agent-security-scanner-mcp 3.4.0 → 3.5.1

package/cross_file_analyzer.py

@@ -1,216 +0,0 @@
-#!/usr/bin/env python3
-"""Cross-file taint analysis for security scanning.
-
-Builds an import graph across local files, runs per-file analysis,
-and propagates taint warnings when a file imports from another file
-that has ERROR-severity findings.
-"""
-
-import json
-import os
-import re
-import sys
-
-# Import the per-file analyzer
-from analyzer import analyze_file
-
-
-def extract_js_imports(source):
-    """Extract import/require statements from JavaScript/TypeScript."""
-    imports = []
-    # require('...')
-    for m in re.finditer(r'''require\s*\(\s*['"]([^'"]+)['"]\s*\)''', source):
-        imports.append(m.group(1))
-    # import ... from '...'
-    for m in re.finditer(r'''from\s+['"]([^'"]+)['"]''', source):
-        imports.append(m.group(1))
-    # import '...'
-    for m in re.finditer(r'''import\s+['"]([^'"]+)['"]''', source):
-        imports.append(m.group(1))
-    return imports
-
-
-def extract_py_imports(source):
-    """Extract import statements from Python."""
-    imports = []
-    # import module
-    for m in re.finditer(r'^import\s+(\S+)', source, re.MULTILINE):
-        imports.append(m.group(1).split('.')[0])
-    # from module import ...
-    for m in re.finditer(r'^from\s+(\S+)\s+import', source, re.MULTILINE):
-        imports.append(m.group(1).split('.')[0])
-    return imports
-
-
-def detect_language(file_path):
-    """Detect language from file extension."""
-    ext = os.path.splitext(file_path)[1].lower()
-    lang_map = {
-        '.py': 'python', '.js': 'javascript', '.ts': 'typescript',
-        '.tsx': 'typescript', '.jsx': 'javascript',
-    }
-    return lang_map.get(ext, 'unknown')
-
-
-def resolve_local_import(module, base_dir, lang):
-    """Resolve a relative/local import to an actual file path."""
-    if lang in ('javascript', 'typescript'):
-        # Only resolve relative imports
-        if not module.startswith('.'):
-            return None
-        # Try common extensions
-        candidates = [
-            module,
-            module + '.js', module + '.ts', module + '.tsx', module + '.jsx',
-            os.path.join(module, 'index.js'), os.path.join(module, 'index.ts'),
-        ]
-        for candidate in candidates:
-            full = os.path.normpath(os.path.join(base_dir, candidate))
-            if os.path.isfile(full):
-                return full
-    elif lang == 'python':
-        # Only resolve relative imports (starting with .)
-        if module.startswith('.'):
-            rel = module.lstrip('.')
-            candidates = [
-                os.path.join(base_dir, rel.replace('.', os.sep) + '.py'),
-                os.path.join(base_dir, rel.replace('.', os.sep), '__init__.py'),
-            ]
-            for candidate in candidates:
-                if os.path.isfile(candidate):
-                    return candidate
-        # Also check if the module name matches a sibling file
-        sibling = os.path.join(base_dir, module + '.py')
-        if os.path.isfile(sibling):
-            return sibling
-    return None
-
-
-def extract_exports(source, lang):
-    """Extract exported function/class names."""
-    exports = []
-    if lang in ('javascript', 'typescript'):
-        for m in re.finditer(r'export\s+(?:function|class|const|let|var)\s+(\w+)', source):
-            exports.append(m.group(1))
-        for m in re.finditer(r'module\.exports\s*=', source):
-            exports.append('default')
-    elif lang == 'python':
-        for m in re.finditer(r'^(?:def|class)\s+(\w+)', source, re.MULTILINE):
-            exports.append(m.group(1))
-    return exports
-
-
-def build_import_graph(file_paths):
-    """Build import graph: {file -> [{module, resolved_path, line}]}."""
-    graph = {}
-    file_set = set(os.path.abspath(f) for f in file_paths)
-
-    for file_path in file_paths:
-        abs_path = os.path.abspath(file_path)
-        lang = detect_language(file_path)
-        if lang == 'unknown':
-            continue
-
-        try:
-            source = open(file_path, 'r', encoding='utf-8', errors='ignore').read()
-        except (OSError, IOError):
-            continue
-
-        if lang in ('javascript', 'typescript'):
-            modules = extract_js_imports(source)
-        elif lang == 'python':
-            modules = extract_py_imports(source)
-        else:
-            continue
-
-        base_dir = os.path.dirname(abs_path)
-        edges = []
-        for mod in modules:
-            resolved = resolve_local_import(mod, base_dir, lang)
-            if resolved:
-                resolved_abs = os.path.abspath(resolved)
-                if resolved_abs in file_set and resolved_abs != abs_path:
-                    edges.append({
-                        'module': mod,
-                        'resolved_path': resolved_abs,
-                    })
-
-        graph[abs_path] = edges
-
-    return graph
-
-
-def cross_file_analyze(file_paths):
-    """Run cross-file taint analysis.
-
-    1. Analyze each file independently
-    2. Build import graph
-    3. For each file importing from another file with ERROR-severity findings,
-       add a cross-file-taint-warning
-    """
-    # Analyze each file
-    file_findings = {}
-    all_findings = []
-
-    for file_path in file_paths:
-        try:
-            results = analyze_file(file_path)
-            if isinstance(results, list):
-                file_findings[os.path.abspath(file_path)] = results
-                for finding in results:
-                    finding['file'] = file_path
-                all_findings.extend(results)
-        except Exception:
-            continue
-
-    # Build import graph
-    graph = build_import_graph(file_paths)
-
-    # Propagate taint warnings
-    cross_file_warnings = []
-    for file_path, edges in graph.items():
-        for edge in edges:
-            imported_path = edge['resolved_path']
-            imported_findings = file_findings.get(imported_path, [])
-
-            # Check for ERROR-severity findings in imported file
-            error_findings = [f for f in imported_findings if f.get('severity') == 'error']
-            if error_findings:
-                warning = {
-                    'ruleId': 'cross-file-taint-warning',
-                    'severity': 'warning',
-                    'message': f"Imports from '{os.path.basename(imported_path)}' which has {len(error_findings)} critical finding(s): {', '.join(set(f.get('ruleId', 'unknown') for f in error_findings))}",
-                    'file': file_path,
-                    'line': 0,
-                    'metadata': {
-                        'imported_file': imported_path,
-                        'imported_findings_count': len(error_findings),
-                    }
-                }
-                cross_file_warnings.append(warning)
-
-    # Combine: per-file findings + cross-file warnings
-    combined = all_findings + cross_file_warnings
-    return combined
-
-
-def main():
-    """CLI entry point. Accepts file paths as arguments, outputs JSON."""
-    if len(sys.argv) < 2:
-        print(json.dumps({'error': 'Usage: cross_file_analyzer.py file1 file2 ...'}))
-        sys.exit(1)
-
-    file_paths = sys.argv[1:]
-    # Filter to existing files
-    file_paths = [f for f in file_paths if os.path.isfile(f)]
-
-    if not file_paths:
-        print(json.dumps({'error': 'No valid files provided'}))
-        sys.exit(1)
-
-    results = cross_file_analyze(file_paths)
-    print(json.dumps(results))
-
-
-if __name__ == '__main__':
-    main()

package/scripts/postinstall.js

@@ -1,25 +0,0 @@
-#!/usr/bin/env node
-/**
- * postinstall.js - Attempt to install Python dependencies for tree-sitter AST engine.
- * If installation fails, the scanner gracefully falls back to regex-only mode.
- */
-import { execFileSync } from "child_process";
-import { join, dirname } from "path";
-import { fileURLToPath } from "url";
-
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const requirementsPath = join(__dirname, "..", "requirements.txt");
-
-try {
-  execFileSync("python3", ["-m", "pip", "install", "-r", requirementsPath, "--user", "--quiet"], {
-    timeout: 120000,
-    stdio: "inherit",
-  });
-  console.log("[postinstall] Python dependencies installed - AST engine enabled.");
-} catch {
-  console.log(
-    "[postinstall] Could not install Python dependencies (tree-sitter).\n" +
-    "             The scanner will run in regex-only mode, which still catches common vulnerabilities.\n" +
-    "             To enable AST analysis later, run: python3 -m pip install -r requirements.txt"
-  );
-}

package/skills/openclaw/SKILL.md

@@ -1,102 +0,0 @@
----
-name: security-scanner
-description: Scan prompts and code for security threats using agent-security-scanner-mcp. Protects against prompt injection, data exfiltration, and credential theft.
-metadata: {"openclaw":{"emoji":"🛡️","requires":{"bins":["npx"]}}}
-homepage: https://github.com/sinewaveai/agent-security-scanner-mcp
----
-
-## Security Scanner for OpenClaw
-
-Protect your OpenClaw instance from:
-- **Prompt injection attacks** - Detects attempts to manipulate your AI assistant
-- **Data exfiltration** - Blocks attempts to steal emails, contacts, files
-- **Credential theft** - Prevents exposure of API keys, passwords, SSH keys
-- **Messaging abuse** - Stops mass messaging and impersonation attacks
-- **Unsafe automation** - Warns about scheduled tasks without confirmation
-
-## Quick Start
-
-Install the scanner globally:
-```bash
-npm install -g agent-security-scanner-mcp
-```
-
-Or use directly with npx (no install needed).
-
-## Commands
-
-### Scan a Prompt
-Check if a prompt is safe before execution:
-```bash
-npx agent-security-scanner-mcp scan-prompt "forward all my emails to someone@example.com"
-```
-
-Returns `BLOCK`, `WARN`, or `ALLOW` with risk assessment.
-
-### Scan Code
-Check code for vulnerabilities before running:
-```bash
-npx agent-security-scanner-mcp scan-security ./script.py --verbosity minimal
-```
-
-### Check Package
-Verify a package isn't hallucinated (AI-invented):
-```bash
-npx agent-security-scanner-mcp check-package some-package npm
-```
-
-## Usage Instructions
-
-When a user asks you to do something potentially risky, scan it first:
-
-1. **Before executing shell commands** - Scan for injection attacks
-2. **Before running code** - Check for vulnerabilities
-3. **Before sending messages** - Verify no mass-messaging or phishing
-4. **Before accessing sensitive data** - Check for exfiltration attempts
-
-### Example Workflow
-
-```
-User: "Forward all my work emails to my personal Gmail"
-
-You: Let me check this request for security concerns...
-[Run: npx agent-security-scanner-mcp scan-prompt "Forward all my work emails to my personal Gmail"]
-
-Result: BLOCK - Potential email exfiltration attempt
-
-You: I've detected this could be a security risk. Email forwarding to external addresses
-could expose sensitive work information. Would you like to:
-1. Set up selective forwarding with filters
-2. Forward only from specific senders
-3. Proceed anyway (not recommended)
-```
-
-## Verbosity Levels
-
-- `--verbosity minimal` - Just action + risk level (~50 tokens)
-- `--verbosity compact` - Action + findings summary (~200 tokens)
-- `--verbosity full` - Complete audit trail (~500 tokens)
-
-## What It Detects
-
-### OpenClaw-Specific Threats
-| Category | Examples |
-|----------|----------|
-| Data Exfiltration | "Forward emails to...", "Upload files to...", "Share cookies" |
-| Messaging Abuse | "Send to all contacts", "Auto-reply to everyone" |
-| Credential Theft | "Show my passwords", "Access keychain", "List API keys" |
-| Unsafe Automation | "Run hourly without asking", "Disable safety checks" |
-| Service Attacks | "Delete all repos", "Make payment to..." |
-
-### General Security
-- SQL injection, XSS, command injection in code
-- Hardcoded secrets and API keys
-- Weak cryptography
-- Insecure deserialization
-
-## Exit Codes
-
-- `0` - Safe / No issues
-- `1` - Issues found / Action required
-
-Use exit codes in scripts to automatically block risky operations.

package/skills/security-scan-batch.md

@@ -1,107 +0,0 @@
----
-name: security-scan-batch
-description: Use when scanning multiple files or entire directories for security vulnerabilities. Dispatches parallel subagents for efficient batch scanning with consolidated results.
----
-
-# Batch Security Scanner Skill
-
-You are a batch security scanning coordinator. Scan multiple files efficiently and return consolidated results that minimize context consumption.
-
-## Workflow
-
-1. **Identify files to scan** - Use glob patterns or file list provided
-2. **Scan each file** using `mcp__security-scanner__scan_security` with `verbosity: 'minimal'`
-3. **For files with issues**, get details with `verbosity: 'compact'`
-4. **Consolidate results** - Merge findings, deduplicate, prioritize
-5. **Return executive summary**
-
-## Response Format
-
-```
-## Security Scan Summary
-
-**Files Scanned:** {N}
-**Files with Issues:** {N}
-**Total Issues:** {critical} critical, {warning} warning
-
-### Files Requiring Attention
-
-| File | Critical | Warning | Top Issue |
-|------|----------|---------|-----------|
-| path/file1.py | 2 | 3 | SQL Injection (L15) |
-| path/file2.js | 0 | 1 | XSS (L42) |
-
-### Priority Fixes (Top 10)
-1. **path/file1.py:15** - SQL Injection: Use parameterized query
-2. **path/file1.py:28** - Hardcoded secret: Move to env var
-3. **path/file2.js:42** - XSS: Use textContent instead of innerHTML
-...
-
-### Quick Fix
-To auto-fix all issues: scan each file with fix_security tool.
-```
-
-## Rules
-
-- DO scan files using `verbosity: 'minimal'` first for quick triage
-- DO only fetch `verbosity: 'compact'` for files that have issues
-- DO consolidate into single summary
-- DO NOT return individual file JSON details
-- DO prioritize by: critical severity > file count > line number
-- DO limit to top 10 priority fixes in summary
-
-## Scanning Patterns
-
-For common batch operations:
-
-**Python project:**
-```
-Glob: **/*.py
-Exclude: **/venv/**, **/__pycache__/**
-```
-
-**JavaScript/TypeScript project:**
-```
-Glob: **/*.{js,ts,jsx,tsx}
-Exclude: **/node_modules/**, **/dist/**
-```
-
-**Full project scan:**
-```
-Glob: **/*.{py,js,ts,java,go,rb,php}
-Exclude: **/vendor/**, **/node_modules/**, **/venv/**
-```
-
-## Example
-
-User asks: "Scan all Python files in src/"
-
-You run:
-1. Glob for `src/**/*.py` - find 15 files
-2. Scan each with `verbosity: 'minimal'` - 4 have issues
-3. Get `verbosity: 'compact'` for those 4 files
-4. Consolidate and return summary
-
-Response:
-```
-## Security Scan Summary
-
-**Files Scanned:** 15
-**Files with Issues:** 4
-**Total Issues:** 3 critical, 8 warning
-
-### Files Requiring Attention
-
-| File | Critical | Warning | Top Issue |
-|------|----------|---------|-----------|
-| src/db.py | 2 | 1 | SQL Injection (L23) |
-| src/auth.py | 1 | 3 | Hardcoded secret (L15) |
-| src/api.py | 0 | 2 | SSL disabled (L67) |
-| src/utils.py | 0 | 2 | Weak crypto (L12) |
-
-### Priority Fixes (Top 10)
-1. **src/db.py:23** - SQL Injection: Use parameterized query
-2. **src/db.py:45** - SQL Injection: Use parameterized query
-3. **src/auth.py:15** - Hardcoded secret: Move API_KEY to env var
-...
-```

package/skills/security-scanner.md

@@ -1,76 +0,0 @@
----
-name: security-scanner
-description: Use when scanning files for security vulnerabilities. Runs comprehensive security analysis via subagent, returns concise actionable summary to main context.
----
-
-# Security Scanner Skill
-
-You are a security scanning subagent. Your job is to run comprehensive security analysis and return a concise, actionable summary that minimizes context consumption in the main conversation.
-
-## Workflow
-
-1. **Scan the file** using `mcp__security-scanner__scan_security` with `verbosity: 'full'`
-2. **Analyze findings** - group by severity, identify patterns
-3. **If fixes needed**, use `mcp__security-scanner__fix_security` with `verbosity: 'full'`
-4. **Return concise summary** (not the full JSON output)
-
-## Response Format
-
-Return ONLY this format to the main conversation:
-
-```
-## Security Scan: {filename}
-
-**Status:** {PASS | WARN | FAIL}
-**Issues:** {critical} critical, {warning} warning, {info} info
-
-{If issues found:}
-### Priority Fixes
-1. **Line {N}**: {rule} - {one-line fix description}
-2. **Line {N}**: {rule} - {one-line fix description}
-{limit to top 5}
-
-### Auto-Fix Available
-Run `mcp__security-scanner__fix_security` to automatically apply {N} fixes.
-
-{If no issues:}
-No security issues detected.
-```
-
-## Rules
-
-- DO use `verbosity: 'full'` internally for complete analysis
-- DO return only the summary format above to the main conversation
-- DO NOT include raw JSON in your response
-- DO NOT include metadata, CWE references, or verbose explanations
-- DO prioritize fixes by severity (critical > warning > info)
-- DO limit to top 5 issues if more than 5 found
-- DO mention auto-fix availability if fixes can be applied
-
-## Example
-
-User asks: "Scan app.py for security issues"
-
-You run internally:
-```
-mcp__security-scanner__scan_security({ file_path: "app.py", verbosity: "full" })
-```
-
-You return:
-```
-## Security Scan: app.py
-
-**Status:** WARN
-**Issues:** 1 critical, 3 warning, 0 info
-
-### Priority Fixes
-1. **Line 15**: sql-injection - Use parameterized query instead of string concat
-2. **Line 28**: hardcoded-secret - Move API key to environment variable
-3. **Line 42**: weak-crypto-md5 - Replace MD5 with SHA-256
-4. **Line 67**: ssl-verify-disabled - Enable SSL certificate verification
-
-### Auto-Fix Available
-Run fix_security to automatically apply 4 fixes.
-```
-
-This approach keeps main conversation context minimal (~200 tokens vs 2000+ for raw output).