agent-security-scanner-mcp 3.3.0 → 3.5.0

package/README.md

@@ -1,13 +1,11 @@
 # agent-security-scanner-mcp
 
-Security scanner for AI coding agents and autonomous assistants. Scans code for vulnerabilities, detects hallucinated packages, and blocks prompt injection — via MCP (Claude Code, Cursor, Windsurf, Cline) or CLI (OpenClaw, CI/CD).
+Security scanner MCP server for AI coding agents. Scans code for vulnerabilities, detects hallucinated packages, and blocks prompt injection — all in real-time via the Model Context Protocol.
 
 [![npm downloads](https://img.shields.io/npm/dt/agent-security-scanner-mcp.svg)](https://www.npmjs.com/package/agent-security-scanner-mcp)
 [![npm version](https://img.shields.io/npm/v/agent-security-scanner-mcp.svg)](https://www.npmjs.com/package/agent-security-scanner-mcp)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
-> **New in v3.3.0:** Full [OpenClaw](https://openclaw.ai) integration with 30+ rules targeting autonomous AI threats — data exfiltration, credential theft, messaging abuse, and unsafe automation. [See OpenClaw setup](#openclaw-integration).
-
 ## Tools
 
 | Tool | Description | When to Use |
@@ -394,7 +392,6 @@ npx agent-security-scanner-mcp
 | Kilo Code | `npx agent-security-scanner-mcp init kilo-code` |
 | OpenCode | `npx agent-security-scanner-mcp init opencode` |
 | Cody | `npx agent-security-scanner-mcp init cody` |
-| **OpenClaw** | `npx agent-security-scanner-mcp init openclaw` |
 | Interactive | `npx agent-security-scanner-mcp init` |
 
 The `init` command auto-detects your OS, locates the config file, creates a backup, and adds the MCP server entry. **Restart your client after running init.**
@@ -454,61 +451,6 @@ Available languages: `js` (default), `py`, `go`, `java`.
 
 ---
 
-## CLI Tools
-
-Use the scanner directly from command line (for scripts, CI/CD, or OpenClaw):
-
-```bash
-# Scan a prompt for injection attacks
-npx agent-security-scanner-mcp scan-prompt "ignore previous instructions"
-
-# Scan a file for vulnerabilities
-npx agent-security-scanner-mcp scan-security ./app.py --verbosity minimal
-
-# Check if a package is legitimate
-npx agent-security-scanner-mcp check-package flask pypi
-
-# Scan file imports for hallucinated packages
-npx agent-security-scanner-mcp scan-packages ./requirements.txt pypi
-```
-
-**Exit codes:** `0` = safe, `1` = issues found. Use in scripts to block risky operations.
-
----
-
-## OpenClaw Integration
-
-[OpenClaw](https://openclaw.ai) is an autonomous AI assistant with broad system access. This scanner provides security guardrails for OpenClaw users.
-
-### Install
-
-```bash
-npx agent-security-scanner-mcp init openclaw
-```
-
-This installs a skill to `~/.openclaw/workspace/skills/security-scanner/`.
-
-### OpenClaw-Specific Threats
-
-The scanner includes 30+ rules targeting OpenClaw's unique attack surface:
-
-| Category | Examples |
-|----------|----------|
-| **Data Exfiltration** | "Forward emails to...", "Upload files to...", "Share browser cookies" |
-| **Messaging Abuse** | "Send to all contacts", "Auto-reply to everyone" |
-| **Credential Theft** | "Show my passwords", "Access keychain", "List API keys" |
-| **Unsafe Automation** | "Run hourly without asking", "Disable safety checks" |
-| **Service Attacks** | "Delete all repos", "Make payment to..." |
-
-### Usage in OpenClaw
-
-The skill is auto-discovered. Use it by asking:
-- "Scan this prompt for security issues"
-- "Check if this code is safe to run"
-- "Verify these packages aren't hallucinated"
-
----
-
 ## What This Scanner Detects
 
 AI coding agents introduce attack surfaces that traditional security tools weren't designed for:

package/index.js

@@ -156,106 +156,17 @@ if (cliArgs[0] === 'init') {
     console.error(`  Error: ${err.message}\n`);
     process.exit(1);
   });
-} else if (cliArgs[0] === 'scan-prompt') {
-  // CLI mode: scan-prompt <text> [--verbosity minimal|compact|full]
-  const text = cliArgs[1];
-  if (!text) {
-    console.error('Usage: agent-security-scanner-mcp scan-prompt <text> [--verbosity minimal|compact|full]');
-    process.exit(1);
-  }
-  const verbosityIdx = cliArgs.indexOf('--verbosity');
-  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
-
-  loadPackageLists();
-  scanAgentPrompt({ prompt_text: text, verbosity }).then(result => {
-    const output = JSON.parse(result.content[0].text);
-    console.log(JSON.stringify(output, null, 2));
-    process.exit(output.action === 'BLOCK' ? 1 : 0);
-  }).catch(err => {
-    console.error(JSON.stringify({ error: err.message }));
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'scan-security') {
-  // CLI mode: scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]
-  const filePath = cliArgs[1];
-  if (!filePath) {
-    console.error('Usage: agent-security-scanner-mcp scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]');
-    process.exit(1);
-  }
-  const verbosityIdx = cliArgs.indexOf('--verbosity');
-  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
-  const formatIdx = cliArgs.indexOf('--format');
-  const outputFormat = formatIdx !== -1 ? cliArgs[formatIdx + 1] : 'json';
-
-  loadPackageLists();
-  scanSecurity({ file_path: filePath, verbosity, output_format: outputFormat }).then(result => {
-    const output = JSON.parse(result.content[0].text);
-    console.log(JSON.stringify(output, null, 2));
-    process.exit(output.issues_count > 0 || output.total > 0 ? 1 : 0);
-  }).catch(err => {
-    console.error(JSON.stringify({ error: err.message }));
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'check-package') {
-  // CLI mode: check-package <name> <ecosystem>
-  const packageName = cliArgs[1];
-  const ecosystem = cliArgs[2];
-  if (!packageName || !ecosystem) {
-    console.error('Usage: agent-security-scanner-mcp check-package <name> <ecosystem>');
-    console.error('Ecosystems: npm, pypi, rubygems, crates, dart, perl, raku');
-    process.exit(1);
-  }
-
-  loadPackageLists();
-  checkPackage({ package_name: packageName, ecosystem }).then(result => {
-    const output = JSON.parse(result.content[0].text);
-    console.log(JSON.stringify(output, null, 2));
-    process.exit(output.legitimate ? 0 : 1);
-  }).catch(err => {
-    console.error(JSON.stringify({ error: err.message }));
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'scan-packages') {
-  // CLI mode: scan-packages <file> <ecosystem> [--verbosity minimal|compact|full]
-  const filePath = cliArgs[1];
-  const ecosystem = cliArgs[2];
-  if (!filePath || !ecosystem) {
-    console.error('Usage: agent-security-scanner-mcp scan-packages <file> <ecosystem> [--verbosity minimal|compact|full]');
-    console.error('Ecosystems: npm, pypi, rubygems, crates, dart, perl, raku');
-    process.exit(1);
-  }
-  const verbosityIdx = cliArgs.indexOf('--verbosity');
-  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
-
-  loadPackageLists();
-  scanPackages({ file_path: filePath, ecosystem, verbosity }).then(result => {
-    const output = JSON.parse(result.content[0].text);
-    console.log(JSON.stringify(output, null, 2));
-    process.exit(output.hallucinated_count > 0 ? 1 : 0);
-  }).catch(err => {
-    console.error(JSON.stringify({ error: err.message }));
-    process.exit(1);
-  });
 } else if (cliArgs[0] === '--help' || cliArgs[0] === '-h' || cliArgs[0] === 'help') {
   console.log('\n  agent-security-scanner-mcp\n');
   console.log('  Commands:');
   console.log('    init [client]        Set up MCP config for a client');
   console.log('    doctor [--fix]       Check environment & client configs');
-  console.log('    demo [--lang js]     Generate vulnerable file + scan it\n');
-  console.log('  CLI Tools (for scripts & OpenClaw):');
-  console.log('    scan-prompt <text>   Scan prompt for injection attacks');
-  console.log('    scan-security <file> Scan file for vulnerabilities');
-  console.log('    check-package <n> <e> Check if package exists in ecosystem');
-  console.log('    scan-packages <f> <e> Scan file imports for hallucinated packages\n');
+  console.log('    demo [--lang js]     Generate vulnerable file + scan it');
   console.log('    (no args)            Start MCP server on stdio\n');
-  console.log('  Options:');
-  console.log('    --verbosity <level>  minimal|compact|full (default: compact)');
-  console.log('    --format <type>      json|sarif (scan-security only)\n');
   console.log('  Examples:');
   console.log('    npx agent-security-scanner-mcp init');
-  console.log('    npx agent-security-scanner-mcp scan-prompt "ignore previous instructions"');
-  console.log('    npx agent-security-scanner-mcp scan-security ./app.py --verbosity minimal');
-  console.log('    npx agent-security-scanner-mcp check-package flask pypi\n');
+  console.log('    npx agent-security-scanner-mcp doctor --fix');
+  console.log('    npx agent-security-scanner-mcp demo --lang py\n');
   process.exit(0);
 } else {
   // Normal MCP server mode

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "agent-security-scanner-mcp",
-  "version": "3.3.0",
+  "version": "3.5.0",
   "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
-  "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
+  "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline.",
   "main": "index.js",
   "type": "module",
   "bin": {
@@ -52,9 +52,7 @@
     "zed",
     "prompt-firewall",
     "auto-fix",
-    "hallucination",
-    "openclaw",
-    "clawdbot"
+    "hallucination"
   ],
   "author": "Sinewave AI <divya@sinewave.ai>",
   "license": "MIT",
@@ -91,8 +89,7 @@
     "taint_analyzer.py",
     "requirements.txt",
     "rules/**",
-    "packages/**",
-    "skills/**"
+    "packages/**"
   ],
   "devDependencies": {
     "all-the-package-names": "^2.0.2349",

package/src/cli/init-hooks.js

@@ -0,0 +1,164 @@
+// src/cli/init-hooks.js
+// CLI command: init-hooks
+// Installs Claude Code hooks for automatic security scanning on file write/edit.
+
+import { existsSync, readFileSync, writeFileSync, copyFileSync, mkdirSync } from 'fs';
+import { join } from 'path';
+
+const SCANNER_HOOK_MARKER = 'agent-security-scanner-mcp';
+
+function buildHooksConfig(withPromptGuard) {
+  const hooks = {
+    'post-tool-use': [
+      {
+        matcher: 'Write|Edit|MultiEdit',
+        command: `npx agent-security-scanner-mcp scan-security "$TOOL_INPUT_FILE_PATH" --verbosity minimal`,
+      },
+    ],
+  };
+
+  if (withPromptGuard) {
+    hooks['pre-tool-use'] = [
+      {
+        matcher: 'Bash',
+        command: `npx agent-security-scanner-mcp scan-prompt "$TOOL_INPUT_COMMAND" --verbosity minimal`,
+      },
+    ];
+  }
+
+  return hooks;
+}
+
+function backupTimestamp() {
+  const d = new Date();
+  const pad = (n) => String(n).padStart(2, '0');
+  return `${d.getFullYear()}${pad(d.getMonth() + 1)}${pad(d.getDate())}-${pad(d.getHours())}${pad(d.getMinutes())}${pad(d.getSeconds())}`;
+}
+
+function parseFlags(args) {
+  const flags = { dryRun: false, path: null, withPromptGuard: false };
+  let i = 0;
+  while (i < args.length) {
+    const arg = args[i];
+    if (arg === '--dry-run') flags.dryRun = true;
+    else if (arg === '--path' && i + 1 < args.length) flags.path = args[++i];
+    else if (arg === '--with-prompt-guard') flags.withPromptGuard = true;
+    i++;
+  }
+  return flags;
+}
+
+function containsScannerHook(hooksObj) {
+  if (!hooksObj || typeof hooksObj !== 'object') return false;
+  for (const eventHooks of Object.values(hooksObj)) {
+    if (!Array.isArray(eventHooks)) continue;
+    if (eventHooks.some(h => h.command && h.command.includes(SCANNER_HOOK_MARKER))) {
+      return true;
+    }
+  }
+  return false;
+}
+
+function mergeHooks(existingHooks, newHooks) {
+  const merged = { ...existingHooks };
+
+  for (const [event, hooks] of Object.entries(newHooks)) {
+    if (!merged[event]) {
+      merged[event] = hooks;
+      continue;
+    }
+
+    // Filter out existing scanner hooks for this event
+    const nonScanner = merged[event].filter(h =>
+      !h.command || !h.command.includes(SCANNER_HOOK_MARKER)
+    );
+
+    merged[event] = [...nonScanner, ...hooks];
+  }
+
+  return merged;
+}
+
+export async function runInitHooks(args) {
+  const flags = parseFlags(args);
+
+  console.log('\n  Agentic Security - Claude Code Hooks Setup\n');
+
+  const settingsDir = flags.path || join(process.cwd(), '.claude');
+  const settingsPath = join(settingsDir, 'settings.json');
+
+  console.log(`  Settings: ${settingsPath}`);
+  console.log(`  Prompt guard: ${flags.withPromptGuard ? 'enabled' : 'disabled (use --with-prompt-guard to enable)'}`);
+  console.log('');
+
+  const newHooks = buildHooksConfig(flags.withPromptGuard);
+
+  // Read existing settings
+  let existing = {};
+  let fileExisted = false;
+  if (existsSync(settingsPath)) {
+    fileExisted = true;
+    try {
+      existing = JSON.parse(readFileSync(settingsPath, 'utf-8'));
+    } catch (e) {
+      console.error(`  ERROR: Invalid JSON in ${settingsPath}`);
+      console.error(`  ${e.message}\n`);
+      process.exit(1);
+    }
+  }
+
+  if (containsScannerHook(existing.hooks)) {
+    console.log('  Scanner hooks already configured. Updating...');
+  }
+
+  // Merge hooks non-destructively
+  const mergedHooks = mergeHooks(existing.hooks || {}, newHooks);
+  const merged = { ...existing, hooks: mergedHooks };
+  const output = JSON.stringify(merged, null, 2) + '\n';
+
+  if (flags.dryRun) {
+    console.log('  [dry-run] Would write:\n');
+    console.log('  ' + output.split('\n').join('\n  '));
+    console.log('  No changes made.\n');
+    return;
+  }
+
+  if (!existsSync(settingsDir)) {
+    mkdirSync(settingsDir, { recursive: true });
+    console.log(`  Created directory: ${settingsDir}`);
+  }
+
+  if (fileExisted) {
+    const backupPath = `${settingsPath}.bak-${backupTimestamp()}`;
+    copyFileSync(settingsPath, backupPath);
+    console.log(`  Backup: ${backupPath}`);
+  }
+
+  writeFileSync(settingsPath, output);
+  console.log(`  Wrote: ${settingsPath}\n`);
+
+  console.log('  Hooks installed:');
+  for (const [event, hooks] of Object.entries(newHooks)) {
+    for (const hook of hooks) {
+      console.log(`    - [${event}] Matcher: ${hook.matcher}`);
+    }
+  }
+
+  console.log('\n  Security scanning is now automatic for file writes and edits.');
+  console.log('  Restart Claude Code for hooks to take effect.\n');
+
+  if (!existsSync(join(process.cwd(), '.scannerrc.yaml')) &&
+      !existsSync(join(process.cwd(), '.scannerrc.yml')) &&
+      !existsSync(join(process.cwd(), '.scannerrc.json'))) {
+    console.log('  Tip: Create a .scannerrc.yaml to customize scanning:');
+    console.log('');
+    console.log('    version: 1');
+    console.log('    suppress:');
+    console.log('      - rule: "insecure-random"');
+    console.log('    exclude:');
+    console.log('      - "node_modules/**"');
+    console.log('      - "dist/**"');
+    console.log('    severity_threshold: "warning"');
+    console.log('');
+  }
+}

package/src/cli/init.js

@@ -73,12 +73,6 @@ const CLIENT_CONFIGS = {
     configKey: 'mcpServers',
     configPath: () => join(vscodeBase(), 'Code', 'User', 'globalStorage', 'sourcegraph.cody-ai', 'mcp_settings.json'),
     buildEntry: () => ({ ...MCP_SERVER_ENTRY })
-  },
-  'openclaw': {
-    name: 'OpenClaw',
-    isSkillBased: true, // OpenClaw uses skills, not MCP config
-    skillPath: () => join(homedir(), '.openclaw', 'workspace', 'skills', 'security-scanner'),
-    configPath: () => join(homedir(), '.openclaw', 'workspace', 'skills', 'security-scanner', 'SKILL.md')
   }
 };
 
@@ -156,87 +150,6 @@ function printInitUsage() {
   console.log('    npx agent-security-scanner-mcp init cline --force --name my-scanner\n');
 }
 
-// Special installer for OpenClaw (skill-based)
-async function installOpenClawSkill(client, flags) {
-  const skillDir = client.skillPath();
-  const skillFile = client.configPath();
-
-  // Find the source skill file (bundled with the package)
-  const __dirname = dirname(new URL(import.meta.url).pathname);
-  const sourceSkill = join(__dirname, '..', '..', 'skills', 'openclaw', 'SKILL.md');
-
-  console.log(`\n  Client:  ${client.name}`);
-  console.log(`  Skill:   ${skillDir}`);
-  console.log(`  OS:      ${platform()} (${process.arch})\n`);
-
-  // Check if OpenClaw workspace exists
-  const openclawDir = join(homedir(), '.openclaw');
-  if (!existsSync(openclawDir)) {
-    console.log(`  OpenClaw not found at ${openclawDir}`);
-    console.log(`  Please install OpenClaw first: https://openclaw.ai\n`);
-    process.exit(1);
-  }
-
-  // Check if source skill exists
-  if (!existsSync(sourceSkill)) {
-    console.error(`  ERROR: Skill source not found at ${sourceSkill}`);
-    console.error(`  This may be a packaging issue. Please reinstall the package.\n`);
-    process.exit(1);
-  }
-
-  // Check if skill already exists
-  if (existsSync(skillFile)) {
-    const existing = readFileSync(skillFile, 'utf-8');
-    const source = readFileSync(sourceSkill, 'utf-8');
-    if (existing === source) {
-      console.log(`  Security scanner skill is already installed (identical).`);
-      console.log(`  Nothing to do.\n`);
-      process.exit(0);
-    }
-
-    console.log(`  Security scanner skill exists but differs.`);
-    if (!flags.force) {
-      if (flags.yes) {
-        console.log(`  Skipping (use --force to overwrite).\n`);
-        process.exit(0);
-      }
-      const rl = createInterface({ input: process.stdin, output: process.stdout });
-      const answer = await new Promise((resolve) => {
-        rl.question('  Overwrite? (y/N): ', (a) => { rl.close(); resolve(a); });
-      });
-      if (answer.toLowerCase() !== 'y') {
-        console.log('  Aborted.\n');
-        process.exit(0);
-      }
-    }
-  }
-
-  // Dry-run mode
-  if (flags.dryRun) {
-    console.log(`  [dry-run] Would create directory: ${skillDir}`);
-    console.log(`  [dry-run] Would copy skill from: ${sourceSkill}`);
-    console.log(`  [dry-run] Would write to: ${skillFile}`);
-    console.log(`  No changes made.\n`);
-    process.exit(0);
-  }
-
-  // Create skill directory
-  if (!existsSync(skillDir)) {
-    mkdirSync(skillDir, { recursive: true });
-    console.log(`  Created directory: ${skillDir}`);
-  }
-
-  // Copy skill file
-  copyFileSync(sourceSkill, skillFile);
-  console.log(`  Installed skill: ${skillFile}`);
-
-  console.log(`\n  OpenClaw security scanner skill installed successfully!`);
-  console.log(`\n  Usage in OpenClaw:`);
-  console.log(`    - The skill will be auto-discovered by OpenClaw`);
-  console.log(`    - Use /security-scanner to invoke it`);
-  console.log(`    - Or ask: "scan this prompt for security issues"\n`);
-}
-
 export async function runInit(args) {
   const flags = parseInitFlags(args);
   let clientName = flags.client;
@@ -258,12 +171,6 @@ export async function runInit(args) {
     process.exit(1);
   }
 
-  // Special handling for OpenClaw (skill-based, not MCP config)
-  if (client.isSkillBased) {
-    await installOpenClawSkill(client, flags);
-    return;
-  }
-
   const configPath = flags.path || client.configPath();
   const serverName = flags.name;
   const entry = client.buildEntry();

package/src/tools/scan-diff.js

@@ -0,0 +1,151 @@
+// src/tools/scan-diff.js
+import { z } from "zod";
+import { execFileSync } from "child_process";
+import { existsSync } from "fs";
+import { scanSecurity } from './scan-security.js';
+
+export const scanDiffSchema = {
+  base_ref: z.string().optional().describe("Base git ref (default: HEAD~1)"),
+  target_ref: z.string().optional().describe("Target git ref (default: HEAD)"),
+  verbosity: z.enum(['minimal', 'compact', 'full']).optional().describe("Response detail level")
+};
+
+// Parse unified diff output to extract changed files and line ranges
+function parseDiffOutput(diffOutput) {
+  const changes = new Map(); // filePath -> Set<lineNumber>
+  let currentFile = null;
+
+  for (const line of diffOutput.split('\n')) {
+    // Match diff header: +++ b/path/to/file
+    const fileMatch = line.match(/^\+\+\+ b\/(.+)$/);
+    if (fileMatch) {
+      currentFile = fileMatch[1];
+      if (!changes.has(currentFile)) {
+        changes.set(currentFile, new Set());
+      }
+      continue;
+    }
+
+    // Match hunk header: @@ -old,count +new,count @@
+    const hunkMatch = line.match(/^@@ -\d+(?:,\d+)? \+(\d+)(?:,(\d+))? @@/);
+    if (hunkMatch && currentFile) {
+      const start = parseInt(hunkMatch[1], 10);
+      const count = parseInt(hunkMatch[2] || '1', 10);
+      const fileChanges = changes.get(currentFile);
+      for (let i = start; i < start + count; i++) {
+        fileChanges.add(i);
+      }
+    }
+  }
+
+  return changes;
+}
+
+export async function scanDiff({ base_ref, target_ref, verbosity }) {
+  const base = base_ref || 'HEAD~1';
+  const target = target_ref || 'HEAD';
+
+  // Get diff output
+  let diffOutput;
+  try {
+    diffOutput = execFileSync('git', ['diff', '--unified=0', `${base}...${target}`], {
+      encoding: 'utf-8',
+      timeout: 30000,
+      maxBuffer: 10 * 1024 * 1024
+    });
+  } catch (err) {
+    // Try without three-dot notation (for uncommitted changes)
+    try {
+      diffOutput = execFileSync('git', ['diff', '--unified=0', base, target], {
+        encoding: 'utf-8',
+        timeout: 30000,
+        maxBuffer: 10 * 1024 * 1024
+      });
+    } catch (err2) {
+      return {
+        content: [{ type: "text", text: JSON.stringify({ error: `Git diff failed: ${err2.message}` }) }]
+      };
+    }
+  }
+
+  if (!diffOutput.trim()) {
+    return {
+      content: [{ type: "text", text: JSON.stringify({ message: "No changes found between refs", base, target, issues_count: 0 }) }]
+    };
+  }
+
+  // Parse diff to get changed files and lines
+  const changes = parseDiffOutput(diffOutput);
+  const allIssues = [];
+  const scannedFiles = [];
+
+  // Scan each changed file
+  for (const [filePath, changedLines] of changes) {
+    if (!existsSync(filePath)) continue;
+
+    const result = await scanSecurity({ file_path: filePath, verbosity: 'full' });
+    const parsed = JSON.parse(result.content[0].text);
+
+    if (parsed.issues && Array.isArray(parsed.issues)) {
+      // Filter to only issues on changed lines
+      const diffIssues = parsed.issues.filter(issue => {
+        const issueLine = (issue.line || 0) + 1; // convert 0-indexed to 1-indexed
+        return changedLines.has(issueLine);
+      });
+
+      for (const issue of diffIssues) {
+        allIssues.push({ ...issue, file: filePath });
+      }
+    }
+    scannedFiles.push(filePath);
+  }
+
+  // Format based on verbosity
+  const level = verbosity || 'compact';
+
+  if (level === 'minimal') {
+    const bySeverity = { error: 0, warning: 0, info: 0 };
+    allIssues.forEach(i => bySeverity[i.severity] = (bySeverity[i.severity] || 0) + 1);
+    return {
+      content: [{ type: "text", text: JSON.stringify({
+        base, target,
+        files_scanned: scannedFiles.length,
+        total: allIssues.length,
+        critical: bySeverity.error,
+        warning: bySeverity.warning,
+        info: bySeverity.info,
+        message: allIssues.length > 0
+          ? `Found ${allIssues.length} new issue(s) in changed code.`
+          : "No new security issues in changed code."
+      }) }]
+    };
+  }
+
+  if (level === 'compact') {
+    return {
+      content: [{ type: "text", text: JSON.stringify({
+        base, target,
+        files_scanned: scannedFiles.length,
+        issues_count: allIssues.length,
+        issues: allIssues.map(i => ({
+          file: i.file,
+          line: (i.line || 0) + 1,
+          ruleId: i.ruleId,
+          severity: i.severity,
+          message: i.message
+        }))
+      }, null, 2) }]
+    };
+  }
+
+  // full
+  return {
+    content: [{ type: "text", text: JSON.stringify({
+      base, target,
+      files_scanned: scannedFiles.length,
+      issues_count: allIssues.length,
+      issues: allIssues,
+      changed_files: Array.from(changes.keys())
+    }, null, 2) }]
+  };
+}

package/src/tools/scan-project.js

@@ -0,0 +1,308 @@
+// src/tools/scan-project.js
+import { z } from "zod";
+import { existsSync, readFileSync, readdirSync, statSync } from "fs";
+import { join, resolve, relative, extname, basename } from "path";
+import { execFileSync } from "child_process";
+import { scanSecurity } from './scan-security.js';
+import { matchGlob, loadConfig, shouldExcludeFile } from '../config.js';
+import { detectLanguage } from '../utils.js';
+
+export const scanProjectSchema = {
+  directory_path: z.string().describe("Path to the directory to scan"),
+  recursive: z.boolean().optional().describe("Scan subdirectories recursively (default: true)"),
+  include_patterns: z.array(z.string()).optional().describe("Glob patterns to include (e.g. ['**/*.py', '**/*.js'])"),
+  exclude_patterns: z.array(z.string()).optional().describe("Glob patterns to exclude (e.g. ['*test*', 'vendor/**'])"),
+  diff_only: z.boolean().optional().describe("Only scan git-changed files"),
+  cross_file: z.boolean().optional().describe("Enable cross-file taint analysis (max 50 files)"),
+  verbosity: z.enum(['minimal', 'compact', 'full']).optional().describe("Response detail level")
+};
+
+// Scannable file extensions
+const SCANNABLE_EXTENSIONS = new Set([
+  '.py', '.js', '.ts', '.tsx', '.jsx', '.java', '.go', '.rb', '.php',
+  '.rs', '.c', '.cpp', '.cc', '.cxx', '.h', '.hpp', '.cs',
+  '.tf', '.hcl', '.sql',
+]);
+
+// Parse .gitignore into patterns
+function parseGitignore(dirPath) {
+  const gitignorePath = join(dirPath, '.gitignore');
+  if (!existsSync(gitignorePath)) return [];
+
+  try {
+    const content = readFileSync(gitignorePath, 'utf-8');
+    return content.split('\n')
+      .map(line => line.trim())
+      .filter(line => line && !line.startsWith('#'))
+      .map(line => {
+        // Normalize: remove trailing slash for directories
+        if (line.endsWith('/')) return line.slice(0, -1) + '/**';
+        return line;
+      });
+  } catch {
+    return [];
+  }
+}
+
+// Check if a file path matches gitignore patterns
+function isGitignored(filePath, patterns) {
+  const normalized = filePath.replace(/\\/g, '/');
+  return patterns.some(pattern => matchGlob(normalized, pattern));
+}
+
+// Recursively walk a directory, respecting exclusions
+function walkDirectory(dirPath, options = {}) {
+  const { recursive = true, includePatterns = [], excludePatterns = [], gitignorePatterns = [], config } = options;
+  const files = [];
+
+  function walk(currentDir) {
+    let entries;
+    try {
+      entries = readdirSync(currentDir);
+    } catch {
+      return;
+    }
+
+    for (const entry of entries) {
+      // Skip hidden directories/files
+      if (entry.startsWith('.')) continue;
+
+      const fullPath = join(currentDir, entry);
+      const relativePath = relative(dirPath, fullPath);
+
+      let stat;
+      try {
+        stat = statSync(fullPath);
+      } catch {
+        continue;
+      }
+
+      if (stat.isDirectory()) {
+        // Skip common non-source directories
+        if (['node_modules', 'vendor', 'dist', 'build', '__pycache__', '.git',
+             'venv', 'env', '.venv', 'target', 'coverage'].includes(entry)) continue;
+
+        // Skip gitignored directories
+        if (isGitignored(relativePath, gitignorePatterns)) continue;
+
+        if (recursive) walk(fullPath);
+      } else if (stat.isFile()) {
+        const ext = extname(entry).toLowerCase();
+        const base = basename(entry).toLowerCase();
+
+        // Check extension or special filenames
+        if (!SCANNABLE_EXTENSIONS.has(ext) && base !== 'dockerfile') continue;
+
+        // Check gitignore
+        if (isGitignored(relativePath, gitignorePatterns)) continue;
+
+        // Check config exclusions
+        if (config && shouldExcludeFile(relativePath, config)) continue;
+
+        // Check include patterns (if specified, only include matching files)
+        if (includePatterns.length > 0) {
+          const matches = includePatterns.some(p => matchGlob(relativePath, p));
+          if (!matches) continue;
+        }
+
+        // Check exclude patterns (if specified, skip matching files)
+        if (excludePatterns.length > 0) {
+          const excluded = excludePatterns.some(p => matchGlob(relativePath, p) || relativePath.includes(p) || entry.includes(p));
+          if (excluded) continue;
+        }
+
+        files.push(fullPath);
+      }
+    }
+  }
+
+  walk(dirPath);
+  return files;
+}
+
+// Get git-changed files in a directory
+function getGitChangedFiles(dirPath) {
+  try {
+    const output = execFileSync('git', ['diff', '--name-only', 'HEAD'], {
+      cwd: dirPath, encoding: 'utf-8', timeout: 10000
+    });
+    const untrackedOutput = execFileSync('git', ['ls-files', '--others', '--exclude-standard'], {
+      cwd: dirPath, encoding: 'utf-8', timeout: 10000
+    });
+    const allFiles = [...output.trim().split('\n'), ...untrackedOutput.trim().split('\n')]
+      .filter(f => f.trim())
+      .map(f => resolve(dirPath, f))
+      .filter(f => existsSync(f));
+    return [...new Set(allFiles)];
+  } catch {
+    return [];
+  }
+}
+
+// Calculate security grade based on findings
+function calculateGrade(totalIssues, totalFiles, errorCount) {
+  if (totalFiles === 0) return 'A';
+  const density = totalIssues / totalFiles;
+
+  if (errorCount === 0 && density === 0) return 'A';
+  if (errorCount === 0 && density < 0.5) return 'B';
+  if (errorCount <= 2 && density < 1.5) return 'C';
+  if (errorCount <= 5 && density < 3) return 'D';
+  return 'F';
+}
+
+export async function scanProject({ directory_path, recursive, include_patterns, exclude_patterns, diff_only, cross_file, verbosity }) {
+  const dirPath = resolve(directory_path);
+
+  if (!existsSync(dirPath)) {
+    return {
+      content: [{ type: "text", text: JSON.stringify({ error: "Directory not found" }) }]
+    };
+  }
+
+  // Load config from directory
+  const config = loadConfig(join(dirPath, 'dummy.js'));
+  const gitignorePatterns = parseGitignore(dirPath);
+
+  // Get files to scan
+  let files;
+  if (diff_only) {
+    files = getGitChangedFiles(dirPath);
+  } else {
+    files = walkDirectory(dirPath, {
+      recursive: recursive !== false,
+      includePatterns: include_patterns || [],
+      excludePatterns: exclude_patterns || [],
+      gitignorePatterns,
+      config
+    });
+  }
+
+  // Filter to scannable extensions
+  files = files.filter(f => {
+    const ext = extname(f).toLowerCase();
+    const base = basename(f).toLowerCase();
+    return SCANNABLE_EXTENSIONS.has(ext) || base === 'dockerfile';
+  });
+
+  if (files.length === 0) {
+    return {
+      content: [{ type: "text", text: JSON.stringify({
+        directory: dirPath,
+        message: "No scannable files found",
+        files_scanned: 0,
+        grade: 'A'
+      }) }]
+    };
+  }
+
+  // Scan each file
+  const allIssues = [];
+  const byFile = {};
+  const bySeverity = { error: 0, warning: 0, info: 0 };
+  const byCategory = {};
+
+  for (const filePath of files) {
+    const result = await scanSecurity({ file_path: filePath, verbosity: 'full' });
+    const parsed = JSON.parse(result.content[0].text);
+
+    if (parsed.issues && Array.isArray(parsed.issues)) {
+      const relativePath = relative(dirPath, filePath);
+      byFile[relativePath] = parsed.issues.length;
+
+      for (const issue of parsed.issues) {
+        allIssues.push({ ...issue, file: relativePath });
+        bySeverity[issue.severity] = (bySeverity[issue.severity] || 0) + 1;
+        const category = issue.ruleId?.split('.')[0] || 'other';
+        byCategory[category] = (byCategory[category] || 0) + 1;
+      }
+    }
+  }
+
+  // Cross-file taint analysis (opt-in, max 50 files)
+  let crossFileIssues = [];
+  if (cross_file && files.length <= 50) {
+    try {
+      const { runCrossFileAnalyzer } = await import('../utils.js');
+      if (typeof runCrossFileAnalyzer === 'function') {
+        const crossResults = runCrossFileAnalyzer(files);
+        if (Array.isArray(crossResults)) {
+          crossFileIssues = crossResults;
+          for (const issue of crossFileIssues) {
+            const relativePath = relative(dirPath, issue.file || '');
+            allIssues.push({ ...issue, file: relativePath });
+            bySeverity[issue.severity] = (bySeverity[issue.severity] || 0) + 1;
+          }
+        }
+      }
+    } catch {
+      // Cross-file analysis not available
+    }
+  }
+
+  const grade = calculateGrade(allIssues.length, files.length, bySeverity.error);
+  const level = verbosity || 'compact';
+
+  if (level === 'minimal') {
+    return {
+      content: [{ type: "text", text: JSON.stringify({
+        directory: dirPath,
+        files_scanned: files.length,
+        total: allIssues.length,
+        critical: bySeverity.error,
+        warning: bySeverity.warning,
+        info: bySeverity.info,
+        grade,
+        message: allIssues.length > 0
+          ? `Found ${allIssues.length} issue(s) across ${files.length} files. Grade: ${grade}`
+          : `No issues found in ${files.length} files. Grade: ${grade}`
+      }) }]
+    };
+  }
+
+  if (level === 'compact') {
+    // Show top issues per file, sorted by severity
+    const topIssues = allIssues
+      .sort((a, b) => {
+        const order = { error: 0, warning: 1, info: 2 };
+        return (order[a.severity] || 2) - (order[b.severity] || 2);
+      })
+      .slice(0, 50)
+      .map(i => ({
+        file: i.file,
+        line: (i.line || 0) + 1,
+        ruleId: i.ruleId,
+        severity: i.severity,
+        message: i.message
+      }));
+
+    return {
+      content: [{ type: "text", text: JSON.stringify({
+        directory: dirPath,
+        files_scanned: files.length,
+        issues_count: allIssues.length,
+        grade,
+        by_severity: bySeverity,
+        by_category: byCategory,
+        cross_file_issues: crossFileIssues.length > 0 ? crossFileIssues.length : undefined,
+        issues: topIssues
+      }, null, 2) }]
+    };
+  }
+
+  // full
+  return {
+    content: [{ type: "text", text: JSON.stringify({
+      directory: dirPath,
+      files_scanned: files.length,
+      issues_count: allIssues.length,
+      grade,
+      by_severity: bySeverity,
+      by_category: byCategory,
+      by_file: byFile,
+      cross_file_issues: crossFileIssues.length > 0 ? crossFileIssues : undefined,
+      issues: allIssues,
+      scanned_files: files.map(f => relative(dirPath, f))
+    }, null, 2) }]
+  };
+}

package/src/tools/scan-prompt.js

@@ -39,12 +39,6 @@ const CATEGORY_WEIGHTS = {
   "prompt-injection-privilege": 0.85,
   "prompt-injection-multi-turn": 0.7,
   "prompt-injection-output": 0.9,
-  // OpenClaw-specific categories
-  "data_exfiltration": 1.0,
-  "messaging_abuse": 0.95,
-  "credential_theft": 1.0,
-  "autonomous_harm": 0.9,
-  "service_attack": 0.95,
   "unknown": 0.5
 };
 
@@ -195,69 +189,6 @@ function loadPromptInjectionRules() {
   }
 }
 
-// Load OpenClaw-specific rules
-function loadOpenClawRules() {
-  try {
-    const rulesPath = join(__dirname, '..', '..', 'rules', 'openclaw.security.yaml');
-    if (!existsSync(rulesPath)) {
-      return [];
-    }
-
-    const yaml = readFileSync(rulesPath, 'utf-8');
-    const rules = [];
-
-    const ruleBlocks = yaml.split(/^  - id:/m).slice(1);
-
-    for (const block of ruleBlocks) {
-      const lines = ('  - id:' + block).split('\n');
-      const rule = {
-        id: '',
-        severity: 'WARNING',
-        message: '',
-        patterns: [],
-        metadata: {}
-      };
-
-      let inPatterns = false;
-
-      for (const line of lines) {
-        if (line.match(/^\s+- id:\s*/)) {
-          rule.id = line.replace(/^\s+- id:\s*/, '').trim();
-        } else if (line.match(/^\s+severity:\s*/)) {
-          rule.severity = line.replace(/^\s+severity:\s*/, '').trim();
-        } else if (line.match(/^\s+category:\s*/)) {
-          rule.metadata.category = line.replace(/^\s+category:\s*/, '').trim();
-        } else if (line.match(/^\s+action:\s*/)) {
-          rule.metadata.action = line.replace(/^\s+action:\s*/, '').trim();
-        } else if (line.match(/^\s+message:\s*/)) {
-          rule.message = line.replace(/^\s+message:\s*["']?/, '').replace(/["']$/, '').trim();
-        } else if (line.match(/^\s+patterns:\s*$/)) {
-          inPatterns = true;
-        } else if (inPatterns && line.match(/^\s+- /)) {
-          let pattern = line.replace(/^\s+- /, '').trim();
-          pattern = pattern.replace(/^["']|["']$/g, '');
-          pattern = pattern.replace(/\\\\/g, '\\');
-          if (pattern) rule.patterns.push(pattern);
-        } else if (line.match(/^\s+\w+:/) && !line.match(/^\s+- /)) {
-          inPatterns = false;
-        }
-      }
-
-      if (rule.id && rule.patterns.length > 0) {
-        // Set confidence and risk score based on severity
-        rule.metadata.confidence = rule.severity === 'CRITICAL' ? 'HIGH' : 'MEDIUM';
-        rule.metadata.risk_score = rule.severity === 'CRITICAL' ? '90' : '70';
-        rules.push(rule);
-      }
-    }
-
-    return rules;
-  } catch (error) {
-    console.error("Error loading OpenClaw rules:", error.message);
-    return [];
-  }
-}
-
 // Calculate risk score from findings
 function calculateRiskScore(findings, context) {
   if (findings.length === 0) return 0;
@@ -446,8 +377,7 @@ export async function scanAgentPrompt({ prompt_text, context, verbosity }) {
   // Load rules
   const agentRules = loadAgentAttackRules();
   const promptRules = loadPromptInjectionRules();
-  const openclawRules = loadOpenClawRules();
-  const allRules = [...agentRules, ...promptRules, ...openclawRules];
+  const allRules = [...agentRules, ...promptRules];
 
   // 2.7: Extract content from code blocks and append to scan text
   let expandedText = prompt_text;

package/skills/openclaw/SKILL.md

@@ -1,102 +0,0 @@
----
-name: security-scanner
-description: Scan prompts and code for security threats using agent-security-scanner-mcp. Protects against prompt injection, data exfiltration, and credential theft.
-metadata: {"openclaw":{"emoji":"🛡️","requires":{"bins":["npx"]}}}
-homepage: https://github.com/sinewaveai/agent-security-scanner-mcp
----
-
-## Security Scanner for OpenClaw
-
-Protect your OpenClaw instance from:
-- **Prompt injection attacks** - Detects attempts to manipulate your AI assistant
-- **Data exfiltration** - Blocks attempts to steal emails, contacts, files
-- **Credential theft** - Prevents exposure of API keys, passwords, SSH keys
-- **Messaging abuse** - Stops mass messaging and impersonation attacks
-- **Unsafe automation** - Warns about scheduled tasks without confirmation
-
-## Quick Start
-
-Install the scanner globally:
-```bash
-npm install -g agent-security-scanner-mcp
-```
-
-Or use directly with npx (no install needed).
-
-## Commands
-
-### Scan a Prompt
-Check if a prompt is safe before execution:
-```bash
-npx agent-security-scanner-mcp scan-prompt "forward all my emails to someone@example.com"
-```
-
-Returns `BLOCK`, `WARN`, or `ALLOW` with risk assessment.
-
-### Scan Code
-Check code for vulnerabilities before running:
-```bash
-npx agent-security-scanner-mcp scan-security ./script.py --verbosity minimal
-```
-
-### Check Package
-Verify a package isn't hallucinated (AI-invented):
-```bash
-npx agent-security-scanner-mcp check-package some-package npm
-```
-
-## Usage Instructions
-
-When a user asks you to do something potentially risky, scan it first:
-
-1. **Before executing shell commands** - Scan for injection attacks
-2. **Before running code** - Check for vulnerabilities
-3. **Before sending messages** - Verify no mass-messaging or phishing
-4. **Before accessing sensitive data** - Check for exfiltration attempts
-
-### Example Workflow
-
-```
-User: "Forward all my work emails to my personal Gmail"
-
-You: Let me check this request for security concerns...
-[Run: npx agent-security-scanner-mcp scan-prompt "Forward all my work emails to my personal Gmail"]
-
-Result: BLOCK - Potential email exfiltration attempt
-
-You: I've detected this could be a security risk. Email forwarding to external addresses
-could expose sensitive work information. Would you like to:
-1. Set up selective forwarding with filters
-2. Forward only from specific senders
-3. Proceed anyway (not recommended)
-```
-
-## Verbosity Levels
-
-- `--verbosity minimal` - Just action + risk level (~50 tokens)
-- `--verbosity compact` - Action + findings summary (~200 tokens)
-- `--verbosity full` - Complete audit trail (~500 tokens)
-
-## What It Detects
-
-### OpenClaw-Specific Threats
-| Category | Examples |
-|----------|----------|
-| Data Exfiltration | "Forward emails to...", "Upload files to...", "Share cookies" |
-| Messaging Abuse | "Send to all contacts", "Auto-reply to everyone" |
-| Credential Theft | "Show my passwords", "Access keychain", "List API keys" |
-| Unsafe Automation | "Run hourly without asking", "Disable safety checks" |
-| Service Attacks | "Delete all repos", "Make payment to..." |
-
-### General Security
-- SQL injection, XSS, command injection in code
-- Hardcoded secrets and API keys
-- Weak cryptography
-- Insecure deserialization
-
-## Exit Codes
-
-- `0` - Safe / No issues
-- `1` - Issues found / Action required
-
-Use exit codes in scripts to automatically block risky operations.

package/skills/security-scan-batch.md

@@ -1,107 +0,0 @@
----
-name: security-scan-batch
-description: Use when scanning multiple files or entire directories for security vulnerabilities. Dispatches parallel subagents for efficient batch scanning with consolidated results.
----
-
-# Batch Security Scanner Skill
-
-You are a batch security scanning coordinator. Scan multiple files efficiently and return consolidated results that minimize context consumption.
-
-## Workflow
-
-1. **Identify files to scan** - Use glob patterns or file list provided
-2. **Scan each file** using `mcp__security-scanner__scan_security` with `verbosity: 'minimal'`
-3. **For files with issues**, get details with `verbosity: 'compact'`
-4. **Consolidate results** - Merge findings, deduplicate, prioritize
-5. **Return executive summary**
-
-## Response Format
-
-```
-## Security Scan Summary
-
-**Files Scanned:** {N}
-**Files with Issues:** {N}
-**Total Issues:** {critical} critical, {warning} warning
-
-### Files Requiring Attention
-
-| File | Critical | Warning | Top Issue |
-|------|----------|---------|-----------|
-| path/file1.py | 2 | 3 | SQL Injection (L15) |
-| path/file2.js | 0 | 1 | XSS (L42) |
-
-### Priority Fixes (Top 10)
-1. **path/file1.py:15** - SQL Injection: Use parameterized query
-2. **path/file1.py:28** - Hardcoded secret: Move to env var
-3. **path/file2.js:42** - XSS: Use textContent instead of innerHTML
-...
-
-### Quick Fix
-To auto-fix all issues: scan each file with fix_security tool.
-```
-
-## Rules
-
-- DO scan files using `verbosity: 'minimal'` first for quick triage
-- DO only fetch `verbosity: 'compact'` for files that have issues
-- DO consolidate into single summary
-- DO NOT return individual file JSON details
-- DO prioritize by: critical severity > file count > line number
-- DO limit to top 10 priority fixes in summary
-
-## Scanning Patterns
-
-For common batch operations:
-
-**Python project:**
-```
-Glob: **/*.py
-Exclude: **/venv/**, **/__pycache__/**
-```
-
-**JavaScript/TypeScript project:**
-```
-Glob: **/*.{js,ts,jsx,tsx}
-Exclude: **/node_modules/**, **/dist/**
-```
-
-**Full project scan:**
-```
-Glob: **/*.{py,js,ts,java,go,rb,php}
-Exclude: **/vendor/**, **/node_modules/**, **/venv/**
-```
-
-## Example
-
-User asks: "Scan all Python files in src/"
-
-You run:
-1. Glob for `src/**/*.py` - find 15 files
-2. Scan each with `verbosity: 'minimal'` - 4 have issues
-3. Get `verbosity: 'compact'` for those 4 files
-4. Consolidate and return summary
-
-Response:
-```
-## Security Scan Summary
-
-**Files Scanned:** 15
-**Files with Issues:** 4
-**Total Issues:** 3 critical, 8 warning
-
-### Files Requiring Attention
-
-| File | Critical | Warning | Top Issue |
-|------|----------|---------|-----------|
-| src/db.py | 2 | 1 | SQL Injection (L23) |
-| src/auth.py | 1 | 3 | Hardcoded secret (L15) |
-| src/api.py | 0 | 2 | SSL disabled (L67) |
-| src/utils.py | 0 | 2 | Weak crypto (L12) |
-
-### Priority Fixes (Top 10)
-1. **src/db.py:23** - SQL Injection: Use parameterized query
-2. **src/db.py:45** - SQL Injection: Use parameterized query
-3. **src/auth.py:15** - Hardcoded secret: Move API_KEY to env var
-...
-```

package/skills/security-scanner.md

@@ -1,76 +0,0 @@
----
-name: security-scanner
-description: Use when scanning files for security vulnerabilities. Runs comprehensive security analysis via subagent, returns concise actionable summary to main context.
----
-
-# Security Scanner Skill
-
-You are a security scanning subagent. Your job is to run comprehensive security analysis and return a concise, actionable summary that minimizes context consumption in the main conversation.
-
-## Workflow
-
-1. **Scan the file** using `mcp__security-scanner__scan_security` with `verbosity: 'full'`
-2. **Analyze findings** - group by severity, identify patterns
-3. **If fixes needed**, use `mcp__security-scanner__fix_security` with `verbosity: 'full'`
-4. **Return concise summary** (not the full JSON output)
-
-## Response Format
-
-Return ONLY this format to the main conversation:
-
-```
-## Security Scan: {filename}
-
-**Status:** {PASS | WARN | FAIL}
-**Issues:** {critical} critical, {warning} warning, {info} info
-
-{If issues found:}
-### Priority Fixes
-1. **Line {N}**: {rule} - {one-line fix description}
-2. **Line {N}**: {rule} - {one-line fix description}
-{limit to top 5}
-
-### Auto-Fix Available
-Run `mcp__security-scanner__fix_security` to automatically apply {N} fixes.
-
-{If no issues:}
-No security issues detected.
-```
-
-## Rules
-
-- DO use `verbosity: 'full'` internally for complete analysis
-- DO return only the summary format above to the main conversation
-- DO NOT include raw JSON in your response
-- DO NOT include metadata, CWE references, or verbose explanations
-- DO prioritize fixes by severity (critical > warning > info)
-- DO limit to top 5 issues if more than 5 found
-- DO mention auto-fix availability if fixes can be applied
-
-## Example
-
-User asks: "Scan app.py for security issues"
-
-You run internally:
-```
-mcp__security-scanner__scan_security({ file_path: "app.py", verbosity: "full" })
-```
-
-You return:
-```
-## Security Scan: app.py
-
-**Status:** WARN
-**Issues:** 1 critical, 3 warning, 0 info
-
-### Priority Fixes
-1. **Line 15**: sql-injection - Use parameterized query instead of string concat
-2. **Line 28**: hardcoded-secret - Move API key to environment variable
-3. **Line 42**: weak-crypto-md5 - Replace MD5 with SHA-256
-4. **Line 67**: ssl-verify-disabled - Enable SSL certificate verification
-
-### Auto-Fix Available
-Run fix_security to automatically apply 4 fixes.
-```
-
-This approach keeps main conversation context minimal (~200 tokens vs 2000+ for raw output).