npm - agent-security-scanner-mcp - Versions diffs - 3.16.0 → 3.17.0 - Mend

agent-security-scanner-mcp 3.16.0 → 3.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md +20 -1
package/index.js +62 -43
package/package.json +1 -1
package/packages/npm-bloom.json +1 -0
package/packages/pypi-bloom.json +1 -0
package/packages/rubygems-bloom.json +1 -0
package/src/daemon-client.js +52 -5
package/src/tools/scan-prompt.js +31 -2
package/src/tools/scan-skill.js +49 -47

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 <div align="center">
-<img src="./prooflayer-scanner/logo.svg" alt="ProofLayer Logo" width="400"/>
+<img src="./prooflayer-logo.png" alt="ProofLayer Logo" width="400"/>
 # agent-security-scanner-mcp
@@ -1161,6 +1161,25 @@ All MCP tools support a `verbosity` parameter to minimize context window consump
 ## Changelog
+### v3.17.0 (2026-03-04) - Critical Security Fixes
+**🔴 6 CRITICAL vulnerabilities fixed | 🟡 4 IMPORTANT issues resolved**
+- **CVE GHSA-345p-7cg4-v4c7**: Fixed MCP SDK cross-client data leak (CVSS 7.1) - updated to @modelcontextprotocol/sdk@1.27.1
+- **ReDoS Protection**: Added regex timeouts (1s), size limits (500KB), and iteration caps (100) in prompt scanner
+- **Path Traversal Fix**: Resolved TOCTOU symlink attacks using `realpathSync()` before validation
+- **Race Condition Fix**: Prevented multiple daemon spawns from concurrent requests
+- **Promise Rejection Handling**: Wrapped CLI commands in async IIFE to prevent hangs
+- **Temp File Security**: Fixed symlink attacks with `mkdtempSync()` and restrictive permissions (0600)
+- **Daemon Orphaning**: Added SIGKILL fallback with 5s timeout for graceful shutdown
+- **Dependency Updates**: Fixed ajv, hono, and qs vulnerabilities via `npm audit fix`
+**Impact:** npm audit 4→0 vulnerabilities | Security Grade D→B | Test coverage 99.76% (419/420)
+📄 See [docs/release-notes/SECURITY-FIXES-v3.17.0.md](docs/release-notes/SECURITY-FIXES-v3.17.0.md) for technical details
+---
 ### v3.10.0
 - **`scan_skill` Tool** — 6-layer deep security scanner for OpenClaw skills: prompt injection (59+ rules), AST+taint code analysis, ClawHavoc malware signatures, package supply chain verification, and SHA-256 rug pull detection. Returns A-F grade with hard-fail on ClawHavoc/rug pull/critical findings
 - **ClawHavoc Signature Database** (`rules/clawhavoc.yaml`) — 27 rules, 121 regex patterns across 10 threat categories (reverse shells, crypto miners, info stealers, keyloggers, screen capture, DNS exfiltration, C2 beacons, OpenClaw-specific attacks, campaign patterns, exfil endpoints), mapped to MITRE ATT&CK

package/index.js CHANGED Viewed

@@ -238,51 +238,70 @@ server.tool(
 // See src/cli/init.js, src/cli/doctor.js, src/cli/demo.js
 // Handle CLI arguments before loading heavy package data
+// Security: Wrap in async IIFE to prevent unhandled promise rejections and race conditions
 const cliArgs = process.argv.slice(2);
-if (cliArgs[0] === 'init') {
-  runInit(cliArgs.slice(1)).then(() => process.exit(0)).catch((err) => {
-    console.error(`  Error: ${err.message}\n`);
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'doctor') {
-  runDoctor(cliArgs.slice(1)).then(() => process.exit(0)).catch((err) => {
-    console.error(`  Error: ${err.message}\n`);
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'demo') {
-  runDemo(cliArgs.slice(1)).then(() => process.exit(0)).catch((err) => {
-    console.error(`  Error: ${err.message}\n`);
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'init-hooks') {
-  runInitHooks(cliArgs.slice(1)).then(() => process.exit(0)).catch((err) => {
-    console.error(`  Error: ${err.message}\n`);
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'report') {
-  runReport(cliArgs.slice(1)).then(() => process.exit(0)).catch((err) => {
-    console.error(`  Error: ${err.message}\n`);
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'scan-prompt') {
-  // CLI mode: scan-prompt <text> [--verbosity minimal|compact|full]
-  const text = cliArgs[1];
-  if (!text) {
-    console.error('Usage: agent-security-scanner-mcp scan-prompt <text> [--verbosity minimal|compact|full]');
-    process.exit(1);
-  }
-  const verbosityIdx = cliArgs.indexOf('--verbosity');
-  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
-  loadPackageLists();
-  scanAgentPrompt({ prompt_text: text, verbosity }).then(result => {
-    const output = JSON.parse(result.content[0].text);
-    console.log(JSON.stringify(output, null, 2));
-    process.exit(output.action === 'BLOCK' ? 1 : 0);
-  }).catch(err => {
-    console.error(JSON.stringify({ error: err.message }));
-    process.exit(1);
-  });
+(async () => {
+  if (cliArgs[0] === 'init') {
+    try {
+      await runInit(cliArgs.slice(1));
+      process.exit(0);
+    } catch (err) {
+      console.error(`  Error: ${err.message}\n`);
+      process.exit(1);
+    }
+  } else if (cliArgs[0] === 'doctor') {
+    try {
+      await runDoctor(cliArgs.slice(1));
+      process.exit(0);
+    } catch (err) {
+      console.error(`  Error: ${err.message}\n`);
+      process.exit(1);
+    }
+  } else if (cliArgs[0] === 'demo') {
+    try {
+      await runDemo(cliArgs.slice(1));
+      process.exit(0);
+    } catch (err) {
+      console.error(`  Error: ${err.message}\n`);
+      process.exit(1);
+    }
+  } else if (cliArgs[0] === 'init-hooks') {
+    try {
+      await runInitHooks(cliArgs.slice(1));
+      process.exit(0);
+    } catch (err) {
+      console.error(`  Error: ${err.message}\n`);
+      process.exit(1);
+    }
+  } else if (cliArgs[0] === 'report') {
+    try {
+      await runReport(cliArgs.slice(1));
+      process.exit(0);
+    } catch (err) {
+      console.error(`  Error: ${err.message}\n`);
+      process.exit(1);
+    }
+  } else if (cliArgs[0] === 'scan-prompt') {
+    // CLI mode: scan-prompt <text> [--verbosity minimal|compact|full]
+    const text = cliArgs[1];
+    if (!text) {
+      console.error('Usage: agent-security-scanner-mcp scan-prompt <text> [--verbosity minimal|compact|full]');
+      process.exit(1);
+    }
+    const verbosityIdx = cliArgs.indexOf('--verbosity');
+    const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+    try {
+      loadPackageLists();
+      const result = await scanAgentPrompt({ prompt_text: text, verbosity });
+      const output = JSON.parse(result.content[0].text);
+      console.log(JSON.stringify(output, null, 2));
+      process.exit(output.action === 'BLOCK' ? 1 : 0);
+    } catch (err) {
+      console.error(JSON.stringify({ error: err.message }));
+      process.exit(1);
+    }
 } else if (cliArgs[0] === 'scan-security') {
   // CLI mode: scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]
   const filePath = cliArgs[1];

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "agent-security-scanner-mcp",
-  "version": "3.16.0",
+  "version": "3.17.0",
   "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
   "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
   "main": "index.js",