agent-security-scanner-mcp 3.4.0 → 3.5.0

package/pattern_matcher.py

@@ -430,7 +430,6 @@ class Finding:
     end_column: int = 0
     metavariables: Dict[str, str] = field(default_factory=dict)
     metadata: Dict[str, Any] = field(default_factory=dict)
-    confidence: str = "MEDIUM"
 
 
 class RuleEngine:

package/regex_fallback.py

@@ -9,207 +9,10 @@ from typing import List, Dict, Optional
 import re
 
 
-# Severity classification by vulnerability class
-SEVERITY_MAP = {
-    # ERROR - exploitable vulnerabilities (injection, RCE, deserialization)
-    'sql-injection': 'error',
-    'sql-injection-query': 'error',
-    'sql-injection-sprintf': 'error',
-    'sql-injection-where': 'error',
-    'sql-injection-order': 'error',
-    'sql-injection-raw': 'error',
-    'sql-injection-db-cursor': 'error',
-    'sql-injection-using-sqlalchemy': 'error',
-    'sql-injection-sqlcommand': 'error',
-    'sql-injection-sqlquery': 'error',
-    'sql-injection-concat': 'error',
-    'command-injection': 'error',
-    'command-injection-exec': 'error',
-    'command-injection-system': 'error',
-    'command-injection-open': 'error',
-    'command-injection-process-start': 'error',
-    'child-process-exec': 'error',
-    'spawn-shell': 'error',
-    'dangerous-subprocess-use': 'error',
-    'dangerous-system-call': 'error',
-    'eval-detected': 'error',
-    'eval-usage': 'error',
-    'exec-detected': 'error',
-    'pickle-load': 'error',
-    'unsafe-unserialize': 'error',
-    'unsafe-yaml-load': 'error',
-    'unsafe-marshal': 'error',
-    'yaml-load': 'error',
-    'file-inclusion': 'error',
-    'path-traversal': 'error',
-    'xss-echo': 'error',
-    'xss-raw': 'error',
-    'ssrf': 'error',
-    'open-redirect': 'error',
-    'backticks-exec': 'error',
-    'preg-code-exec': 'error',
-    'assert-usage': 'error',
-    'insecure-deserialization-binaryformatter': 'error',
-    'insecure-deserialization-xmlserializer': 'error',
-    'libc-system-call': 'error',
-    'format-string-printf': 'error',
-    'format-string-syslog': 'error',
-    'xss-innerhtml': 'error',
-    'xss-response-write': 'error',
-    'path-traversal-directory-delete': 'error',
-    'path-traversal-file-delete': 'error',
-    'path-traversal-file-read': 'error',
-
-    # WARNING - risky patterns requiring attention
-    'innerHTML': 'warning',
-    'outerHTML': 'warning',
-    'document-write': 'warning',
-    'insertAdjacentHTML': 'warning',
-    'dangerouslySetInnerHTML': 'warning',
-    'function-constructor': 'warning',
-    'setTimeout-string': 'warning',
-    'strcpy-usage': 'warning',
-    'strcat-usage': 'warning',
-    'sprintf-usage': 'warning',
-    'vsprintf-usage': 'warning',
-    'gets-usage': 'warning',
-    'system-usage': 'warning',
-    'popen-usage': 'warning',
-    'hardcoded-password': 'warning',
-    'hardcoded-secret': 'warning',
-    'hardcoded-api-key': 'warning',
-    'hardcoded-connection-string': 'warning',
-    'session-secret-hardcoded': 'warning',
-    'ssl-verify-disabled': 'warning',
-    'curl-ssl-disabled': 'warning',
-    'csrf-disabled': 'warning',
-    'mass-assignment-permit-all': 'warning',
-    'constantize': 'warning',
-    'render-inline': 'warning',
-    'privileged-container': 'warning',
-    'run-as-root': 'warning',
-    'allow-privilege-escalation': 'warning',
-    'host-network': 'warning',
-    'host-pid': 'warning',
-    'host-path': 'warning',
-    'secrets-in-env': 'warning',
-    'cluster-admin-binding': 'warning',
-    'capabilities-add': 'warning',
-    'no-readonly-root': 'warning',
-    'wildcard-rbac': 'warning',
-    's3-public-read': 'warning',
-    'security-group-open-ingress': 'warning',
-    'rds-public-access': 'warning',
-    'rds-encryption-disabled': 'warning',
-    'rds-deletion-protection': 'warning',
-    'cloudtrail-disabled': 'warning',
-    'kms-key-rotation': 'warning',
-    'ebs-encryption-disabled': 'warning',
-    'ec2-imdsv1': 'warning',
-    'phpinfo-exposure': 'warning',
-    'error-display': 'warning',
-    'permissive-cors': 'warning',
-    'mcrypt-deprecated': 'warning',
-    'aws-access-key-id': 'warning',
-    'aws-secret-access-key': 'warning',
-    'github-pat': 'warning',
-    'stripe-api-key': 'warning',
-    'private-key-rsa': 'warning',
-    'database-url': 'warning',
-    'jwt-token': 'warning',
-    'openai-api-key': 'warning',
-    'python.lang.security.audit.hardcoded-password': 'warning',
-    'python.lang.security.audit.hardcoded-api-key': 'warning',
-    'generic.secrets.security.hardcoded-password': 'warning',
-    'generic.secrets.security.hardcoded-api-key': 'warning',
-
-    # INFO - informational / hygiene / low-risk patterns
-    'weak-hash-md5': 'info',
-    'weak-hash-sha1': 'info',
-    'weak-hash': 'info',
-    'weak-cipher': 'info',
-    'weak-cipher-des': 'info',
-    'ecb-mode': 'info',
-    'weak-random': 'info',
-    'insecure-random': 'info',
-    'insecure-hash-md5': 'info',
-    'insecure-hash-sha1': 'info',
-    'insecure-memset': 'info',
-    'strtok-usage': 'info',
-    'insecure-tempfile': 'info',
-    'unchecked-return': 'info',
-    'unsafe-block': 'info',
-    'unwrap-usage': 'info',
-    'raw-pointer-deref': 'info',
-    'panic-usage': 'info',
-    'compile-detected': 'info',
-    'scanf-usage': 'info',
-}
-
-# Confidence classification by rule ID
-CONFIDENCE_MAP = {
-    # HIGH - very specific patterns, low false-positive rate
-    'sql-injection-db-cursor': 'HIGH',
-    'sql-injection-using-sqlalchemy': 'HIGH',
-    'sql-injection-sqlcommand': 'HIGH',
-    'sql-injection-sqlquery': 'HIGH',
-    'sql-injection-concat': 'HIGH',
-    'format-string-printf': 'HIGH',
-    'format-string-syslog': 'HIGH',
-    'pickle-load': 'HIGH',
-    'eval-detected': 'HIGH',
-    'eval-usage': 'HIGH',
-    'exec-detected': 'HIGH',
-    'child-process-exec': 'HIGH',
-    'dangerous-subprocess-use': 'HIGH',
-    'dangerous-system-call': 'HIGH',
-    'hardcoded-password': 'HIGH',
-    'hardcoded-connection-string': 'HIGH',
-    'aws-access-key-id': 'HIGH',
-    'github-pat': 'HIGH',
-    'stripe-api-key': 'HIGH',
-    'private-key-rsa': 'HIGH',
-    'openai-api-key': 'HIGH',
-    'unsafe-unserialize': 'HIGH',
-    'backticks-exec': 'HIGH',
-    'preg-code-exec': 'HIGH',
-    'file-inclusion': 'HIGH',
-    'gets-usage': 'HIGH',
-    'insecure-deserialization-binaryformatter': 'HIGH',
-    'insecure-deserialization-xmlserializer': 'HIGH',
-
-    # LOW - broad patterns with high false-positive rate
-    'compile-detected': 'LOW',
-    'unsafe-block': 'LOW',
-    'unwrap-usage': 'LOW',
-    'insecure-memset': 'LOW',
-    'strtok-usage': 'LOW',
-    'unchecked-return': 'LOW',
-    'scanf-usage': 'LOW',
-    'panic-usage': 'LOW',
-    'raw-pointer-deref': 'LOW',
-    'insecure-random': 'LOW',
-    'weak-random': 'LOW',
-    'insecure-hash-md5': 'LOW',
-    'insecure-hash-sha1': 'LOW',
-    'weak-hash-md5': 'LOW',
-    'weak-hash-sha1': 'LOW',
-    'weak-hash': 'LOW',
-    'database-url': 'LOW',
-
-    # Everything else defaults to MEDIUM
-}
-
-
 def _make_finding(rule_id: str, line_idx: int, line: str, col_start: int = 0, col_end: Optional[int] = None,
-                  message: Optional[str] = None, severity: Optional[str] = None,
-                  confidence: Optional[str] = None) -> Dict:
+                  message: Optional[str] = None, severity: str = "warning") -> Dict:
     if col_end is None:
         col_end = max(col_start + 1, len(line.rstrip("\n")))
-    if severity is None:
-        severity = SEVERITY_MAP.get(rule_id, "warning")
-    if confidence is None:
-        confidence = CONFIDENCE_MAP.get(rule_id, "MEDIUM")
     return {
         "ruleId": rule_id,
         "message": message or f"[Regex] {rule_id}",
@@ -219,7 +22,6 @@ def _make_finding(rule_id: str, line_idx: int, line: str, col_start: int = 0, co
         "endColumn": col_end,
         "length": max(0, col_end - col_start),
         "severity": severity,
-        "confidence": confidence,
         "metadata": {"source": "regex-fallback"},
         "metavariables": {},
     }

package/src/cli/init.js

@@ -73,12 +73,6 @@ const CLIENT_CONFIGS = {
     configKey: 'mcpServers',
     configPath: () => join(vscodeBase(), 'Code', 'User', 'globalStorage', 'sourcegraph.cody-ai', 'mcp_settings.json'),
     buildEntry: () => ({ ...MCP_SERVER_ENTRY })
-  },
-  'openclaw': {
-    name: 'OpenClaw',
-    isSkillBased: true, // OpenClaw uses skills, not MCP config
-    skillPath: () => join(homedir(), '.openclaw', 'workspace', 'skills', 'security-scanner'),
-    configPath: () => join(homedir(), '.openclaw', 'workspace', 'skills', 'security-scanner', 'SKILL.md')
   }
 };
 
@@ -156,87 +150,6 @@ function printInitUsage() {
   console.log('    npx agent-security-scanner-mcp init cline --force --name my-scanner\n');
 }
 
-// Special installer for OpenClaw (skill-based)
-async function installOpenClawSkill(client, flags) {
-  const skillDir = client.skillPath();
-  const skillFile = client.configPath();
-
-  // Find the source skill file (bundled with the package)
-  const __dirname = dirname(new URL(import.meta.url).pathname);
-  const sourceSkill = join(__dirname, '..', '..', 'skills', 'openclaw', 'SKILL.md');
-
-  console.log(`\n  Client:  ${client.name}`);
-  console.log(`  Skill:   ${skillDir}`);
-  console.log(`  OS:      ${platform()} (${process.arch})\n`);
-
-  // Check if OpenClaw workspace exists
-  const openclawDir = join(homedir(), '.openclaw');
-  if (!existsSync(openclawDir)) {
-    console.log(`  OpenClaw not found at ${openclawDir}`);
-    console.log(`  Please install OpenClaw first: https://openclaw.ai\n`);
-    process.exit(1);
-  }
-
-  // Check if source skill exists
-  if (!existsSync(sourceSkill)) {
-    console.error(`  ERROR: Skill source not found at ${sourceSkill}`);
-    console.error(`  This may be a packaging issue. Please reinstall the package.\n`);
-    process.exit(1);
-  }
-
-  // Check if skill already exists
-  if (existsSync(skillFile)) {
-    const existing = readFileSync(skillFile, 'utf-8');
-    const source = readFileSync(sourceSkill, 'utf-8');
-    if (existing === source) {
-      console.log(`  Security scanner skill is already installed (identical).`);
-      console.log(`  Nothing to do.\n`);
-      process.exit(0);
-    }
-
-    console.log(`  Security scanner skill exists but differs.`);
-    if (!flags.force) {
-      if (flags.yes) {
-        console.log(`  Skipping (use --force to overwrite).\n`);
-        process.exit(0);
-      }
-      const rl = createInterface({ input: process.stdin, output: process.stdout });
-      const answer = await new Promise((resolve) => {
-        rl.question('  Overwrite? (y/N): ', (a) => { rl.close(); resolve(a); });
-      });
-      if (answer.toLowerCase() !== 'y') {
-        console.log('  Aborted.\n');
-        process.exit(0);
-      }
-    }
-  }
-
-  // Dry-run mode
-  if (flags.dryRun) {
-    console.log(`  [dry-run] Would create directory: ${skillDir}`);
-    console.log(`  [dry-run] Would copy skill from: ${sourceSkill}`);
-    console.log(`  [dry-run] Would write to: ${skillFile}`);
-    console.log(`  No changes made.\n`);
-    process.exit(0);
-  }
-
-  // Create skill directory
-  if (!existsSync(skillDir)) {
-    mkdirSync(skillDir, { recursive: true });
-    console.log(`  Created directory: ${skillDir}`);
-  }
-
-  // Copy skill file
-  copyFileSync(sourceSkill, skillFile);
-  console.log(`  Installed skill: ${skillFile}`);
-
-  console.log(`\n  OpenClaw security scanner skill installed successfully!`);
-  console.log(`\n  Usage in OpenClaw:`);
-  console.log(`    - The skill will be auto-discovered by OpenClaw`);
-  console.log(`    - Use /security-scanner to invoke it`);
-  console.log(`    - Or ask: "scan this prompt for security issues"\n`);
-}
-
 export async function runInit(args) {
   const flags = parseInitFlags(args);
   let clientName = flags.client;
@@ -258,12 +171,6 @@ export async function runInit(args) {
     process.exit(1);
   }
 
-  // Special handling for OpenClaw (skill-based, not MCP config)
-  if (client.isSkillBased) {
-    await installOpenClawSkill(client, flags);
-    return;
-  }
-
   const configPath = flags.path || client.configPath();
   const serverName = flags.name;
   const entry = client.buildEntry();

package/src/fix-patterns.js

@@ -63,56 +63,20 @@ export const FIX_TEMPLATES = {
   // COMMAND INJECTION
   // ===========================================
   "child-process-exec": {
-    description: "Use execFile() with separate command and arguments array",
-    fix: (line) => {
-      // Match: exec("cmd " + arg) -> execFile("cmd", [arg])
-      const concatMatch = line.match(/\bexec\s*\(\s*["'](\S+)\s+["']\s*\+\s*(\w+)/);
-      if (concatMatch) {
-        return line.replace(/\bexec\s*\(\s*["'](\S+)\s+["']\s*\+\s*(\w+)\s*\)/, 'execFile("$1", [$2])');
-      }
-      // Match: exec(`cmd ${arg}`) -> execFile("cmd", [arg])
-      const templateMatch = line.match(/\bexec\s*\(\s*`(\S+)\s+\$\{(\w+)\}`/);
-      if (templateMatch) {
-        return line.replace(/\bexec\s*\(\s*`(\S+)\s+\$\{(\w+)\}`\s*\)/, 'execFile("$1", [$2])');
-      }
-      // Match: exec(variable) -> execFile with guidance
-      const varMatch = line.match(/\bexec\s*\(\s*(\w+)\s*\)/);
-      if (varMatch) {
-        return line.replace(/\bexec\s*\(\s*(\w+)\s*\)/, 'execFile($1.split(" ")[0], $1.split(" ").slice(1))');
-      }
-      // Fallback: comment with guidance
-      return '// SECURITY: Use execFile(command, [args]) instead of exec() - ' + line.trim();
-    }
+    description: "Use execFile() or spawn() with shell: false",
+    fix: (line) => line.replace(/\bexec\s*\(/, 'execFile(')
   },
   "spawn-shell": {
     description: "Use spawn with shell: false",
     fix: (line) => line.replace(/shell\s*:\s*true/i, 'shell: false')
   },
   "dangerous-subprocess": {
-    description: "Use subprocess.run with list arguments and shell=False",
-    fix: (line) => {
-      // Replace shell=True with shell=False
-      let fixed = line.replace(/shell\s*=\s*True/, 'shell=False');
-      // Replace string command with shlex.split() for safe list form
-      fixed = fixed.replace(
-        /subprocess\.(call|run|Popen)\s*\(\s*["'](.+?)["']/,
-        'subprocess.$1(shlex.split("$2")'
-      );
-      return fixed;
-    }
+    description: "Use subprocess.run with list arguments",
+    fix: (line) => line.replace(/subprocess\.(call|run|Popen)\s*\(\s*["'](.+?)["']\s*,\s*shell\s*=\s*True/, 'subprocess.$1(["$2".split()], shell=False')
   },
   "dangerous-system-call": {
     description: "Use subprocess.run instead of os.system",
-    fix: (line) => {
-      const match = line.match(/os\.system\s*\(\s*(.+?)\s*\)/);
-      if (match) {
-        return line.replace(
-          /os\.system\s*\(\s*(.+?)\s*\)/,
-          'subprocess.run(shlex.split($1), shell=False)'
-        );
-      }
-      return '# SECURITY: Replace os.system() with subprocess.run(shlex.split(cmd), shell=False)\n# ' + line.trim();
-    }
+    fix: (line) => line.replace(/os\.system\s*\(/, 'subprocess.run([')
   },
   "command-injection-exec": {
     description: "Use exec.Command with separate arguments",
@@ -233,11 +197,8 @@ export const FIX_TEMPLATES = {
   // INSECURE DESERIALIZATION
   // ===========================================
   "pickle": {
-    description: "Use JSON instead of pickle for untrusted data",
-    fix: (line) => {
-      const fixed = line.replace(/pickle\.(load|loads)\s*\(/, 'json.$1(');
-      return fixed + '  # NOTE: data must be JSON-formatted';
-    }
+    description: "Use JSON instead of pickle",
+    fix: (line) => line.replace(/pickle\.(load|loads)\s*\(/, 'json.$1(')
   },
   "yaml-load": {
     description: "Use yaml.safe_load()",
@@ -248,8 +209,8 @@ export const FIX_TEMPLATES = {
     fix: (line) => line.replace(/marshal\.(load|loads)\s*\(/, 'json.$1(')
   },
   "shelve": {
-    description: "Use JSON or SQLite instead of shelve for safe storage",
-    fix: (line) => '# SECURITY: Replace shelve with json or sqlite3 for safe storage\n# ' + line.trim()
+    description: "Use JSON or SQLite instead of shelve",
+    fix: (line) => line.replace(/shelve\.open\s*\(/, 'json.load(open(')
   },
   "node-serialize": {
     description: "Use JSON.parse instead of node-serialize",
@@ -296,12 +257,12 @@ export const FIX_TEMPLATES = {
   // PATH TRAVERSAL
   // ===========================================
   "path-traversal": {
-    description: "Resolve real path and validate prefix to prevent traversal",
+    description: "Sanitize file paths and use basename",
     fix: (line, lang) => {
-      if (lang === 'python') return line.replace(/open\s*\(\s*(\w+)/, 'open(os.path.realpath($1)  # TODO: validate path prefix');
-      if (lang === 'go') return line.replace(/os\.Open\s*\(\s*(\w+)/, 'os.Open(filepath.Clean($1)  // TODO: validate path prefix');
-      if (lang === 'java') return line.replace(/new File\s*\(\s*(\w+)/, 'new File($1).getCanonicalFile(  // TODO: validate path prefix');
-      return line.replace(/readFileSync\s*\(\s*(\w+)/, 'readFileSync(path.resolve($1)  // TODO: validate path prefix');
+      if (lang === 'python') return line.replace(/open\s*\(\s*(\w+)/, 'open(os.path.basename($1)');
+      if (lang === 'go') return line.replace(/os\.Open\s*\(\s*(\w+)/, 'os.Open(filepath.Base($1)');
+      if (lang === 'java') return line.replace(/new File\s*\(\s*(\w+)/, 'new File(new File($1).getName()');
+      return line.replace(/readFileSync\s*\(\s*(\w+)/, 'readFileSync(path.basename($1)');
     }
   },
 
@@ -446,14 +407,7 @@ export const FIX_TEMPLATES = {
   // ===========================================
   "prototype-pollution": {
     description: "Validate object keys before assignment",
-    fix: (line) => {
-      // Only fix simple single-line assignments like: obj[key] = value
-      // Reject lines with multiple bracket accesses or chained assignments
-      if (/^\s*\w+\[\w+\]\s*=\s*[^[=]+$/.test(line)) {
-        return line.replace(/(\w+)\[(\w+)\]\s*=/, 'if (!["__proto__", "constructor", "prototype"].includes($2)) $1[$2] =');
-      }
-      return '// SECURITY: Validate key is not __proto__/constructor/prototype before assignment\n// ' + line.trim();
-    }
+    fix: (line) => line.replace(/(\w+)\[(\w+)\]\s*=/, 'if (!["__proto__", "constructor", "prototype"].includes($2)) $1[$2] =')
   },
 
   // ===========================================
@@ -489,7 +443,7 @@ export const FIX_TEMPLATES = {
   // ===========================================
   "helmet-missing": {
     description: "Add helmet middleware for security headers",
-    fix: (line) => '// TODO: Add app.use(helmet()) after Express app initialization\n' + line
+    fix: (line) => 'app.use(helmet()); // Add security headers\n' + line
   },
 
   // ===========================================
@@ -541,10 +495,7 @@ export const FIX_TEMPLATES = {
   },
   "run-shell-form": {
     description: "Use exec form for RUN commands",
-    fix: (line) => line.replace(/RUN\s+(.+)$/, (_, cmd) => {
-      const escaped = cmd.replace(/"/g, '\\"');
-      return `RUN ["/bin/sh", "-c", "${escaped}"]`;
-    })
+    fix: (line) => line.replace(/RUN\s+(.+)$/, 'RUN ["/bin/sh", "-c", "$1"]')
   },
   "sudo-in-dockerfile": {
     description: "Avoid sudo in Dockerfile - use USER directive",

package/src/tools/fix-security.js

@@ -2,9 +2,6 @@
 import { z } from "zod";
 import { existsSync, readFileSync } from "fs";
 import { detectLanguage, runAnalyzer, generateFix } from '../utils.js';
-import { deduplicateFindings } from '../dedup.js';
-import { applyContextFilter, detectFrameworks, applyFrameworkAdjustments } from '../context.js';
-import { loadConfig, shouldExcludeFile, applyConfig } from '../config.js';
 
 export const fixSecuritySchema = {
   file_path: z.string().describe("Path to the file to fix"),
@@ -50,48 +47,24 @@ export async function fixSecurity({ file_path, verbosity }) {
     };
   }
 
-  // Load project configuration
-  const config = loadConfig(file_path);
+  const issues = runAnalyzer(file_path);
 
-  // Check file exclusion
-  if (shouldExcludeFile(file_path, config)) {
-    return {
-      content: [{ type: "text", text: JSON.stringify({ file: file_path, message: "File excluded by configuration", fixes_applied: 0 }) }]
-    };
-  }
-
-  const rawIssues = runAnalyzer(file_path);
-
-  if (rawIssues.error || !Array.isArray(rawIssues) || rawIssues.length === 0) {
+  if (issues.error || !Array.isArray(issues) || issues.length === 0) {
     return {
       content: [{
         type: "text",
         text: JSON.stringify({
-          message: rawIssues.error ? "Error scanning file" : "No security issues found",
-          details: rawIssues
+          message: issues.error ? "Error scanning file" : "No security issues found",
+          details: issues
         })
       }]
     };
   }
 
-  // Cross-engine deduplication
-  const dedupedIssues = deduplicateFindings(rawIssues);
-
   // Read and fix the file
   const content = readFileSync(file_path, 'utf-8');
   const lines = content.split('\n');
   const language = detectLanguage(file_path);
-
-  // Context-aware filtering (suppress known module imports)
-  const contextFiltered = applyContextFilter(dedupedIssues, file_path, language);
-
-  // Framework-aware severity adjustment
-  const frameworks = detectFrameworks(file_path, language);
-  const frameworkAdjusted = applyFrameworkAdjustments(contextFiltered, frameworks);
-
-  // Apply .scannerrc configuration (rule suppression, severity/confidence thresholds)
-  const issues = applyConfig(frameworkAdjusted, file_path, config);
-
   const fixes = [];
 
   // Apply fixes (process in reverse order to preserve line numbers)

package/src/tools/scan-prompt.js

@@ -39,12 +39,6 @@ const CATEGORY_WEIGHTS = {
   "prompt-injection-privilege": 0.85,
   "prompt-injection-multi-turn": 0.7,
   "prompt-injection-output": 0.9,
-  // OpenClaw-specific categories
-  "data_exfiltration": 1.0,
-  "messaging_abuse": 0.95,
-  "credential_theft": 1.0,
-  "autonomous_harm": 0.9,
-  "service_attack": 0.95,
   "unknown": 0.5
 };
 
@@ -195,69 +189,6 @@ function loadPromptInjectionRules() {
   }
 }
 
-// Load OpenClaw-specific rules
-function loadOpenClawRules() {
-  try {
-    const rulesPath = join(__dirname, '..', '..', 'rules', 'openclaw.security.yaml');
-    if (!existsSync(rulesPath)) {
-      return [];
-    }
-
-    const yaml = readFileSync(rulesPath, 'utf-8');
-    const rules = [];
-
-    const ruleBlocks = yaml.split(/^  - id:/m).slice(1);
-
-    for (const block of ruleBlocks) {
-      const lines = ('  - id:' + block).split('\n');
-      const rule = {
-        id: '',
-        severity: 'WARNING',
-        message: '',
-        patterns: [],
-        metadata: {}
-      };
-
-      let inPatterns = false;
-
-      for (const line of lines) {
-        if (line.match(/^\s+- id:\s*/)) {
-          rule.id = line.replace(/^\s+- id:\s*/, '').trim();
-        } else if (line.match(/^\s+severity:\s*/)) {
-          rule.severity = line.replace(/^\s+severity:\s*/, '').trim();
-        } else if (line.match(/^\s+category:\s*/)) {
-          rule.metadata.category = line.replace(/^\s+category:\s*/, '').trim();
-        } else if (line.match(/^\s+action:\s*/)) {
-          rule.metadata.action = line.replace(/^\s+action:\s*/, '').trim();
-        } else if (line.match(/^\s+message:\s*/)) {
-          rule.message = line.replace(/^\s+message:\s*["']?/, '').replace(/["']$/, '').trim();
-        } else if (line.match(/^\s+patterns:\s*$/)) {
-          inPatterns = true;
-        } else if (inPatterns && line.match(/^\s+- /)) {
-          let pattern = line.replace(/^\s+- /, '').trim();
-          pattern = pattern.replace(/^["']|["']$/g, '');
-          pattern = pattern.replace(/\\\\/g, '\\');
-          if (pattern) rule.patterns.push(pattern);
-        } else if (line.match(/^\s+\w+:/) && !line.match(/^\s+- /)) {
-          inPatterns = false;
-        }
-      }
-
-      if (rule.id && rule.patterns.length > 0) {
-        // Set confidence and risk score based on severity
-        rule.metadata.confidence = rule.severity === 'CRITICAL' ? 'HIGH' : 'MEDIUM';
-        rule.metadata.risk_score = rule.severity === 'CRITICAL' ? '90' : '70';
-        rules.push(rule);
-      }
-    }
-
-    return rules;
-  } catch (error) {
-    console.error("Error loading OpenClaw rules:", error.message);
-    return [];
-  }
-}
-
 // Calculate risk score from findings
 function calculateRiskScore(findings, context) {
   if (findings.length === 0) return 0;
@@ -446,8 +377,7 @@ export async function scanAgentPrompt({ prompt_text, context, verbosity }) {
   // Load rules
   const agentRules = loadAgentAttackRules();
   const promptRules = loadPromptInjectionRules();
-  const openclawRules = loadOpenClawRules();
-  const allRules = [...agentRules, ...promptRules, ...openclawRules];
+  const allRules = [...agentRules, ...promptRules];
 
   // 2.7: Extract content from code blocks and append to scan text
   let expandedText = prompt_text;