));
+    // 3. Aggregate findings
+    const allFindings = checks.flatMap((c) => c.findings);
+    // 4. Calculate risk score
+    const { score, level } = calculateRiskScore(allFindings);
+    return {
+        skillPath: skillDir,
+        manifest,
+        riskScore: score,
+        riskLevel: level,
+        checks,
+        findings: allFindings,
+        auditedAt: new Date().toISOString(),
+        durationMs: Date.now() - startTime,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAItD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,QAAgB;IAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,oBAAoB;IACpB,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IAEpD,oBAAoB;IACpB,MAAM,MAAM,GAAkB,EAAE,CAAC;IAEjC,sBAAsB;IACtB,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC;IAErC,IAAI,QAAQ,EAAE,CAAC;QACb,oCAAoC;QACpC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;QAEtD,eAAe;QACf,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEzC,cAAc;QACd,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED,2DAA2D;IAC3D,MAAM,CAAC,IAAI,CAAC,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEvC,wBAAwB;IACxB,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAEtD,0BAA0B;IAC1B,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAEzD,OAAO;QACL,SAAS,EAAE,QAAQ;QACnB,QAAQ;QACR,SAAS,EAAE,KAAK;QAChB,SAAS,EAAE,KAAK;QAChB,MAAM;QACN,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;KACnC,CAAC;AACJ,CAAC"}

package/dist/manifest-parser.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * SKILL.md manifest parser
+ * SKILL.md 清單解析器
+ *
+ * Parses YAML frontmatter from SKILL.md files following the AgentSkills spec.
+ * 解析遵循 AgentSkills 規範的 SKILL.md 檔案中的 YAML frontmatter。
+ *
+ * @module @panguard-ai/panguard-skill-auditor/manifest-parser
+ */
+import type { SkillManifest } from './types.js';
+/**
+ * Parse a SKILL.md file and extract manifest + instructions.
+ * 解析 SKILL.md 檔案並擷取清單和指令。
+ */
+export declare function parseSkillManifest(skillDir: string): Promise<SkillManifest | null>;
+//# sourceMappingURL=manifest-parser.d.ts.map

package/dist/manifest-parser.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"manifest-parser.d.ts","sourceRoot":"","sources":["../src/manifest-parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,KAAK,EAAE,aAAa,EAAiB,MAAM,YAAY,CAAC;AAI/D;;;GAGG;AACH,wBAAsB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAyDxF"}

package/dist/manifest-parser.js ADDED Viewed

@@ -0,0 +1,74 @@
+/**
+ * SKILL.md manifest parser
+ * SKILL.md 清單解析器
+ *
+ * Parses YAML frontmatter from SKILL.md files following the AgentSkills spec.
+ * 解析遵循 AgentSkills 規範的 SKILL.md 檔案中的 YAML frontmatter。
+ *
+ * @module @panguard-ai/panguard-skill-auditor/manifest-parser
+ */
+import { promises as fs } from 'node:fs';
+import path from 'node:path';
+import yaml from 'js-yaml';
+const FRONTMATTER_RE = /^---\r?\n([\s\S]*?)\r?\n---\r?\n?([\s\S]*)$/;
+/**
+ * Parse a SKILL.md file and extract manifest + instructions.
+ * 解析 SKILL.md 檔案並擷取清單和指令。
+ */
+export async function parseSkillManifest(skillDir) {
+    const skillPath = path.join(skillDir, 'SKILL.md');
+    let content;
+    try {
+        content = await fs.readFile(skillPath, 'utf-8');
+    }
+    catch {
+        return null;
+    }
+    const match = FRONTMATTER_RE.exec(content);
+    if (!match) {
+        // No frontmatter — treat entire content as instructions
+        return {
+            name: path.basename(skillDir),
+            description: '',
+            instructions: content,
+        };
+    }
+    const [, frontmatterRaw, instructions] = match;
+    let parsed;
+    try {
+        parsed = yaml.load(frontmatterRaw ?? '') ?? {};
+    }
+    catch {
+        return {
+            name: path.basename(skillDir),
+            description: '',
+            instructions: instructions ?? content,
+        };
+    }
+    // Parse metadata — can be a JSON string or an object
+    let metadata;
+    if (typeof parsed['metadata'] === 'string') {
+        try {
+            metadata = JSON.parse(parsed['metadata']);
+        }
+        catch {
+            metadata = undefined;
+        }
+    }
+    else if (typeof parsed['metadata'] === 'object' && parsed['metadata'] !== null) {
+        metadata = parsed['metadata'];
+    }
+    return {
+        name: parsed['name'] ?? path.basename(skillDir),
+        description: parsed['description'] ?? '',
+        license: parsed['license'],
+        homepage: parsed['homepage'],
+        userInvocable: parsed['user-invocable'],
+        disableModelInvocation: parsed['disable-model-invocation'],
+        commandDispatch: parsed['command-dispatch'],
+        commandTool: parsed['command-tool'],
+        metadata,
+        instructions: instructions ?? '',
+    };
+}
+//# sourceMappingURL=manifest-parser.js.map

package/dist/manifest-parser.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"manifest-parser.js","sourceRoot":"","sources":["../src/manifest-parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,IAAI,MAAM,SAAS,CAAC;AAG3B,MAAM,cAAc,GAAG,6CAA6C,CAAC;AAErE;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,QAAgB;IACvD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAElD,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,wDAAwD;QACxD,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC7B,WAAW,EAAE,EAAE;YACf,YAAY,EAAE,OAAO;SACtB,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,EAAE,cAAc,EAAE,YAAY,CAAC,GAAG,KAAK,CAAC;IAE/C,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAI,IAAI,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE,CAA6B,IAAI,EAAE,CAAC;IAC9E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC7B,WAAW,EAAE,EAAE;YACf,YAAY,EAAE,YAAY,IAAI,OAAO;SACtC,CAAC;IACJ,CAAC;IAED,qDAAqD;IACrD,IAAI,QAAmC,CAAC;IACxC,IAAI,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC3C,IAAI,CAAC;YACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAkB,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,GAAG,SAAS,CAAC;QACvB,CAAC;IACH,CAAC;SAAM,IAAI,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,QAAQ,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,IAAI,EAAE,CAAC;QACjF,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAkB,CAAC;IACjD,CAAC;IAED,OAAO;QACL,IAAI,EAAG,MAAM,CAAC,MAAM,CAAY,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC3D,WAAW,EAAG,MAAM,CAAC,aAAa,CAAY,IAAI,EAAE;QACpD,OAAO,EAAE,MAAM,CAAC,SAAS,CAAuB;QAChD,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAuB;QAClD,aAAa,EAAE,MAAM,CAAC,gBAAgB,CAAwB;QAC9D,sBAAsB,EAAE,MAAM,CAAC,0BAA0B,CAAwB;QACjF,eAAe,EAAE,MAAM,CAAC,kBAAkB,CAAuB;QACjE,WAAW,EAAE,MAAM,CAAC,cAAc,CAAuB;QACzD,QAAQ;QACR,YAAY,EAAE,YAAY,IAAI,EAAE;KACjC,CAAC;AACJ,CAAC"}

package/dist/risk-scorer.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * Risk scoring engine
+ * 風險評分引擎
+ *
+ * Calculates a 0-100 risk score from audit findings.
+ * 根據審計發現計算 0-100 風險評分。
+ */
+import type { AuditFinding, AuditReport } from './types.js';
+/**
+ * Calculate risk score (0-100) from findings.
+ * Higher score = higher risk.
+ */
+export declare function calculateRiskScore(findings: AuditFinding[]): {
+    score: number;
+    level: AuditReport['riskLevel'];
+};
+//# sourceMappingURL=risk-scorer.d.ts.map

package/dist/risk-scorer.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"risk-scorer.d.ts","sourceRoot":"","sources":["../src/risk-scorer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAS5D;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,YAAY,EAAE,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,WAAW,CAAC,WAAW,CAAC,CAAA;CAAE,CAiB/G"}

package/dist/risk-scorer.js ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * Risk scoring engine
+ * 風險評分引擎
+ *
+ * Calculates a 0-100 risk score from audit findings.
+ * 根據審計發現計算 0-100 風險評分。
+ */
+const SEVERITY_WEIGHTS = {
+    critical: 25,
+    high: 15,
+    medium: 5,
+    low: 1,
+};
+/**
+ * Calculate risk score (0-100) from findings.
+ * Higher score = higher risk.
+ */
+export function calculateRiskScore(findings) {
+    let rawScore = 0;
+    for (const finding of findings) {
+        rawScore += SEVERITY_WEIGHTS[finding.severity] ?? 0;
+    }
+    // Cap at 100
+    const score = Math.min(100, rawScore);
+    let level;
+    if (score >= 70)
+        level = 'CRITICAL';
+    else if (score >= 40)
+        level = 'HIGH';
+    else if (score >= 15)
+        level = 'MEDIUM';
+    else
+        level = 'LOW';
+    return { score, level };
+}
+//# sourceMappingURL=risk-scorer.js.map

package/dist/risk-scorer.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"risk-scorer.js","sourceRoot":"","sources":["../src/risk-scorer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,MAAM,gBAAgB,GAA2B;IAC/C,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,EAAE;IACR,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;CACP,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAwB;IACzD,IAAI,QAAQ,GAAG,CAAC,CAAC;IAEjB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,QAAQ,IAAI,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACtD,CAAC;IAED,aAAa;IACb,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAEtC,IAAI,KAA+B,CAAC;IACpC,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,UAAU,CAAC;SAC/B,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,MAAM,CAAC;SAChC,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,QAAQ,CAAC;;QAClC,KAAK,GAAG,KAAK,CAAC;IAEnB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAC1B,CAAC"}

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,66 @@
+/**
+ * Panguard Skill Auditor - Type definitions
+ * Panguard 技能審計器 - 型別定義
+ *
+ * @module @panguard-ai/panguard-skill-auditor/types
+ */
+import type { Severity } from '@panguard-ai/core';
+/** Parsed SKILL.md manifest */
+export interface SkillManifest {
+    name: string;
+    description: string;
+    license?: string;
+    homepage?: string;
+    userInvocable?: boolean;
+    disableModelInvocation?: boolean;
+    commandDispatch?: string;
+    commandTool?: string;
+    metadata?: SkillMetadata;
+    /** Raw instruction body (after frontmatter) */
+    instructions: string;
+}
+export interface SkillMetadata {
+    author?: string;
+    version?: string;
+    tags?: string[];
+    triggers?: string[];
+    openclaw?: {
+        requires?: {
+            bins?: string[];
+            env?: string[];
+            config?: string[];
+        };
+        primaryEnv?: string;
+        os?: string[];
+        always?: boolean;
+        homepage?: string;
+    };
+    [key: string]: unknown;
+}
+/** Single audit finding */
+export interface AuditFinding {
+    id: string;
+    title: string;
+    description: string;
+    severity: Severity;
+    category: 'manifest' | 'prompt-injection' | 'tool-poisoning' | 'code' | 'secrets' | 'dependency' | 'permission';
+    location?: string;
+}
+/** Result of a single check category */
+export interface CheckResult {
+    status: 'pass' | 'warn' | 'fail' | 'info';
+    label: string;
+    findings: AuditFinding[];
+}
+/** Complete audit report */
+export interface AuditReport {
+    skillPath: string;
+    manifest: SkillManifest | null;
+    riskScore: number;
+    riskLevel: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
+    checks: CheckResult[];
+    findings: AuditFinding[];
+    auditedAt: string;
+    durationMs: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAElD,+BAA+B;AAC/B,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,+CAA+C;IAC/C,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,CAAC,EAAE;QACT,QAAQ,CAAC,EAAE;YACT,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;YAChB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;YACf,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;SACnB,CAAC;QACF,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC;QACd,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,2BAA2B;AAC3B,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,UAAU,GAAG,kBAAkB,GAAG,gBAAgB,GAAG,MAAM,GAAG,SAAS,GAAG,YAAY,GAAG,YAAY,CAAC;IAChH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,wCAAwC;AACxC,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAC1C,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,YAAY,EAAE,CAAC;CAC1B;AAED,4BAA4B;AAC5B,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,aAAa,GAAG,IAAI,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAClD,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,QAAQ,EAAE,YAAY,EAAE,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB"}

package/dist/types.js ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Panguard Skill Auditor - Type definitions
+ * Panguard 技能審計器 - 型別定義
+ *
+ * @module @panguard-ai/panguard-skill-auditor/types
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/package.json ADDED Viewed

@@ -0,0 +1,34 @@
+{
+  "name": "@panguard-ai/panguard-skill-auditor",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "Security auditor for OpenClaw/AgentSkills SKILL.md files",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "dist",
+    "package.json",
+    "README.md"
+  ],
+  "dependencies": {
+    "js-yaml": "^4.1.0",
+    "@panguard-ai/core": "0.3.1",
+    "@panguard-ai/panguard-scan": "0.2.0"
+  },
+  "devDependencies": {
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^22.14.0",
+    "typescript": "~5.7.3",
+    "vitest": "^3.0.0"
+  },
+  "scripts": {
+    "build": "tsc --build",
+    "clean": "rm -rf dist tsconfig.tsbuildinfo",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "dev": "tsc --build --watch"
+  }
+}