agent-security-scanner-mcp 3.17.0 → 3.17.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +2 -2
  2. package/index.js +1 -0
  3. package/package.json +1 -1
  4. package/src/tools/scan-skill.js +1 -1
package/README.md CHANGED
@@ -62,7 +62,7 @@ Continue reading below for full version documentation →
62
62
 
63
63
  ---
64
64
 
65
- > **New in v3.11.0:** ClawHub ecosystem security scanning — scanned all 777 ClawHub skills and found 69.5% have security issues. New `scan-clawhub` CLI for batch scanning, 40+ prompt injection patterns, jailbreak detection (DAN mode, dev mode), data exfiltration checks. [See ClawHub Security Reports](./clawhub-security-reports/).
65
+ > **New in v3.11.0:** ClawHub ecosystem security scanning — scanned all 16,532 ClawHub skills and found 46% have critical vulnerabilities. New `scan-clawhub` CLI for batch scanning, 40+ prompt injection patterns, jailbreak detection (DAN mode, dev mode), data exfiltration checks. [See ClawHub Security Dashboard](https://www.proof-layer.com/dashboard).
66
66
  >
67
67
  > **Also in v3.10.0:** ClawProof OpenClaw plugin — 6-layer deep skill scanner (`scan_skill`) with ClawHavoc malware signatures (27 rules, 121 patterns covering reverse shells, crypto miners, info stealers, C2 beacons, and OpenClaw-specific attacks), package supply chain verification, and rug pull detection.
68
68
  >
@@ -150,7 +150,7 @@ clawproof scan ./SKILL.md
150
150
  - **30.5%** are completely safe (Grade A)
151
151
  - **4,129** prompt injection patterns detected
152
152
 
153
- See [ClawHub Security Reports](./clawhub-security-reports/) for full analysis.
153
+ See [ClawHub Security Dashboard](https://www.proof-layer.com/dashboard) for interactive exploration of all 16,532 skills with searchable security grades and detailed findings.
154
154
 
155
155
  **Detection Capabilities:**
156
156
  - Prompt Injection (15 patterns): "ignore previous instructions", role manipulation
package/index.js CHANGED
@@ -581,3 +581,4 @@ const cliArgs = process.argv.slice(2);
581
581
  process.exit(1);
582
582
  });
583
583
  }
584
+ })(); // Close async IIFE
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agent-security-scanner-mcp",
3
- "version": "3.17.0",
3
+ "version": "3.17.2",
4
4
  "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
5
5
  "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
6
6
  "main": "index.js",
package/src/tools/scan-skill.js CHANGED
@@ -1007,7 +1007,7 @@ export async function scanSkill({ skill_path, verbosity, baseline }) {
1007
1007
  const [promptFindings, codeBlockFindings, supportingFindings, supplyChainFindings] =
1008
1008
  await Promise.all([
1009
1009
  timed('prompt_scan', () => runPromptScan(content)), // L1
1010
- timed('code_blocks', () => runCodeBlockScan(codeBlocks, signal)), // L2
1010
+ timed('code_blocks', () => runCodeBlockScan(codeBlocks, signal)), // L2
1011
1011
  timed('supporting_files', () => runSupportingFilesScan(skillDir, skillFile, collectedFiles, signal)), // L3
1012
1012
  timed('supply_chain', () => runSupplyChainScan(codeBlocks, skillDir, skillFile, collectedFiles, signal)), // L5
1013
1013
  ]);