agent-security-scanner-mcp 3.11.0 → 3.12.0

package/README.md

@@ -28,7 +28,7 @@ Security scanner for AI coding agents and autonomous assistants. Scans code for
 | `scan_agent_action` | Pre-execution safety check for agent actions (bash, file ops, HTTP). Returns ALLOW/WARN/BLOCK | Before running any agent-generated shell command or file operation |
 | `scan_mcp_server` | Scan MCP server source for vulnerabilities: unicode poisoning, name spoofing, rug pull detection, manifest analysis. Returns A-F grade | When auditing or installing an MCP server |
 | `scan_skill` | Deep security scan of an OpenClaw skill: prompt injection, AST+taint code analysis, ClawHavoc malware signatures, supply chain, rug pull. Returns A-F grade | Before installing any OpenClaw skill |
-| `clawproof_health` | Check ClawProof plugin health: engine status, daemon status, package data availability | Diagnostics and plugin status |
+| `scanner_health` | Check plugin health: engine status, daemon status, package data availability | Diagnostics and plugin status |
 | `list_security_rules` | List available security rules and fix templates | To check rule coverage for a language |
 
 ## Quick Start
@@ -1110,7 +1110,7 @@ All MCP tools support a `verbosity` parameter to minimize context window consump
 ### v3.10.0
 - **`scan_skill` Tool** — 6-layer deep security scanner for OpenClaw skills: prompt injection (59+ rules), AST+taint code analysis, ClawHavoc malware signatures, package supply chain verification, and SHA-256 rug pull detection. Returns A-F grade with hard-fail on ClawHavoc/rug pull/critical findings
 - **ClawHavoc Signature Database** (`rules/clawhavoc.yaml`) — 27 rules, 121 regex patterns across 10 threat categories (reverse shells, crypto miners, info stealers, keyloggers, screen capture, DNS exfiltration, C2 beacons, OpenClaw-specific attacks, campaign patterns, exfil endpoints), mapped to MITRE ATT&CK
-- **OpenClaw Plugin Skeleton** — Native plugin manifest (`openclaw.plugin.json`), config loader (`~/.openclaw/scanner-config.json`), and health check endpoint (`clawproof_health` MCP tool)
+- **OpenClaw Plugin Skeleton** — Native plugin manifest (`openclaw.plugin.json`), config loader (`~/.openclaw/scanner-config.json`), and health check endpoint (`scanner_health` MCP tool)
 - **CLI**: `scan-skill <path>` command with `--baseline` flag; `audit` and `harden` stubs (experimental)
 - **Security fixes**: Path containment uses `realpathSync` to prevent symlink bypass; dedup key includes `source` to prevent ClawHavoc findings from being suppressed by same-named code_analysis findings
 - **Bug fix**: SQL injection concat detection now covers JavaScript (was C#-only) — single-quoted and template literal strings now detected

package/index.js

@@ -35,11 +35,18 @@ try {
   __dirname = process.cwd();
 }
 
+// Read version from package.json
+let _pkgVersion = '0.0.0';
+try {
+  const pkg = JSON.parse(readFileSync(join(__dirname, 'package.json'), 'utf-8'));
+  _pkgVersion = pkg.version || '0.0.0';
+} catch { /* fallback */ }
+
 // Create MCP Server
 const server = new McpServer(
   {
-    name: "security-scanner",
-    version: "1.0.0",
+    name: "agent-security-scanner-mcp",
+    version: _pkgVersion,
   },
   {
     capabilities: {
@@ -163,7 +170,7 @@ server.tool(
 // Register scan_agent_action tool
 server.tool(
   "scan_agent_action",
-  "Pre-execution security check for agent actions (bash, file_write, file_read, http_request, file_delete). Returns ALLOW/WARN/BLOCK. Lighter than scan_agent_prompt — evaluates concrete actions.",
+  "Pre-execution security check for agent actions (bash, file_write, file_read, http_request, file_delete, cron, process_spawn, git, docker). Returns ALLOW/WARN/BLOCK.",
   scanAgentActionSchema,
   scanAgentAction
 );
@@ -202,17 +209,27 @@ server.tool(
 // PLUGIN HEALTH CHECK
 // ===========================================
 
+const _healthHandler = async () => {
+  const { getHealthStatus } = await import('./src/plugin-health.js');
+  const health = await getHealthStatus();
+  return {
+    content: [{ type: "text", text: JSON.stringify(health, null, 2) }]
+  };
+};
+
 server.tool(
-  "clawproof_health",
+  "scanner_health",
   "Check plugin health: engine status, daemon status, package data availability",
   {},
-  async () => {
-    const { getHealthStatus } = await import('./src/plugin-health.js');
-    const health = await getHealthStatus();
-    return {
-      content: [{ type: "text", text: JSON.stringify(health, null, 2) }]
-    };
-  }
+  _healthHandler
+);
+
+// Backward-compatible alias (will be removed in a future major version)
+server.tool(
+  "clawproof_health",
+  "Alias for scanner_health (deprecated, use scanner_health instead)",
+  {},
+  _healthHandler
 );
 
 // ===========================================
@@ -373,8 +390,9 @@ if (cliArgs[0] === 'init') {
   });
 } else if (cliArgs[0] === 'benchmark') {
   // CLI mode: benchmark [--save] [--json-only] [--compare-latest] [--corpus <path>]
+  const { resolvePythonCommand, pythonArgs } = await import('./src/python.js');
   const benchmarkPath = join(__dirname, 'benchmarks', 'benchmark_runner.py');
-  const benchArgs = [benchmarkPath];
+  const benchArgs = [...pythonArgs(), benchmarkPath];
 
   // Pass through supported flags
   for (let i = 1; i < cliArgs.length; i++) {
@@ -387,7 +405,7 @@ if (cliArgs[0] === 'init') {
   }
 
   try {
-    execFileSync('python3', benchArgs, { stdio: 'inherit', timeout: 300000 });
+    execFileSync(resolvePythonCommand(), benchArgs, { stdio: 'inherit', timeout: 300000 });
   } catch (err) {
     if (err.status) process.exit(err.status);
     console.error(`Benchmark error: ${err.message}`);
@@ -418,7 +436,7 @@ if (cliArgs[0] === 'init') {
   const actionValue = cliArgs[2];
   if (!actionType || !actionValue) {
     console.error('Usage: agent-security-scanner-mcp scan-action <type> <value> [--verbosity minimal|compact|full]');
-    console.error('Types: bash, file_write, file_read, http_request, file_delete');
+    console.error('Types: bash, file_write, file_read, http_request, file_delete, cron, process_spawn, git, docker');
     process.exit(1);
   }
   const verbosityIdx = cliArgs.indexOf('--verbosity');

package/openclaw.plugin.json

@@ -1,6 +1,6 @@
 {
-  "name": "agent-security-scanner",
-  "version": "3.9.0",
+  "name": "agent-security-scanner-mcp",
+  "version": "3.10.3",
   "description": "Security scanner for OpenClaw: prompt injection firewall, package hallucination detection, code vulnerability scanning, auto-fix",
   "author": "Sinewave AI",
   "license": "MIT",
@@ -31,7 +31,7 @@
       "description": "Scan an OpenClaw skill for security threats"
     },
     {
-      "name": "clawproof_health",
+      "name": "scanner_health",
       "description": "Check plugin health status"
     }
   ],

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-security-scanner-mcp",
-  "version": "3.11.0",
+  "version": "3.12.0",
   "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
   "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
   "main": "index.js",
@@ -91,6 +91,7 @@
     "src/config.js",
     "src/history.js",
     "src/typosquat.js",
+    "src/python.js",
     "src/plugin-config.js",
     "src/plugin-health.js",
     "openclaw.plugin.json",

package/src/cli/audit.js

@@ -1,10 +1,11 @@
 // src/cli/audit.js — OpenClaw configuration security audit (stub)
 
 export async function runAudit(args) {
-  console.log('\n  Security Audit [EXPERIMENTAL STUB]\n');
+  const allowStub = args.includes('--allow-stub');
+
+  console.log('\n  Security Audit [NOT YET IMPLEMENTED]\n');
   console.log('  This command will check your OpenClaw configuration for security issues.');
-  console.log('  Full implementation coming in Sprint 3.\n');
-  console.log('  WARNING: This is an experimental stub. No actual checks are performed.\n');
+  console.log('  Implementation is in progress.\n');
   console.log('  Planned checks (60+):');
   console.log('    - Gateway: bind mode, auth, token strength, HTTPS, CORS');
   console.log('    - Permissions: config files, credentials, session transcripts');
@@ -15,4 +16,10 @@ export async function runAudit(args) {
   console.log('    - Plugins: unsigned, permissive, outdated');
   console.log('    - Credentials: plaintext secrets, exposed API keys\n');
   console.log('  OWASP ASI Top 10 mapping for all findings.\n');
+
+  if (!allowStub) {
+    console.error('  ERROR: audit is not yet implemented. No checks were performed.');
+    console.error('  Pass --allow-stub to suppress this error in CI.\n');
+    throw new Error('audit command is not yet implemented');
+  }
 }

package/src/cli/demo.js

@@ -4,6 +4,7 @@ import { join } from "path";
 import { createInterface } from "readline";
 import { dirname } from "path";
 import { fileURLToPath } from "url";
+import { resolvePythonCommand, pythonArgs } from "../python.js";
 
 // Handle both ESM and CJS bundling (Smithery bundles to CJS)
 let __dirname;
@@ -178,22 +179,11 @@ export async function runDemo(args) {
 
   // Run the analyzer
   const analyzerPath = join(__dirname, '..', '..', 'analyzer.py');
-  let pythonCmd = 'python3';
-  const py3 = checkCommand('python3', ['--version']);
-  if (!py3.ok) {
-    const py = checkCommand('python', ['--version']);
-    if (py.ok && py.output.includes('3.')) {
-      pythonCmd = 'python';
-    } else {
-      console.log(`  Error: Python 3 not found. Run "npx agent-security-scanner-mcp doctor" to diagnose.\n`);
-      unlinkSync(filepath);
-      process.exit(1);
-    }
-  }
+  const pythonCmd = resolvePythonCommand();
 
   let results;
   try {
-    const output = execFileSync(pythonCmd, [analyzerPath, filepath], { timeout: 30000, encoding: 'utf-8' });
+    const output = execFileSync(pythonCmd, [...pythonArgs(), analyzerPath, filepath], { timeout: 30000, encoding: 'utf-8' });
     results = JSON.parse(output);
   } catch (e) {
     console.log(`  Error running analyzer: ${e.message}\n`);

package/src/cli/doctor.js

@@ -4,6 +4,7 @@ import { dirname, join } from "path";
 import { homedir, platform } from "os";
 import { fileURLToPath } from "url";
 import { getDaemonClient } from '../daemon-client.js';
+import { resolvePythonCommand, pythonArgs } from '../python.js';
 
 // Handle both ESM and CJS bundling (Smithery bundles to CJS)
 let __dirname;
@@ -123,22 +124,23 @@ export async function runDoctor(args) {
     issues++;
   }
 
-  // 2. Python 3
+  // 2. Python 3 (uses the same resolver as the runtime)
   let pythonCmd = null;
-  const py3 = checkCommand('python3', ['--version']);
-  if (py3.ok) {
-    pythonCmd = 'python3';
-    console.log(`    \u2713 ${py3.output}`);
-  } else {
-    const py = checkCommand('python', ['--version']);
-    if (py.ok && py.output.includes('3.')) {
-      pythonCmd = 'python';
-      console.log(`    \u2713 ${py.output}`);
+  try {
+    pythonCmd = resolvePythonCommand();
+    const pyVer = checkCommand(pythonCmd, [...pythonArgs(), '--version']);
+    if (pyVer.ok) {
+      console.log(`    \u2713 ${pyVer.output} (resolved as '${pythonCmd}${pythonArgs().length ? ' ' + pythonArgs().join(' ') : ''}')`);
     } else {
+      pythonCmd = null;
       console.log(`    \u2717 Python 3 not found`);
       console.log(`      Install: https://python.org/downloads/`);
       issues++;
     }
+  } catch {
+    console.log(`    \u2717 Python 3 not found`);
+    console.log(`      Install: https://python.org/downloads/`);
+    issues++;
   }
 
   // 3. analyzer.py reachable
@@ -173,7 +175,7 @@ export async function runDoctor(args) {
 
   // 4. Python can import yaml (analyzer dependency check)
   if (pythonCmd && existsSync(analyzerPath)) {
-    const yamlCheck = checkCommand(pythonCmd, ['-c', 'import yaml; print("ok")']);
+    const yamlCheck = checkCommand(pythonCmd, [...pythonArgs(), '-c', 'import yaml; print("ok")']);
     if (yamlCheck.ok && yamlCheck.output === 'ok') {
       console.log(`    \u2713 Analyzer engine ready (PyYAML installed)`);
     } else {
@@ -184,7 +186,7 @@ export async function runDoctor(args) {
 
   // 5. tree-sitter AST engine (optional but recommended)
   if (pythonCmd) {
-    const tsCheck = checkCommand(pythonCmd, ['-c', 'import tree_sitter; print(tree_sitter.__version__)']);
+    const tsCheck = checkCommand(pythonCmd, [...pythonArgs(), '-c', 'import tree_sitter; print(tree_sitter.__version__)']);
     if (tsCheck.ok && tsCheck.output) {
       console.log(`    \u2713 AST engine ready (tree-sitter ${tsCheck.output})`);
     } else {
@@ -193,7 +195,7 @@ export async function runDoctor(args) {
         console.log(`      Installing tree-sitter dependencies...`);
         const requirementsPath = join(__dirname, '..', '..', 'requirements.txt');
         if (existsSync(requirementsPath)) {
-          const installResult = checkCommand(pythonCmd, ['-m', 'pip', 'install', '-r', requirementsPath, '--user', '--quiet']);
+          const installResult = checkCommand(pythonCmd, [...pythonArgs(), '-m', 'pip', 'install', '-r', requirementsPath, '--user', '--quiet']);
           if (installResult.ok) {
             console.log(`      \u2713 Fixed: tree-sitter dependencies installed — AST engine enabled`);
             fixed++;

package/src/cli/harden.js

@@ -1,10 +1,11 @@
 // src/cli/harden.js — OpenClaw auto-hardening (stub)
 
 export async function runHarden(args) {
-  console.log('\n  Auto-Hardening [EXPERIMENTAL STUB]\n');
+  const allowStub = args.includes('--allow-stub');
+
+  console.log('\n  Auto-Hardening [NOT YET IMPLEMENTED]\n');
   console.log('  This command will automatically fix security issues in your OpenClaw config.');
-  console.log('  Full implementation coming in Sprint 3.\n');
-  console.log('  WARNING: This is an experimental stub. No actions are performed.\n');
+  console.log('  Implementation is in progress.\n');
   console.log('  Planned actions:');
   console.log('    - Bind gateway to 127.0.0.1');
   console.log('    - Enable token authentication');
@@ -12,4 +13,10 @@ export async function runHarden(args) {
   console.log('    - Disable mDNS discovery');
   console.log('    - Remove plaintext credentials\n');
   console.log('  Usage: agent-security-scanner-mcp harden --fix [--dry-run]\n');
+
+  if (!allowStub) {
+    console.error('  ERROR: harden is not yet implemented. No actions were performed.');
+    console.error('  Pass --allow-stub to suppress this error in CI.\n');
+    throw new Error('harden command is not yet implemented');
+  }
 }

package/src/cli/init.js

@@ -1,6 +1,7 @@
 import { readFileSync, existsSync, writeFileSync, copyFileSync, mkdirSync } from "fs";
 import { spawnSync } from "child_process";
 import { dirname, join } from "path";
+import { fileURLToPath } from "url";
 import { homedir, platform } from "os";
 import { createInterface } from "readline";
 
@@ -167,8 +168,13 @@ async function installOpenClawSkill(client, flags) {
   const skillFile = client.configPath();
 
   // Find the source skill file (bundled with the package)
-  const __dirname = dirname(new URL(import.meta.url).pathname);
-  const sourceSkill = join(__dirname, '..', '..', 'skills', 'openclaw', 'SKILL.md');
+  let __initDir;
+  try {
+    __initDir = dirname(fileURLToPath(import.meta.url));
+  } catch {
+    __initDir = process.cwd();
+  }
+  const sourceSkill = join(__initDir, '..', '..', 'skills', 'openclaw', 'SKILL.md');
 
   console.log(`\n  Client:  ${client.name}`);
   console.log(`  Skill:   ${skillDir}`);
@@ -248,9 +254,9 @@ async function installCodexMCP(flags, serverName) {
   console.log(`  Config:  ~/.codex/config.toml (managed by codex CLI)`);
   console.log(`  OS:      ${platform()} (${process.arch})\n`);
 
-  // Check codex CLI is available
-  const which = spawnSync('which', ['codex'], { encoding: 'utf-8' });
-  if (which.status !== 0) {
+  // Check codex CLI is available (cross-platform: probe directly instead of using which/where)
+  const codexCheck = spawnSync('codex', ['--version'], { encoding: 'utf-8', timeout: 10000, stdio: ['pipe', 'pipe', 'pipe'] });
+  if (codexCheck.status !== 0 || codexCheck.error) {
     console.error(`  ERROR: 'codex' CLI not found in PATH.`);
     console.error(`  Install it first: https://github.com/openai/codex\n`);
     process.exit(1);

package/src/config.js

@@ -4,6 +4,7 @@
 import { existsSync, readFileSync } from 'fs';
 import { dirname, join, resolve, sep } from 'path';
 import { execFileSync } from 'child_process';
+import { resolvePythonCommand, pythonArgs } from './python.js';
 
 const DEFAULT_CONFIG = {
   version: 1,
@@ -86,7 +87,9 @@ function findConfigFile(startPath) {
 
 function parseYaml(filePath) {
   try {
-    const result = execFileSync('python3', [
+    const pyCmd = resolvePythonCommand();
+    const result = execFileSync(pyCmd, [
+      ...pythonArgs(),
       '-c',
       'import yaml,json,sys; print(json.dumps(yaml.safe_load(open(sys.argv[1]))))',
       filePath,

package/src/daemon-client.js

@@ -3,6 +3,7 @@ import { spawn } from 'child_process';
 import { createInterface } from 'readline';
 import { dirname, join } from 'path';
 import { fileURLToPath } from 'url';
+import { resolvePythonCommand, pythonArgs } from './python.js';
 
 let __dirname;
 try {
@@ -64,7 +65,8 @@ class DaemonClient {
       // Cleanup any previous process
       this._cleanup();
 
-      const proc = spawn('python3', [DAEMON_SCRIPT], {
+      const pyCmd = resolvePythonCommand();
+      const proc = spawn(pyCmd, [...pythonArgs(), DAEMON_SCRIPT], {
         stdio: ['pipe', 'pipe', 'pipe'],
         env: { ...process.env, PYTHONUNBUFFERED: '1' },
       });

package/src/python.js

@@ -0,0 +1,54 @@
+// src/python.js — Cross-platform Python command resolution.
+// Resolves the correct Python 3 command for the current platform:
+//   Windows: py -3 → python3 → python
+//   Unix:    python3 → python
+
+import { execFileSync } from 'child_process';
+import { platform } from 'os';
+
+let _cached = null;
+
+/**
+ * Resolve the Python 3 command available on this system.
+ * Caches the result for the lifetime of the process.
+ * Returns 'python3' as a last-resort default if nothing is found
+ * (so callers get a clear "command not found" error rather than silence).
+ */
+export function resolvePythonCommand() {
+  if (_cached !== null) return _cached;
+
+  const candidates = platform() === 'win32'
+    ? [['py', ['-3', '--version']], ['python3', ['--version']], ['python', ['--version']]]
+    : [['python3', ['--version']], ['python', ['--version']]];
+
+  for (const [cmd, args] of candidates) {
+    try {
+      const out = execFileSync(cmd, args, {
+        encoding: 'utf-8',
+        timeout: 5000,
+        stdio: ['pipe', 'pipe', 'pipe'],
+      });
+      if (out.includes('3.')) {
+        // For `py -3`, the actual command to use at runtime is ['py', '-3']
+        _cached = cmd === 'py' ? 'py' : cmd;
+        return _cached;
+      }
+    } catch {
+      // Not available, try next
+    }
+  }
+
+  // Fallback — callers will get "command not found" with a clear error
+  _cached = 'python3';
+  return _cached;
+}
+
+/**
+ * Returns the argument array prefix for invoking Python.
+ * For Windows `py -3`, returns ['-3']; otherwise returns [].
+ * Use: execFileSync(resolvePythonCommand(), [...pythonArgs(), scriptPath, ...])
+ */
+export function pythonArgs() {
+  const cmd = resolvePythonCommand();
+  return cmd === 'py' ? ['-3'] : [];
+}