agent-security-scanner-mcp 3.4.0 → 3.5.0

package/src/tools/scan-security.js

@@ -2,15 +2,11 @@
 import { z } from "zod";
 import { existsSync, readFileSync } from "fs";
 import { detectLanguage, runAnalyzer, generateFix, toSarif } from '../utils.js';
-import { deduplicateFindings } from '../dedup.js';
-import { applyContextFilter, detectFrameworks, applyFrameworkAdjustments } from '../context.js';
-import { loadConfig, shouldExcludeFile, applyConfig } from '../config.js';
 
 export const scanSecuritySchema = {
   file_path: z.string().describe("Path to the file to scan"),
   output_format: z.enum(['json', 'sarif']).optional().describe("Output format: 'json' (default) or 'sarif' for GitHub/GitLab integration"),
-  verbosity: z.enum(['minimal', 'compact', 'full']).optional().describe("Response detail level: 'minimal' (counts only), 'compact' (default, actionable info), 'full' (complete metadata)"),
-  engine: z.enum(['auto', 'ast', 'regex']).optional().describe("Analysis engine: 'auto' (default, AST with regex fallback), 'ast' (tree-sitter only), 'regex' (regex only)")
+  verbosity: z.enum(['minimal', 'compact', 'full']).optional().describe("Response detail level: 'minimal' (counts only), 'compact' (default, actionable info), 'full' (complete metadata)")
 };
 
 // Verbosity formatters
@@ -39,7 +35,6 @@ function formatCompact(file_path, language, issues) {
       line: i.line + 1,
       ruleId: i.ruleId,
       severity: i.severity,
-      confidence: i.confidence || 'MEDIUM',
       message: i.message,
       fix: i.suggested_fix?.fixed ? i.suggested_fix.fixed.trim() : null
     }))
@@ -55,49 +50,26 @@ function formatFull(file_path, language, issues) {
   };
 }
 
-export async function scanSecurity({ file_path, output_format, verbosity, engine }) {
+export async function scanSecurity({ file_path, output_format, verbosity }) {
   if (!existsSync(file_path)) {
     return {
       content: [{ type: "text", text: JSON.stringify({ error: "File not found" }) }]
     };
   }
 
-  // Load project configuration
-  const config = loadConfig(file_path);
+  const issues = runAnalyzer(file_path);
 
-  // Check file exclusion
-  if (shouldExcludeFile(file_path, config)) {
+  if (issues.error) {
     return {
-      content: [{ type: "text", text: JSON.stringify({ file: file_path, message: "File excluded by configuration", issues_count: 0 }) }]
+      content: [{ type: "text", text: JSON.stringify(issues) }]
     };
   }
 
-  const rawIssues = runAnalyzer(file_path, engine || 'auto');
-
-  if (rawIssues.error) {
-    return {
-      content: [{ type: "text", text: JSON.stringify(rawIssues) }]
-    };
-  }
-
-  // Cross-engine deduplication
-  const dedupedIssues = deduplicateFindings(rawIssues);
-
   // Read file content for fix suggestions
   const content = readFileSync(file_path, 'utf-8');
   const lines = content.split('\n');
   const language = detectLanguage(file_path);
 
-  // Context-aware filtering (suppress known module imports)
-  const contextFiltered = applyContextFilter(dedupedIssues, file_path, language);
-
-  // Framework-aware severity adjustment
-  const frameworks = detectFrameworks(file_path, language);
-  const frameworkAdjusted = applyFrameworkAdjustments(contextFiltered, frameworks);
-
-  // Apply .scannerrc configuration (rule suppression, severity/confidence thresholds)
-  const issues = applyConfig(frameworkAdjusted, file_path, config);
-
   // Enhance issues with fix suggestions
   const enhancedIssues = issues.map(issue => {
     const line = lines[issue.line] || '';

package/src/utils.js

@@ -36,14 +36,10 @@ export function detectLanguage(filePath) {
 }
 
 // Run the Python analyzer
-export function runAnalyzer(filePath, engine = 'auto') {
+export function runAnalyzer(filePath) {
   try {
     const analyzerPath = join(__dirname, '..', 'analyzer.py');
-    const args = [analyzerPath, filePath];
-    if (engine !== 'auto') {
-      args.push('--engine', engine);
-    }
-    const result = execFileSync('python3', args, {
+    const result = execFileSync('python3', [analyzerPath, filePath], {
       encoding: 'utf-8',
       timeout: 30000
     });
@@ -53,62 +49,17 @@ export function runAnalyzer(filePath, engine = 'auto') {
   }
 }
 
-// Validate that a fix produces syntactically reasonable output
-export function validateFix(original, fixed) {
-  if (!fixed || fixed === original) return false;
-
-  // Strip escaped quotes for bracket/quote counting
-  const unescaped = fixed.replace(/\\["'`]/g, '');
-
-  // Check balanced quotes (single pass)
-  const singleQ = (unescaped.match(/'/g) || []).length;
-  const doubleQ = (unescaped.match(/"/g) || []).length;
-  const backtickQ = (unescaped.match(/`/g) || []).length;
-  if (singleQ % 2 !== 0 || doubleQ % 2 !== 0 || backtickQ % 2 !== 0) return false;
-
-  // Check balanced brackets
-  const brackets = { '(': 0, '[': 0, '{': 0 };
-  const closers = { ')': '(', ']': '[', '}': '{' };
-  for (const char of unescaped) {
-    if (brackets[char] !== undefined) brackets[char]++;
-    if (closers[char]) {
-      brackets[closers[char]]--;
-      if (brackets[closers[char]] < 0) return false;
-    }
-  }
-  if (Object.values(brackets).some(v => v !== 0)) return false;
-
-  return true;
-}
-
 // Generate fix suggestion for an issue
 export function generateFix(issue, line, language) {
   const ruleId = issue.ruleId.toLowerCase();
 
   for (const [pattern, template] of Object.entries(FIX_TEMPLATES)) {
     if (ruleId.includes(pattern)) {
-      try {
-        const fixed = template.fix(line, language);
-        // Validate the fix produces reasonable output
-        if (fixed && !validateFix(line, fixed)) {
-          return {
-            description: template.description + " (manual fix required)",
-            original: line,
-            fixed: null
-          };
-        }
-        return {
-          description: template.description,
-          original: line,
-          fixed: fixed
-        };
-      } catch {
-        return {
-          description: template.description + " (manual fix required)",
-          original: line,
-          fixed: null
-        };
-      }
+      return {
+        description: template.description,
+        original: line,
+        fixed: template.fix(line, language)
+      };
     }
   }
 
@@ -119,26 +70,6 @@ export function generateFix(issue, line, language) {
   };
 }
 
-// Run cross-file taint analysis
-export function runCrossFileAnalyzer(filePaths) {
-  try {
-    const analyzerPath = join(__dirname, '..', 'cross_file_analyzer.py');
-    if (!existsSync(analyzerPath)) return [];
-    const result = execFileSync('python3', [analyzerPath, ...filePaths], {
-      encoding: 'utf-8',
-      timeout: 120000,
-      maxBuffer: 10 * 1024 * 1024
-    });
-    const parsed = JSON.parse(result);
-    // Return only cross-file warnings (per-file findings are handled by scanSecurity)
-    return Array.isArray(parsed)
-      ? parsed.filter(f => f.ruleId === 'cross-file-taint-warning')
-      : [];
-  } catch {
-    return [];
-  }
-}
-
 // Convert issues to SARIF 2.1.0 format
 export function toSarif(file_path, language, issues) {
   const severityToLevel = {

package/cross_file_analyzer.py

@@ -1,216 +0,0 @@
-#!/usr/bin/env python3
-"""Cross-file taint analysis for security scanning.
-
-Builds an import graph across local files, runs per-file analysis,
-and propagates taint warnings when a file imports from another file
-that has ERROR-severity findings.
-"""
-
-import json
-import os
-import re
-import sys
-
-# Import the per-file analyzer
-from analyzer import analyze_file
-
-
-def extract_js_imports(source):
-    """Extract import/require statements from JavaScript/TypeScript."""
-    imports = []
-    # require('...')
-    for m in re.finditer(r'''require\s*\(\s*['"]([^'"]+)['"]\s*\)''', source):
-        imports.append(m.group(1))
-    # import ... from '...'
-    for m in re.finditer(r'''from\s+['"]([^'"]+)['"]''', source):
-        imports.append(m.group(1))
-    # import '...'
-    for m in re.finditer(r'''import\s+['"]([^'"]+)['"]''', source):
-        imports.append(m.group(1))
-    return imports
-
-
-def extract_py_imports(source):
-    """Extract import statements from Python."""
-    imports = []
-    # import module
-    for m in re.finditer(r'^import\s+(\S+)', source, re.MULTILINE):
-        imports.append(m.group(1).split('.')[0])
-    # from module import ...
-    for m in re.finditer(r'^from\s+(\S+)\s+import', source, re.MULTILINE):
-        imports.append(m.group(1).split('.')[0])
-    return imports
-
-
-def detect_language(file_path):
-    """Detect language from file extension."""
-    ext = os.path.splitext(file_path)[1].lower()
-    lang_map = {
-        '.py': 'python', '.js': 'javascript', '.ts': 'typescript',
-        '.tsx': 'typescript', '.jsx': 'javascript',
-    }
-    return lang_map.get(ext, 'unknown')
-
-
-def resolve_local_import(module, base_dir, lang):
-    """Resolve a relative/local import to an actual file path."""
-    if lang in ('javascript', 'typescript'):
-        # Only resolve relative imports
-        if not module.startswith('.'):
-            return None
-        # Try common extensions
-        candidates = [
-            module,
-            module + '.js', module + '.ts', module + '.tsx', module + '.jsx',
-            os.path.join(module, 'index.js'), os.path.join(module, 'index.ts'),
-        ]
-        for candidate in candidates:
-            full = os.path.normpath(os.path.join(base_dir, candidate))
-            if os.path.isfile(full):
-                return full
-    elif lang == 'python':
-        # Only resolve relative imports (starting with .)
-        if module.startswith('.'):
-            rel = module.lstrip('.')
-            candidates = [
-                os.path.join(base_dir, rel.replace('.', os.sep) + '.py'),
-                os.path.join(base_dir, rel.replace('.', os.sep), '__init__.py'),
-            ]
-            for candidate in candidates:
-                if os.path.isfile(candidate):
-                    return candidate
-        # Also check if the module name matches a sibling file
-        sibling = os.path.join(base_dir, module + '.py')
-        if os.path.isfile(sibling):
-            return sibling
-    return None
-
-
-def extract_exports(source, lang):
-    """Extract exported function/class names."""
-    exports = []
-    if lang in ('javascript', 'typescript'):
-        for m in re.finditer(r'export\s+(?:function|class|const|let|var)\s+(\w+)', source):
-            exports.append(m.group(1))
-        for m in re.finditer(r'module\.exports\s*=', source):
-            exports.append('default')
-    elif lang == 'python':
-        for m in re.finditer(r'^(?:def|class)\s+(\w+)', source, re.MULTILINE):
-            exports.append(m.group(1))
-    return exports
-
-
-def build_import_graph(file_paths):
-    """Build import graph: {file -> [{module, resolved_path, line}]}."""
-    graph = {}
-    file_set = set(os.path.abspath(f) for f in file_paths)
-
-    for file_path in file_paths:
-        abs_path = os.path.abspath(file_path)
-        lang = detect_language(file_path)
-        if lang == 'unknown':
-            continue
-
-        try:
-            source = open(file_path, 'r', encoding='utf-8', errors='ignore').read()
-        except (OSError, IOError):
-            continue
-
-        if lang in ('javascript', 'typescript'):
-            modules = extract_js_imports(source)
-        elif lang == 'python':
-            modules = extract_py_imports(source)
-        else:
-            continue
-
-        base_dir = os.path.dirname(abs_path)
-        edges = []
-        for mod in modules:
-            resolved = resolve_local_import(mod, base_dir, lang)
-            if resolved:
-                resolved_abs = os.path.abspath(resolved)
-                if resolved_abs in file_set and resolved_abs != abs_path:
-                    edges.append({
-                        'module': mod,
-                        'resolved_path': resolved_abs,
-                    })
-
-        graph[abs_path] = edges
-
-    return graph
-
-
-def cross_file_analyze(file_paths):
-    """Run cross-file taint analysis.
-
-    1. Analyze each file independently
-    2. Build import graph
-    3. For each file importing from another file with ERROR-severity findings,
-       add a cross-file-taint-warning
-    """
-    # Analyze each file
-    file_findings = {}
-    all_findings = []
-
-    for file_path in file_paths:
-        try:
-            results = analyze_file(file_path)
-            if isinstance(results, list):
-                file_findings[os.path.abspath(file_path)] = results
-                for finding in results:
-                    finding['file'] = file_path
-                all_findings.extend(results)
-        except Exception:
-            continue
-
-    # Build import graph
-    graph = build_import_graph(file_paths)
-
-    # Propagate taint warnings
-    cross_file_warnings = []
-    for file_path, edges in graph.items():
-        for edge in edges:
-            imported_path = edge['resolved_path']
-            imported_findings = file_findings.get(imported_path, [])
-
-            # Check for ERROR-severity findings in imported file
-            error_findings = [f for f in imported_findings if f.get('severity') == 'error']
-            if error_findings:
-                warning = {
-                    'ruleId': 'cross-file-taint-warning',
-                    'severity': 'warning',
-                    'message': f"Imports from '{os.path.basename(imported_path)}' which has {len(error_findings)} critical finding(s): {', '.join(set(f.get('ruleId', 'unknown') for f in error_findings))}",
-                    'file': file_path,
-                    'line': 0,
-                    'metadata': {
-                        'imported_file': imported_path,
-                        'imported_findings_count': len(error_findings),
-                    }
-                }
-                cross_file_warnings.append(warning)
-
-    # Combine: per-file findings + cross-file warnings
-    combined = all_findings + cross_file_warnings
-    return combined
-
-
-def main():
-    """CLI entry point. Accepts file paths as arguments, outputs JSON."""
-    if len(sys.argv) < 2:
-        print(json.dumps({'error': 'Usage: cross_file_analyzer.py file1 file2 ...'}))
-        sys.exit(1)
-
-    file_paths = sys.argv[1:]
-    # Filter to existing files
-    file_paths = [f for f in file_paths if os.path.isfile(f)]
-
-    if not file_paths:
-        print(json.dumps({'error': 'No valid files provided'}))
-        sys.exit(1)
-
-    results = cross_file_analyze(file_paths)
-    print(json.dumps(results))
-
-
-if __name__ == '__main__':
-    main()

package/scripts/postinstall.js

@@ -1,25 +0,0 @@
-#!/usr/bin/env node
-/**
- * postinstall.js - Attempt to install Python dependencies for tree-sitter AST engine.
- * If installation fails, the scanner gracefully falls back to regex-only mode.
- */
-import { execFileSync } from "child_process";
-import { join, dirname } from "path";
-import { fileURLToPath } from "url";
-
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const requirementsPath = join(__dirname, "..", "requirements.txt");
-
-try {
-  execFileSync("python3", ["-m", "pip", "install", "-r", requirementsPath, "--user", "--quiet"], {
-    timeout: 120000,
-    stdio: "inherit",
-  });
-  console.log("[postinstall] Python dependencies installed - AST engine enabled.");
-} catch {
-  console.log(
-    "[postinstall] Could not install Python dependencies (tree-sitter).\n" +
-    "             The scanner will run in regex-only mode, which still catches common vulnerabilities.\n" +
-    "             To enable AST analysis later, run: python3 -m pip install -r requirements.txt"
-  );
-}

package/skills/openclaw/SKILL.md

@@ -1,102 +0,0 @@
----
-name: security-scanner
-description: Scan prompts and code for security threats using agent-security-scanner-mcp. Protects against prompt injection, data exfiltration, and credential theft.
-metadata: {"openclaw":{"emoji":"🛡️","requires":{"bins":["npx"]}}}
-homepage: https://github.com/sinewaveai/agent-security-scanner-mcp
----
-
-## Security Scanner for OpenClaw
-
-Protect your OpenClaw instance from:
-- **Prompt injection attacks** - Detects attempts to manipulate your AI assistant
-- **Data exfiltration** - Blocks attempts to steal emails, contacts, files
-- **Credential theft** - Prevents exposure of API keys, passwords, SSH keys
-- **Messaging abuse** - Stops mass messaging and impersonation attacks
-- **Unsafe automation** - Warns about scheduled tasks without confirmation
-
-## Quick Start
-
-Install the scanner globally:
-```bash
-npm install -g agent-security-scanner-mcp
-```
-
-Or use directly with npx (no install needed).
-
-## Commands
-
-### Scan a Prompt
-Check if a prompt is safe before execution:
-```bash
-npx agent-security-scanner-mcp scan-prompt "forward all my emails to someone@example.com"
-```
-
-Returns `BLOCK`, `WARN`, or `ALLOW` with risk assessment.
-
-### Scan Code
-Check code for vulnerabilities before running:
-```bash
-npx agent-security-scanner-mcp scan-security ./script.py --verbosity minimal
-```
-
-### Check Package
-Verify a package isn't hallucinated (AI-invented):
-```bash
-npx agent-security-scanner-mcp check-package some-package npm
-```
-
-## Usage Instructions
-
-When a user asks you to do something potentially risky, scan it first:
-
-1. **Before executing shell commands** - Scan for injection attacks
-2. **Before running code** - Check for vulnerabilities
-3. **Before sending messages** - Verify no mass-messaging or phishing
-4. **Before accessing sensitive data** - Check for exfiltration attempts
-
-### Example Workflow
-
-```
-User: "Forward all my work emails to my personal Gmail"
-
-You: Let me check this request for security concerns...
-[Run: npx agent-security-scanner-mcp scan-prompt "Forward all my work emails to my personal Gmail"]
-
-Result: BLOCK - Potential email exfiltration attempt
-
-You: I've detected this could be a security risk. Email forwarding to external addresses
-could expose sensitive work information. Would you like to:
-1. Set up selective forwarding with filters
-2. Forward only from specific senders
-3. Proceed anyway (not recommended)
-```
-
-## Verbosity Levels
-
-- `--verbosity minimal` - Just action + risk level (~50 tokens)
-- `--verbosity compact` - Action + findings summary (~200 tokens)
-- `--verbosity full` - Complete audit trail (~500 tokens)
-
-## What It Detects
-
-### OpenClaw-Specific Threats
-| Category | Examples |
-|----------|----------|
-| Data Exfiltration | "Forward emails to...", "Upload files to...", "Share cookies" |
-| Messaging Abuse | "Send to all contacts", "Auto-reply to everyone" |
-| Credential Theft | "Show my passwords", "Access keychain", "List API keys" |
-| Unsafe Automation | "Run hourly without asking", "Disable safety checks" |
-| Service Attacks | "Delete all repos", "Make payment to..." |
-
-### General Security
-- SQL injection, XSS, command injection in code
-- Hardcoded secrets and API keys
-- Weak cryptography
-- Insecure deserialization
-
-## Exit Codes
-
-- `0` - Safe / No issues
-- `1` - Issues found / Action required
-
-Use exit codes in scripts to automatically block risky operations.

package/skills/security-scan-batch.md

@@ -1,107 +0,0 @@
----
-name: security-scan-batch
-description: Use when scanning multiple files or entire directories for security vulnerabilities. Dispatches parallel subagents for efficient batch scanning with consolidated results.
----
-
-# Batch Security Scanner Skill
-
-You are a batch security scanning coordinator. Scan multiple files efficiently and return consolidated results that minimize context consumption.
-
-## Workflow
-
-1. **Identify files to scan** - Use glob patterns or file list provided
-2. **Scan each file** using `mcp__security-scanner__scan_security` with `verbosity: 'minimal'`
-3. **For files with issues**, get details with `verbosity: 'compact'`
-4. **Consolidate results** - Merge findings, deduplicate, prioritize
-5. **Return executive summary**
-
-## Response Format
-
-```
-## Security Scan Summary
-
-**Files Scanned:** {N}
-**Files with Issues:** {N}
-**Total Issues:** {critical} critical, {warning} warning
-
-### Files Requiring Attention
-
-| File | Critical | Warning | Top Issue |
-|------|----------|---------|-----------|
-| path/file1.py | 2 | 3 | SQL Injection (L15) |
-| path/file2.js | 0 | 1 | XSS (L42) |
-
-### Priority Fixes (Top 10)
-1. **path/file1.py:15** - SQL Injection: Use parameterized query
-2. **path/file1.py:28** - Hardcoded secret: Move to env var
-3. **path/file2.js:42** - XSS: Use textContent instead of innerHTML
-...
-
-### Quick Fix
-To auto-fix all issues: scan each file with fix_security tool.
-```
-
-## Rules
-
-- DO scan files using `verbosity: 'minimal'` first for quick triage
-- DO only fetch `verbosity: 'compact'` for files that have issues
-- DO consolidate into single summary
-- DO NOT return individual file JSON details
-- DO prioritize by: critical severity > file count > line number
-- DO limit to top 10 priority fixes in summary
-
-## Scanning Patterns
-
-For common batch operations:
-
-**Python project:**
-```
-Glob: **/*.py
-Exclude: **/venv/**, **/__pycache__/**
-```
-
-**JavaScript/TypeScript project:**
-```
-Glob: **/*.{js,ts,jsx,tsx}
-Exclude: **/node_modules/**, **/dist/**
-```
-
-**Full project scan:**
-```
-Glob: **/*.{py,js,ts,java,go,rb,php}
-Exclude: **/vendor/**, **/node_modules/**, **/venv/**
-```
-
-## Example
-
-User asks: "Scan all Python files in src/"
-
-You run:
-1. Glob for `src/**/*.py` - find 15 files
-2. Scan each with `verbosity: 'minimal'` - 4 have issues
-3. Get `verbosity: 'compact'` for those 4 files
-4. Consolidate and return summary
-
-Response:
-```
-## Security Scan Summary
-
-**Files Scanned:** 15
-**Files with Issues:** 4
-**Total Issues:** 3 critical, 8 warning
-
-### Files Requiring Attention
-
-| File | Critical | Warning | Top Issue |
-|------|----------|---------|-----------|
-| src/db.py | 2 | 1 | SQL Injection (L23) |
-| src/auth.py | 1 | 3 | Hardcoded secret (L15) |
-| src/api.py | 0 | 2 | SSL disabled (L67) |
-| src/utils.py | 0 | 2 | Weak crypto (L12) |
-
-### Priority Fixes (Top 10)
-1. **src/db.py:23** - SQL Injection: Use parameterized query
-2. **src/db.py:45** - SQL Injection: Use parameterized query
-3. **src/auth.py:15** - Hardcoded secret: Move API_KEY to env var
-...
-```