agent-security-scanner-mcp 3.17.1 → 3.18.0

package/README.md

@@ -62,7 +62,7 @@ Continue reading below for full version documentation →
 
 ---
 
-> **New in v3.11.0:** ClawHub ecosystem security scanning — scanned all 777 ClawHub skills and found 69.5% have security issues. New `scan-clawhub` CLI for batch scanning, 40+ prompt injection patterns, jailbreak detection (DAN mode, dev mode), data exfiltration checks. [See ClawHub Security Reports](./clawhub-security-reports/).
+> **New in v3.11.0:** ClawHub ecosystem security scanning — scanned all 16,532 ClawHub skills and found 46% have critical vulnerabilities. New `scan-clawhub` CLI for batch scanning, 40+ prompt injection patterns, jailbreak detection (DAN mode, dev mode), data exfiltration checks. [See ClawHub Security Dashboard](https://www.proof-layer.com/dashboard).
 >
 > **Also in v3.10.0:** ClawProof OpenClaw plugin — 6-layer deep skill scanner (`scan_skill`) with ClawHavoc malware signatures (27 rules, 121 patterns covering reverse shells, crypto miners, info stealers, C2 beacons, and OpenClaw-specific attacks), package supply chain verification, and rug pull detection.
 >
@@ -150,7 +150,7 @@ clawproof scan ./SKILL.md
 - **30.5%** are completely safe (Grade A)
 - **4,129** prompt injection patterns detected
 
-See [ClawHub Security Reports](./clawhub-security-reports/) for full analysis.
+See [ClawHub Security Dashboard](https://www.proof-layer.com/dashboard) for interactive exploration of all 16,532 skills with searchable security grades and detailed findings.
 
 **Detection Capabilities:**
 - Prompt Injection (15 patterns): "ignore previous instructions", role manipulation

package/analyzer.py

@@ -45,6 +45,9 @@ try:
 except ImportError:
     HAS_TAINT_ANALYZER = False
 
+# Semantic analyzer flag (JavaScript-based, optional)
+HAS_SEMANTIC_ANALYZER = True  # Implemented in src/semantic-analyzer.js
+
 # Import the original regex-based rules (always available)
 from rules import get_rules_for_language
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-security-scanner-mcp",
-  "version": "3.17.1",
+  "version": "3.18.0",
   "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
   "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
   "main": "index.js",

package/rules/semantic-security.yaml

@@ -0,0 +1,679 @@
+# Semantic Security Rules
+# Requires Code Property Graph (CPG) analysis via semantic-analyzer.js
+# Detects logic-level vulnerabilities that AST+regex miss
+
+- id: semantic.unreachable-code
+  languages: [javascript, typescript, python, java, go, php, ruby, c, cpp, csharp, rust]
+  severity: WARNING
+  message: "Unreachable code detected - this code will never execute"
+  metadata:
+    category: dead-code
+    cwe: "CWE-561"
+    owasp: "A06:2021 - Vulnerable and Outdated Components"
+    confidence: high
+    impact: low
+    description: "Code that can never be executed wastes resources and may indicate logic errors"
+    remediation: "Remove unreachable code or fix the control flow"
+
+- id: semantic.missing-auth-check
+  languages: [javascript, typescript, python, java, go, php, ruby, csharp]
+  severity: ERROR
+  message: "Sensitive operation executed without authentication check"
+  metadata:
+    category: auth-bypass
+    cwe: "CWE-306"
+    owasp: "A07:2021 - Identification and Authentication Failures"
+    confidence: medium
+    impact: critical
+    description: "Sensitive operations (database writes, file access, command execution) must be protected by authentication checks"
+    remediation: "Add authentication/authorization check before sensitive operation"
+
+- id: semantic.missing-authz-check
+  languages: [javascript, typescript, python, java, go, php, ruby, csharp]
+  severity: ERROR
+  message: "Data access without authorization check - potential IDOR vulnerability"
+  metadata:
+    category: auth-bypass
+    cwe: "CWE-639"
+    owasp: "A01:2021 - Broken Access Control"
+    confidence: medium
+    impact: critical
+    description: "Direct object references (accessing resources by ID) without ownership verification enables IDOR attacks"
+    remediation: "Verify user owns/has access to the resource before returning it"
+
+- id: semantic.race-condition
+  languages: [javascript, typescript, python, java, go, c, cpp, csharp, rust]
+  severity: WARNING
+  message: "Potential race condition - concurrent access without synchronization"
+  metadata:
+    category: concurrency
+    cwe: "CWE-362"
+    owasp: "A04:2021 - Insecure Design"
+    confidence: low
+    impact: medium
+    description: "Shared state accessed from multiple execution paths without proper locking can lead to race conditions"
+    remediation: "Use locks, mutexes, or atomic operations to protect shared state"
+
+- id: semantic.toctou
+  languages: [javascript, typescript, python, java, go, c, cpp, ruby, php]
+  severity: ERROR
+  message: "TOCTOU vulnerability - file state may change between check and use"
+  metadata:
+    category: race-condition
+    cwe: "CWE-367"
+    owasp: "A04:2021 - Insecure Design"
+    confidence: medium
+    impact: high
+    description: "Time-of-check-time-of-use: file/resource state checked then used, allowing attacker to modify state between operations"
+    remediation: "Use atomic operations or file descriptors instead of check-then-use"
+
+- id: semantic.logic-contradiction
+  languages: [javascript, typescript, python, java, go, php, ruby, c, cpp, csharp, rust]
+  severity: WARNING
+  message: "Logic contradiction detected - condition conflicts with earlier condition"
+  metadata:
+    category: logic-error
+    cwe: "CWE-570"
+    owasp: "A04:2021 - Insecure Design"
+    confidence: high
+    impact: low
+    description: "Contradictory conditions indicate logic errors and create unreachable code paths"
+    remediation: "Review and fix the logic flow"
+
+- id: semantic.use-after-free
+  languages: [c, cpp, rust]
+  severity: ERROR
+  message: "Use-after-free detected - variable used after being freed"
+  metadata:
+    category: memory-safety
+    cwe: "CWE-416"
+    owasp: "A06:2021 - Vulnerable and Outdated Components"
+    confidence: high
+    impact: critical
+    description: "Using memory after it has been freed can lead to crashes or arbitrary code execution"
+    remediation: "Set pointer to NULL after free, or use smart pointers (C++ unique_ptr/shared_ptr)"
+
+- id: semantic.double-free
+  languages: [c, cpp]
+  severity: ERROR
+  message: "Double free detected - memory freed twice"
+  metadata:
+    category: memory-safety
+    cwe: "CWE-415"
+    owasp: "A06:2021 - Vulnerable and Outdated Components"
+    confidence: high
+    impact: critical
+    description: "Freeing the same memory twice can corrupt memory allocator state and enable exploits"
+    remediation: "Set pointer to NULL after free to prevent double-free"
+
+- id: semantic.null-dereference
+  languages: [javascript, typescript, python, java, go, c, cpp, csharp, rust]
+  severity: WARNING
+  message: "Potential null pointer dereference"
+  metadata:
+    category: null-safety
+    cwe: "CWE-476"
+    owasp: "A06:2021 - Vulnerable and Outdated Components"
+    confidence: low
+    impact: medium
+    description: "Dereferencing a null pointer causes crashes or unpredictable behavior"
+    remediation: "Add null check before dereference"
+
+- id: semantic.dead-store
+  languages: [javascript, typescript, python, java, go, php, ruby, c, cpp, csharp, rust]
+  severity: INFO
+  message: "Dead store - assignment to variable never used"
+  metadata:
+    category: optimization
+    cwe: "CWE-563"
+    owasp: "A06:2021 - Vulnerable and Outdated Components"
+    confidence: high
+    impact: negligible
+    description: "Assignments that are never used waste resources and may indicate incomplete code"
+    remediation: "Remove the unused assignment or use the variable"
+
+- id: semantic.infinite-loop
+  languages: [javascript, typescript, python, java, go, php, ruby, c, cpp, csharp, rust]
+  severity: ERROR
+  message: "Infinite loop detected - loop has no exit condition"
+  metadata:
+    category: denial-of-service
+    cwe: "CWE-835"
+    owasp: "A04:2021 - Insecure Design"
+    confidence: medium
+    impact: high
+    description: "Loops without exit conditions cause hangs and resource exhaustion"
+    remediation: "Add break condition, timeout, or iteration limit"
+
+- id: semantic.missing-null-check
+  languages: [javascript, typescript, python, java, go, c, cpp, csharp]
+  severity: WARNING
+  message: "Missing null check before dereference"
+  metadata:
+    category: null-safety
+    cwe: "CWE-476"
+    owasp: "A04:2021 - Insecure Design"
+    confidence: medium
+    impact: medium
+    description: "Variables that can be null must be checked before access"
+    remediation: "Add null/undefined check before using variable"
+
+- id: semantic.missing-bounds-check
+  languages: [javascript, typescript, python, java, go, c, cpp, csharp, rust]
+  severity: ERROR
+  message: "Missing array bounds check - potential buffer overflow"
+  metadata:
+    category: buffer-overflow
+    cwe: "CWE-119"
+    owasp: "A03:2021 - Injection"
+    confidence: medium
+    impact: critical
+    description: "Array access without bounds checking can lead to buffer overflows"
+    remediation: "Validate array index is within bounds before access"
+
+- id: semantic.unvalidated-redirect
+  languages: [javascript, typescript, python, java, go, php, ruby, csharp]
+  severity: ERROR
+  message: "Unvalidated redirect - redirect destination not validated"
+  metadata:
+    category: redirect
+    cwe: "CWE-601"
+    owasp: "A01:2021 - Broken Access Control"
+    confidence: high
+    impact: medium
+    description: "Redirecting to user-controlled URLs without validation enables phishing attacks"
+    remediation: "Whitelist allowed redirect destinations or validate URL"
+
+- id: semantic.path-traversal
+  languages: [javascript, typescript, python, java, go, php, ruby, c, cpp]
+  severity: ERROR
+  message: "Path traversal vulnerability - user input used in file path without validation"
+  metadata:
+    category: path-traversal
+    cwe: "CWE-22"
+    owasp: "A03:2021 - Injection"
+    confidence: high
+    impact: critical
+    description: "User-controlled file paths without validation allow reading arbitrary files"
+    remediation: "Use path.basename() or validate path is within allowed directory"
+
+- id: semantic.ssrf
+  languages: [javascript, typescript, python, java, go, php, ruby, csharp]
+  severity: ERROR
+  message: "SSRF vulnerability - user input used in HTTP request without validation"
+  metadata:
+    category: ssrf
+    cwe: "CWE-918"
+    owasp: "A10:2021 - Server-Side Request Forgery"
+    confidence: high
+    impact: critical
+    description: "User-controlled URLs in HTTP requests allow attackers to probe internal networks"
+    remediation: "Whitelist allowed domains/IPs or validate URL scheme and host"
+
+- id: semantic.xxe
+  languages: [java, csharp, php, python]
+  severity: ERROR
+  message: "XXE vulnerability - XML parsing without disabling external entities"
+  metadata:
+    category: xxe
+    cwe: "CWE-611"
+    owasp: "A05:2021 - Security Misconfiguration"
+    confidence: high
+    impact: critical
+    description: "XML External Entity attacks allow reading files and SSRF"
+    remediation: "Disable external entity processing in XML parser"
+
+- id: semantic.ldap-injection
+  languages: [java, python, csharp, php]
+  severity: ERROR
+  message: "LDAP injection - user input in LDAP query without sanitization"
+  metadata:
+    category: injection
+    cwe: "CWE-90"
+    owasp: "A03:2021 - Injection"
+    confidence: high
+    impact: high
+    description: "User input in LDAP queries without sanitization allows LDAP injection"
+    remediation: "Use parameterized LDAP queries or escape special characters"
+
+- id: semantic.xpath-injection
+  languages: [java, python, csharp, php, javascript]
+  severity: ERROR
+  message: "XPath injection - user input in XPath query without sanitization"
+  metadata:
+    category: injection
+    cwe: "CWE-643"
+    owasp: "A03:2021 - Injection"
+    confidence: high
+    impact: high
+    description: "User input in XPath queries without sanitization allows data extraction"
+    remediation: "Use parameterized XPath or escape special characters"
+
+- id: semantic.os-command-injection
+  languages: [javascript, typescript, python, java, go, php, ruby, c, cpp]
+  severity: ERROR
+  message: "Command injection - user input in shell command without sanitization"
+  metadata:
+    category: command-injection
+    cwe: "CWE-78"
+    owasp: "A03:2021 - Injection"
+    confidence: high
+    impact: critical
+    description: "User input in shell commands without sanitization allows arbitrary command execution"
+    remediation: "Use safe APIs (execFile not exec) or validate/escape input"
+
+- id: semantic.insecure-deserialization
+  languages: [java, python, php, ruby, csharp]
+  severity: ERROR
+  message: "Insecure deserialization - deserializing untrusted data"
+  metadata:
+    category: deserialization
+    cwe: "CWE-502"
+    owasp: "A08:2021 - Software and Data Integrity Failures"
+    confidence: high
+    impact: critical
+    description: "Deserializing untrusted data can lead to remote code execution"
+    remediation: "Validate data before deserialization or use safe formats (JSON)"
+
+- id: semantic.weak-random
+  languages: [javascript, typescript, python, java, go, c, cpp, csharp]
+  severity: WARNING
+  message: "Weak random number generator used for security-sensitive operation"
+  metadata:
+    category: crypto
+    cwe: "CWE-338"
+    owasp: "A02:2021 - Cryptographic Failures"
+    confidence: high
+    impact: medium
+    description: "Non-cryptographic RNGs are predictable and unsuitable for security"
+    remediation: "Use cryptographic RNG (crypto.randomBytes, secrets module)"
+
+- id: semantic.hardcoded-secret
+  languages: [javascript, typescript, python, java, go, php, ruby, c, cpp, csharp]
+  severity: ERROR
+  message: "Hardcoded secret detected in source code"
+  metadata:
+    category: secrets
+    cwe: "CWE-798"
+    owasp: "A07:2021 - Identification and Authentication Failures"
+    confidence: high
+    impact: critical
+    description: "Secrets in source code are visible to anyone with repository access"
+    remediation: "Use environment variables or secret management services"
+
+- id: semantic.weak-crypto-algorithm
+  languages: [javascript, typescript, python, java, go, c, cpp, csharp]
+  severity: ERROR
+  message: "Weak cryptographic algorithm used (MD5, SHA1, DES)"
+  metadata:
+    category: crypto
+    cwe: "CWE-327"
+    owasp: "A02:2021 - Cryptographic Failures"
+    confidence: high
+    impact: high
+    description: "Weak algorithms are vulnerable to collision and brute-force attacks"
+    remediation: "Use SHA-256, SHA-3, or bcrypt/scrypt/argon2 for hashing"
+
+- id: semantic.missing-csrf-protection
+  languages: [javascript, typescript, python, java, php, ruby, csharp]
+  severity: ERROR
+  message: "State-changing operation without CSRF protection"
+  metadata:
+    category: csrf
+    cwe: "CWE-352"
+    owasp: "A01:2021 - Broken Access Control"
+    confidence: medium
+    impact: high
+    description: "POST/PUT/DELETE without CSRF tokens allow attackers to perform actions as victim"
+    remediation: "Add CSRF token validation or use SameSite cookies"
+
+- id: semantic.missing-rate-limiting
+  languages: [javascript, typescript, python, java, go, php, ruby, csharp]
+  severity: WARNING
+  message: "Sensitive endpoint without rate limiting"
+  metadata:
+    category: denial-of-service
+    cwe: "CWE-770"
+    owasp: "A04:2021 - Insecure Design"
+    confidence: low
+    impact: medium
+    description: "Endpoints without rate limiting are vulnerable to brute-force and DoS attacks"
+    remediation: "Add rate limiting middleware (express-rate-limit, flask-limiter)"
+
+- id: semantic.missing-input-validation
+  languages: [javascript, typescript, python, java, go, php, ruby, csharp]
+  severity: WARNING
+  message: "User input used without validation"
+  metadata:
+    category: input-validation
+    cwe: "CWE-20"
+    owasp: "A03:2021 - Injection"
+    confidence: low
+    impact: medium
+    description: "All user input must be validated before use"
+    remediation: "Add validation (joi, validator, zod) or sanitization"
+
+- id: semantic.missing-output-encoding
+  languages: [javascript, typescript, python, java, php, ruby]
+  severity: ERROR
+  message: "User input rendered without encoding - XSS vulnerability"
+  metadata:
+    category: xss
+    cwe: "CWE-79"
+    owasp: "A03:2021 - Injection"
+    confidence: high
+    impact: high
+    description: "User-controlled data in HTML output without encoding enables XSS attacks"
+    remediation: "Use template engines with auto-escaping or escape manually"
+
+- id: semantic.insecure-cookie
+  languages: [javascript, typescript, python, java, php, ruby, csharp]
+  severity: WARNING
+  message: "Cookie set without Secure/HttpOnly/SameSite flags"
+  metadata:
+    category: session
+    cwe: "CWE-614"
+    owasp: "A05:2021 - Security Misconfiguration"
+    confidence: high
+    impact: medium
+    description: "Cookies without security flags are vulnerable to interception and CSRF"
+    remediation: "Set Secure, HttpOnly, and SameSite=Strict flags"
+
+- id: semantic.sql-injection
+  languages: [javascript, typescript, python, java, php, ruby, go, csharp]
+  severity: ERROR
+  message: "SQL injection - user input in SQL query without parameterization"
+  metadata:
+    category: sql-injection
+    cwe: "CWE-89"
+    owasp: "A03:2021 - Injection"
+    confidence: high
+    impact: critical
+    description: "User input in SQL queries without parameterization allows data theft and manipulation"
+    remediation: "Use parameterized queries or ORM methods"
+
+- id: semantic.nosql-injection
+  languages: [javascript, typescript, python, java, php, ruby]
+  severity: ERROR
+  message: "NoSQL injection - user input in database query without sanitization"
+  metadata:
+    category: nosql-injection
+    cwe: "CWE-943"
+    owasp: "A03:2021 - Injection"
+    confidence: high
+    impact: high
+    description: "User input in NoSQL queries without sanitization allows unauthorized data access"
+    remediation: "Validate/sanitize input or use safe query builders"
+
+- id: semantic.prototype-pollution
+  languages: [javascript, typescript]
+  severity: ERROR
+  message: "Prototype pollution vulnerability - user input modifies object prototype"
+  metadata:
+    category: prototype-pollution
+    cwe: "CWE-1321"
+    owasp: "A03:2021 - Injection"
+    confidence: high
+    impact: high
+    description: "Modifying Object.prototype allows attackers to inject properties into all objects"
+    remediation: "Use Map instead of objects, or Object.create(null)"
+
+- id: semantic.regex-dos
+  languages: [javascript, typescript, python, java, go, php, ruby]
+  severity: WARNING
+  message: "ReDoS vulnerability - regex with exponential backtracking"
+  metadata:
+    category: denial-of-service
+    cwe: "CWE-1333"
+    owasp: "A04:2021 - Insecure Design"
+    confidence: medium
+    impact: medium
+    description: "Complex regexes with nested quantifiers cause exponential processing time"
+    remediation: "Simplify regex or add timeout"
+
+- id: semantic.xml-bomb
+  languages: [java, python, csharp, php]
+  severity: ERROR
+  message: "XML bomb vulnerability - entity expansion without limits"
+  metadata:
+    category: denial-of-service
+    cwe: "CWE-776"
+    owasp: "A05:2021 - Security Misconfiguration"
+    confidence: high
+    impact: high
+    description: "Unlimited entity expansion can exhaust memory and CPU"
+    remediation: "Limit entity expansion or disable entity processing"
+
+- id: semantic.open-redirect-via-referer
+  languages: [javascript, typescript, python, java, php, ruby]
+  severity: WARNING
+  message: "Open redirect via Referer header - untrusted header used for redirect"
+  metadata:
+    category: redirect
+    cwe: "CWE-601"
+    owasp: "A01:2021 - Broken Access Control"
+    confidence: medium
+    impact: medium
+    description: "Referer header is user-controlled and should not be trusted for redirects"
+    remediation: "Whitelist allowed redirect URLs or use signed tokens"
+
+- id: semantic.server-side-template-injection
+  languages: [python, java, php, ruby, javascript]
+  severity: ERROR
+  message: "Server-side template injection - user input in template without escaping"
+  metadata:
+    category: injection
+    cwe: "CWE-94"
+    owasp: "A03:2021 - Injection"
+    confidence: high
+    impact: critical
+    description: "User input in templates without escaping allows code execution"
+    remediation: "Use safe template rendering or escape user input"
+
+- id: semantic.jwt-none-algorithm
+  languages: [javascript, typescript, python, java, php, ruby]
+  severity: ERROR
+  message: "JWT 'none' algorithm accepted - signature verification bypassed"
+  metadata:
+    category: crypto
+    cwe: "CWE-347"
+    owasp: "A02:2021 - Cryptographic Failures"
+    confidence: high
+    impact: critical
+    description: "Accepting 'none' algorithm allows attackers to forge JWTs"
+    remediation: "Explicitly reject 'none' algorithm or use algorithm whitelist"
+
+- id: semantic.missing-encryption-at-rest
+  languages: [javascript, typescript, python, java, go, php, ruby, csharp]
+  severity: WARNING
+  message: "Sensitive data stored without encryption"
+  metadata:
+    category: crypto
+    cwe: "CWE-311"
+    owasp: "A02:2021 - Cryptographic Failures"
+    confidence: low
+    impact: high
+    description: "Sensitive data (passwords, tokens, PII) must be encrypted at rest"
+    remediation: "Encrypt sensitive data before storage"
+
+- id: semantic.missing-encryption-in-transit
+  languages: [javascript, typescript, python, java, go, php, ruby, csharp]
+  severity: ERROR
+  message: "Sensitive data transmitted without encryption"
+  metadata:
+    category: crypto
+    cwe: "CWE-319"
+    owasp: "A02:2021 - Cryptographic Failures"
+    confidence: medium
+    impact: critical
+    description: "Unencrypted transmission of sensitive data allows interception"
+    remediation: "Use HTTPS/TLS for all sensitive data transmission"
+
+- id: semantic.insufficient-logging
+  languages: [javascript, typescript, python, java, go, php, ruby, csharp]
+  severity: WARNING
+  message: "Security-sensitive operation without logging"
+  metadata:
+    category: logging
+    cwe: "CWE-778"
+    owasp: "A09:2021 - Security Logging and Monitoring Failures"
+    confidence: low
+    impact: low
+    description: "Failed auth, access violations, and privilege changes should be logged"
+    remediation: "Add security event logging"
+
+- id: semantic.sensitive-data-in-logs
+  languages: [javascript, typescript, python, java, go, php, ruby, csharp]
+  severity: WARNING
+  message: "Sensitive data logged - potential information disclosure"
+  metadata:
+    category: logging
+    cwe: "CWE-532"
+    owasp: "A09:2021 - Security Logging and Monitoring Failures"
+    confidence: medium
+    impact: medium
+    description: "Passwords, tokens, and PII should not be logged"
+    remediation: "Redact or omit sensitive data from logs"
+
+- id: semantic.insecure-random-filename
+  languages: [javascript, typescript, python, java, go, php, ruby]
+  severity: WARNING
+  message: "Predictable filename used for temporary/uploaded file"
+  metadata:
+    category: file-upload
+    cwe: "CWE-330"
+    owasp: "A04:2021 - Insecure Design"
+    confidence: medium
+    impact: medium
+    description: "Predictable filenames allow attackers to overwrite files or guess upload locations"
+    remediation: "Use cryptographic random for filenames (crypto.randomUUID, secrets.token_hex)"
+
+- id: semantic.path-injection-via-zip
+  languages: [javascript, typescript, python, java, go, php, ruby]
+  severity: ERROR
+  message: "Zip slip vulnerability - archive extraction without path validation"
+  metadata:
+    category: path-traversal
+    cwe: "CWE-22"
+    owasp: "A03:2021 - Injection"
+    confidence: high
+    impact: critical
+    description: "Malicious archives with '../' in filenames can write outside extraction directory"
+    remediation: "Validate extracted paths are within target directory"
+
+- id: semantic.mass-assignment
+  languages: [javascript, typescript, python, ruby, php, java]
+  severity: ERROR
+  message: "Mass assignment vulnerability - user input directly assigned to model"
+  metadata:
+    category: mass-assignment
+    cwe: "CWE-915"
+    owasp: "A01:2021 - Broken Access Control"
+    confidence: high
+    impact: high
+    description: "Allowing users to set all model fields enables privilege escalation"
+    remediation: "Whitelist allowed fields or use explicit assignment"
+
+- id: semantic.session-fixation
+  languages: [javascript, typescript, python, java, php, ruby]
+  severity: ERROR
+  message: "Session fixation vulnerability - session ID not regenerated after login"
+  metadata:
+    category: session
+    cwe: "CWE-384"
+    owasp: "A07:2021 - Identification and Authentication Failures"
+    confidence: high
+    impact: high
+    description: "Reusing session IDs after authentication allows session hijacking"
+    remediation: "Regenerate session ID on login/privilege change"
+
+- id: semantic.insufficient-password-hash-iterations
+  languages: [javascript, typescript, python, java, php, ruby]
+  severity: WARNING
+  message: "Insufficient bcrypt/scrypt work factor - vulnerable to brute force"
+  metadata:
+    category: crypto
+    cwe: "CWE-916"
+    owasp: "A02:2021 - Cryptographic Failures"
+    confidence: high
+    impact: medium
+    description: "Low iteration counts make password hashes vulnerable to brute-force"
+    remediation: "Use bcrypt cost 12+, scrypt N=32768+, or argon2id"
+
+- id: semantic.timing-attack
+  languages: [javascript, typescript, python, java, go, c, cpp]
+  severity: WARNING
+  message: "Timing attack vulnerability - non-constant-time comparison of secrets"
+  metadata:
+    category: crypto
+    cwe: "CWE-208"
+    owasp: "A02:2021 - Cryptographic Failures"
+    confidence: medium
+    impact: medium
+    description: "Variable-time string comparison reveals information about secret values"
+    remediation: "Use constant-time comparison (crypto.timingSafeEqual, secrets.compare_digest)"
+
+- id: semantic.integer-overflow
+  languages: [c, cpp, java, go, rust]
+  severity: ERROR
+  message: "Potential integer overflow in arithmetic operation"
+  metadata:
+    category: integer-overflow
+    cwe: "CWE-190"
+    owasp: "A04:2021 - Insecure Design"
+    confidence: low
+    impact: high
+    description: "Integer overflow can cause unexpected behavior or security vulnerabilities"
+    remediation: "Check for overflow before arithmetic or use safe math libraries"
+
+- id: semantic.buffer-overflow
+  languages: [c, cpp]
+  severity: ERROR
+  message: "Potential buffer overflow - unsafe buffer operation"
+  metadata:
+    category: buffer-overflow
+    cwe: "CWE-120"
+    owasp: "A04:2021 - Insecure Design"
+    confidence: medium
+    impact: critical
+    description: "Buffer overflows allow arbitrary code execution"
+    remediation: "Use safe functions (strncpy not strcpy, snprintf not sprintf)"
+
+- id: semantic.format-string
+  languages: [c, cpp]
+  severity: ERROR
+  message: "Format string vulnerability - user input in format string"
+  metadata:
+    category: format-string
+    cwe: "CWE-134"
+    owasp: "A03:2021 - Injection"
+    confidence: high
+    impact: critical
+    description: "User-controlled format strings allow arbitrary read/write"
+    remediation: "Use static format strings, never pass user input as format"
+
+- id: semantic.unchecked-return-value
+  languages: [c, cpp, go, rust]
+  severity: WARNING
+  message: "Unchecked return value from security-sensitive function"
+  metadata:
+    category: error-handling
+    cwe: "CWE-252"
+    owasp: "A04:2021 - Insecure Design"
+    confidence: medium
+    impact: medium
+    description: "Ignoring error returns from security functions can lead to vulnerabilities"
+    remediation: "Check return values and handle errors appropriately"
+
+- id: semantic.privilege-escalation
+  languages: [c, cpp, python, java, go]
+  severity: ERROR
+  message: "Privilege escalation vulnerability - elevated privileges not dropped"
+  metadata:
+    category: privilege-escalation
+    cwe: "CWE-250"
+    owasp: "A01:2021 - Broken Access Control"
+    confidence: medium
+    impact: critical
+    description: "Running with elevated privileges without dropping them increases attack surface"
+    remediation: "Drop privileges after initialization (setuid, setgid)"

package/src/tools/scan-security.js

@@ -7,6 +7,7 @@ import { deduplicateFindings } from '../dedup.js';
 import { applyContextFilter, detectFrameworks, applyFrameworkAdjustments } from '../context.js';
 import { loadConfig, shouldExcludeFile, applyConfig } from '../config.js';
 import { discoverProjectContext } from './project-context.js';
+import { runSemanticAnalysis, isSemanticAnalysisAvailable } from '../semantic-integration.js';
 
 const MAX_FILE_SIZE = 1024 * 1024;  // 1MB - skip files larger than this to avoid timeouts
 
@@ -14,9 +15,10 @@ export const scanSecuritySchema = {
   file_path: z.string().describe("Path to the file to scan"),
   output_format: z.enum(['json', 'sarif']).optional().describe("Output format: 'json' (default) or 'sarif' for GitHub/GitLab integration"),
   verbosity: z.enum(['minimal', 'compact', 'full']).optional().describe("Response detail level: 'minimal' (counts only), 'compact' (default, actionable info), 'full' (complete metadata)"),
-  engine: z.enum(['auto', 'ast', 'regex']).optional().describe("Analysis engine: 'auto' (default, AST with regex fallback), 'ast' (tree-sitter only), 'regex' (regex only)"),
+  engine: z.enum(['auto', 'ast', 'regex', 'semantic', 'all']).optional().describe("Analysis engine: 'auto' (default, AST+semantic with regex fallback), 'ast' (tree-sitter only), 'regex' (regex only), 'semantic' (semantic/CPG only), 'all' (all engines)"),
   project_context: z.boolean().optional().describe("Include project context (framework, security middleware, dependencies)"),
-  include_context: z.boolean().optional().describe("Include surrounding code context for each issue")
+  include_context: z.boolean().optional().describe("Include surrounding code context for each issue"),
+  enable_semantic: z.boolean().optional().describe("Enable semantic/CPG analysis (default: true if available)")
 };
 
 // Verbosity formatters
@@ -64,7 +66,7 @@ function formatFull(file_path, language, issues) {
   };
 }
 
-export async function scanSecurity({ file_path, output_format, verbosity, engine, project_context, include_context }) {
+export async function scanSecurity({ file_path, output_format, verbosity, engine, project_context, include_context, enable_semantic }) {
   if (!existsSync(file_path)) {
     return {
       content: [{ type: "text", text: JSON.stringify({ error: "File not found" }) }]
@@ -101,7 +103,34 @@ export async function scanSecurity({ file_path, output_format, verbosity, engine
     };
   }
 
-  const rawIssues = await runAnalyzerAsync(file_path, engine || 'auto');
+  // Determine which engines to run
+  const engineMode = engine || 'auto';
+  const shouldRunSemantic = (enable_semantic !== false) &&
+    (engineMode === 'auto' || engineMode === 'semantic' || engineMode === 'all') &&
+    isSemanticAnalysisAvailable();
+
+  // Run primary analysis (AST/regex)
+  let rawIssues = [];
+  if (engineMode !== 'semantic') {
+    rawIssues = await runAnalyzerAsync(file_path, engineMode === 'all' ? 'auto' : engineMode);
+    if (rawIssues.error) {
+      return {
+        content: [{ type: "text", text: JSON.stringify(rawIssues) }]
+      };
+    }
+  }
+
+  // Run semantic analysis if enabled
+  if (shouldRunSemantic) {
+    try {
+      const semanticFindings = await runSemanticAnalysis(file_path);
+      if (semanticFindings && semanticFindings.length > 0) {
+        rawIssues = rawIssues.concat(semanticFindings);
+      }
+    } catch (error) {
+      console.error('[SEMANTIC] Analysis failed, continuing without semantic findings:', error.message);
+    }
+  }
 
   if (rawIssues.error) {
     return {

package/src/tools/scan-skill.js

@@ -900,9 +900,21 @@ export async function scanSkill({ skill_path, verbosity, baseline }) {
     // Resolve to canonical path immediately (defeats symlink attacks)
     realPath = realpathSync(resolve(inputPath));
   } catch (err) {
+    // Check for different error types
+    let errorMessage;
+    if (err.code === 'ENOENT') {
+      errorMessage = "Path not found";
+    } else if (err.code === 'ELOOP') {
+      errorMessage = "Symlink loop detected";
+    } else if (err.code === 'EACCES') {
+      errorMessage = "Permission denied";
+    } else {
+      errorMessage = "Invalid path";
+    }
+
     return {
       content: [{ type: "text", text: JSON.stringify({
-        error: "Invalid path, symlink loop, or permission denied",
+        error: errorMessage,
         skill_path: inputPath,
         details: err.message
       }) }]
@@ -1007,7 +1019,7 @@ export async function scanSkill({ skill_path, verbosity, baseline }) {
     const [promptFindings, codeBlockFindings, supportingFindings, supplyChainFindings] =
       await Promise.all([
         timed('prompt_scan', () => runPromptScan(content)),                                                  // L1
-        timed('code_blocks', () => runCodeBlockScan(codeBlocks, signal)),                                    // L2
+        timed('code_blocks', () => runCodeBlockScan(codeBlocks, signal)),          // L2
         timed('supporting_files', () => runSupportingFilesScan(skillDir, skillFile, collectedFiles, signal)), // L3
         timed('supply_chain', () => runSupplyChainScan(codeBlocks, skillDir, skillFile, collectedFiles, signal)), // L5
       ]);