aiden-runtime 3.19.5 → 3.19.7

package/workspace-templates/skills/securityheaders/skill.json

@@ -0,0 +1,26 @@
+{
+  "name": "securityheaders",
+  "version": "1.0.0",
+  "description": "Audit HTTP security headers for any URL and receive a grade (A+ to F) with specific recommendations for missing headers",
+  "author": "aiden",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "security",
+    "http",
+    "headers",
+    "csp",
+    "hsts",
+    "xframe",
+    "audit",
+    "web",
+    "hardening",
+    "compliance"
+  ],
+  "created": "2026-04-27T17:11:40.692Z"
+}

package/workspace-templates/skills/shodan/SKILL.md

@@ -0,0 +1,113 @@
+---
+name: shodan
+description: Search Shodan for internet-connected devices, open ports, and services — host lookups and database queries
+category: security
+version: 1.0.0
+license: Apache-2.0
+origin: aiden
+tags: security, shodan, osint, recon, ports, services, iot, asset-discovery, cve, infosec
+env_required:
+  - SHODAN_API_KEY
+---
+
+# Shodan — Internet Device Search
+
+Shodan indexes internet-connected devices and exposes metadata: open ports, running services, banners, TLS certificates, and known CVEs. Use it for security audits, reconnaissance, and asset discovery.
+
+**Requires:** `SHODAN_API_KEY` — free tier at https://account.shodan.io (1 req/sec, 100 queries/month).
+
+## When to Use
+
+- User wants to know what ports/services are exposed on a specific IP
+- User wants to find vulnerable systems of a specific type (e.g. exposed databases)
+- User is doing a security audit and needs external exposure info
+- User asks "what does Shodan show for IP X" or "find exposed Redis servers"
+- Asset discovery: find all internet-exposed assets for a company/ASN
+
+## How to Use
+
+### Look up a specific IP address
+
+```powershell
+$ip  = "8.8.8.8"
+$key = $env:SHODAN_API_KEY
+$url = "https://api.shodan.io/shodan/host/${ip}?key=${key}"
+
+$host = Invoke-RestMethod -Uri $url
+Write-Host "IP:           $($host.ip_str)"
+Write-Host "Organization: $($host.org)"
+Write-Host "OS:           $($host.os)"
+Write-Host "Country:      $($host.country_name)"
+Write-Host "Open ports:   $($host.ports -join ', ')"
+Write-Host ""
+Write-Host "Services:"
+$host.data | ForEach-Object {
+    Write-Host "  Port $($_.port)/$($_.transport) — $($_.product) $($_.version)"
+}
+```
+
+### Search for exposed services by query
+
+```powershell
+$query = [Uri]::EscapeDataString("port:27017 product:MongoDB")
+$key   = $env:SHODAN_API_KEY
+$url   = "https://api.shodan.io/shodan/host/search?query=${query}&key=${key}"
+
+$results = Invoke-RestMethod -Uri $url
+Write-Host "Total results: $($results.total)"
+$results.matches | Select-Object -First 10 | ForEach-Object {
+    Write-Host "  $($_.ip_str):$($_.port) — $($_.org) ($($_.location.country_name))"
+}
+```
+
+### Find CVEs on a host
+
+```powershell
+$ip   = "TARGET_IP"
+$key  = $env:SHODAN_API_KEY
+$host = Invoke-RestMethod -Uri "https://api.shodan.io/shodan/host/${ip}?key=${key}"
+
+if ($host.vulns) {
+    Write-Host "CVEs found on ${ip}:"
+    $host.vulns.PSObject.Properties | ForEach-Object { Write-Host "  $($_.Name)" }
+} else {
+    Write-Host "No known CVEs found for ${ip}"
+}
+```
+
+### Useful Shodan search filters
+
+```
+port:22 country:IN                  SSH servers in India
+product:nginx version:1.14          Specific nginx version
+org:"Amazon"                        Amazon-owned IPs
+ssl.cert.subject.cn:*.example.com   Certs for a domain
+http.title:"Dashboard" port:80      Web dashboards on port 80
+vuln:CVE-2021-44228                 Log4Shell vulnerable hosts
+```
+
+## Examples
+
+**"What is exposed on IP 1.2.3.4?"**
+→ Use the host lookup. Shows open ports, services, OS.
+
+**"Find all MongoDB servers with no auth"**
+→ Query: `port:27017 product:MongoDB -authentication`
+
+**"Search for Apache servers in India"**
+→ Query: `product:Apache country:IN`
+
+**"Does this IP have any known CVEs?"**
+→ Use the CVE snippet above on the target IP.
+
+## Cautions
+
+- Free tier: 100 queries/month and 1 request/second — add `Start-Sleep -Milliseconds 1100` between bulk calls
+- Shodan data is cached — it reflects the last scan date, not necessarily the current state
+- Host lookups and scans data about publicly reachable services only — no active scanning is performed by this skill
+- Never use Shodan results to attempt unauthorized access; this skill is for reconnaissance and awareness only
+- The `vulns` field only appears when Shodan has matched CVE data to the service banner
+
+## Requirements
+
+- `SHODAN_API_KEY` — free account at https://account.shodan.io

package/workspace-templates/skills/shodan/index.ts

@@ -0,0 +1,94 @@
+// skills/shodan/index.ts
+// Programmatic handler — host lookups and search queries via Shodan API.
+
+import { ApiSkill, requireApiKey } from '../../core/apiSkillBase'
+
+const skill = new ApiSkill({
+  name:           'shodan',
+  baseUrl:        'https://api.shodan.io',
+  apiKeyEnv:      'SHODAN_API_KEY',
+  authType:       'query',
+  authQueryParam: 'key',
+  rateLimit:      { requests: 1, windowMs: 1_000 },
+  timeout:        20_000,
+  retries:        3,
+})
+
+export interface ShodanService {
+  port:      number
+  transport: string
+  product:   string
+  version:   string
+  banner:    string
+}
+
+export interface ShodanHost {
+  ip:           string
+  org:          string
+  os:           string | null
+  country:      string
+  city:         string
+  ports:        number[]
+  services:     ShodanService[]
+  hostnames:    string[]
+  vulns:        string[]
+  lastUpdate:   string
+}
+
+export interface ShodanSearchResult {
+  total:   number
+  matches: Array<{
+    ip:      string
+    port:    number
+    org:     string
+    country: string
+    product: string
+    version: string
+  }>
+}
+
+/** Look up a specific IP address in Shodan. */
+export async function hostLookup(ip: string): Promise<ShodanHost> {
+  requireApiKey('SHODAN_API_KEY')
+
+  const raw = await skill.get(`/shodan/host/${encodeURIComponent(ip)}`)
+
+  const services: ShodanService[] = (raw.data ?? []).map((svc: any) => ({
+    port:      svc.port      ?? 0,
+    transport: svc.transport ?? 'tcp',
+    product:   svc.product   ?? '',
+    version:   svc.version   ?? '',
+    banner:    svc.data      ?? '',
+  }))
+
+  return {
+    ip:         raw.ip_str       ?? ip,
+    org:        raw.org          ?? '',
+    os:         raw.os           ?? null,
+    country:    raw.country_name ?? '',
+    city:       raw.city         ?? '',
+    ports:      raw.ports        ?? [],
+    services,
+    hostnames:  raw.hostnames    ?? [],
+    vulns:      raw.vulns        ? Object.keys(raw.vulns) : [],
+    lastUpdate: raw.last_update  ?? '',
+  }
+}
+
+/** Search Shodan using a filter query string. */
+export async function search(query: string, page = 1): Promise<ShodanSearchResult> {
+  requireApiKey('SHODAN_API_KEY')
+
+  const raw = await skill.get('/shodan/host/search', { query, page: String(page) })
+
+  const matches = (raw.matches ?? []).map((m: any) => ({
+    ip:      m.ip_str                    ?? '',
+    port:    m.port                      ?? 0,
+    org:     m.org                       ?? '',
+    country: m.location?.country_name   ?? '',
+    product: m.product                   ?? '',
+    version: m.version                   ?? '',
+  }))
+
+  return { total: raw.total ?? 0, matches }
+}

package/workspace-templates/skills/shodan/skill.json

@@ -0,0 +1,26 @@
+{
+  "name": "shodan",
+  "version": "1.0.0",
+  "description": "Search Shodan for internet-connected devices, open ports, and services — host lookups and database queries",
+  "author": "aiden",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "security",
+    "shodan",
+    "osint",
+    "recon",
+    "ports",
+    "services",
+    "iot",
+    "asset-discovery",
+    "cve",
+    "infosec"
+  ],
+  "created": "2026-04-27T17:11:40.713Z"
+}

package/workspace-templates/skills/songsee/SKILL.md

@@ -0,0 +1,152 @@
+---
+name: songsee
+description: Visualize audio files as mel spectrograms, chromagrams, and MFCC plots using Python librosa
+category: media
+version: 1.0.0
+origin: aiden
+license: Apache-2.0
+tags: audio, spectrogram, mel, chroma, mfcc, librosa, visualization, music, sound-analysis
+---
+
+# Audio Visualization with Spectrograms
+
+Visualize audio files as mel spectrograms, chromagrams, and MFCC feature plots using the `librosa` Python library. Useful for music analysis, speech processing, and audio debugging.
+
+## When to Use
+
+- User wants to visualize what an audio file "looks like"
+- User wants to analyze the frequency content of a recording
+- User wants to compare two audio files visually
+- User wants to understand musical key or chroma content
+- User wants to extract MFCC features for a machine learning task
+
+## How to Use
+
+### 1. Install dependencies
+
+```powershell
+pip install librosa matplotlib soundfile
+```
+
+### 2. Generate a mel spectrogram
+
+```python
+import librosa
+import librosa.display
+import matplotlib.pyplot as plt
+import numpy as np
+
+def mel_spectrogram(audio_path, output="mel_spec.png"):
+  y, sr = librosa.load(audio_path, sr=None)
+  S     = librosa.feature.melspectrogram(y=y, sr=sr, n_mels=128, fmax=8000)
+  S_db  = librosa.power_to_db(S, ref=np.max)
+
+  fig, ax = plt.subplots(figsize=(12, 4), facecolor="#0d1117")
+  ax.set_facecolor("#0d1117")
+  img = librosa.display.specshow(S_db, sr=sr, x_axis="time", y_axis="mel", fmax=8000, ax=ax, cmap="magma")
+  fig.colorbar(img, ax=ax, format="%+2.0f dB", label="dB")
+  ax.set_title(f"Mel Spectrogram — {audio_path}", color="white")
+  ax.tick_params(colors="white")
+  ax.xaxis.label.set_color("white")
+  ax.yaxis.label.set_color("white")
+  plt.tight_layout()
+  plt.savefig(output, dpi=150, bbox_inches="tight")
+  plt.close()
+  print(f"Saved: {output}")
+
+mel_spectrogram("song.mp3")
+```
+
+### 3. Generate a chromagram (musical key content)
+
+```python
+import librosa, librosa.display, matplotlib.pyplot as plt
+
+def chromagram(audio_path, output="chroma.png"):
+  y, sr   = librosa.load(audio_path, sr=None)
+  chroma  = librosa.feature.chroma_cqt(y=y, sr=sr)
+
+  fig, ax = plt.subplots(figsize=(12, 4), facecolor="#0d1117")
+  ax.set_facecolor("#0d1117")
+  img = librosa.display.specshow(chroma, y_axis="chroma", x_axis="time", ax=ax, cmap="coolwarm")
+  fig.colorbar(img, ax=ax)
+  ax.set_title("Chromagram", color="white")
+  ax.tick_params(colors="white")
+  plt.tight_layout()
+  plt.savefig(output, dpi=150, bbox_inches="tight")
+  plt.close()
+  print(f"Saved: {output}")
+
+chromagram("song.mp3")
+```
+
+### 4. Generate MFCC features
+
+```python
+import librosa, librosa.display, matplotlib.pyplot as plt
+import numpy as np
+
+def mfcc_plot(audio_path, n_mfcc=20, output="mfcc.png"):
+  y, sr = librosa.load(audio_path, sr=None)
+  mfccs = librosa.feature.mfcc(y=y, sr=sr, n_mfcc=n_mfcc)
+
+  fig, ax = plt.subplots(figsize=(12, 4), facecolor="#0d1117")
+  ax.set_facecolor("#0d1117")
+  img = librosa.display.specshow(mfccs, x_axis="time", ax=ax, cmap="viridis")
+  fig.colorbar(img, ax=ax)
+  ax.set_title(f"MFCC ({n_mfcc} coefficients)", color="white")
+  ax.tick_params(colors="white")
+  plt.tight_layout()
+  plt.savefig(output, dpi=150, bbox_inches="tight")
+  plt.close()
+  print(f"Saved: {output}")
+
+mfcc_plot("speech.wav", n_mfcc=13)
+```
+
+### 5. Generate all three plots at once
+
+```python
+def analyze_audio(audio_path):
+  base = audio_path.rsplit(".", 1)[0]
+  mel_spectrogram(audio_path, output=f"{base}_mel.png")
+  chromagram(audio_path,      output=f"{base}_chroma.png")
+  mfcc_plot(audio_path,       output=f"{base}_mfcc.png")
+  print(f"Analysis complete: 3 PNG files saved for {audio_path}")
+
+analyze_audio("recording.wav")
+```
+
+### 6. Get basic audio statistics
+
+```python
+import librosa, numpy as np
+
+y, sr     = librosa.load("audio.mp3", sr=None)
+duration  = librosa.get_duration(y=y, sr=sr)
+tempo, _  = librosa.beat.beat_track(y=y, sr=sr)
+rms       = np.sqrt(np.mean(y**2))
+
+print(f"Duration:   {duration:.2f} seconds")
+print(f"Sample rate:{sr} Hz")
+print(f"Tempo:      {tempo:.1f} BPM")
+print(f"RMS energy: {rms:.4f}")
+```
+
+## Examples
+
+**"Show me what this audio recording looks like as a spectrogram"**
+→ Use step 2 to generate a mel spectrogram PNG. Open the saved file.
+
+**"What musical key is this song in? Visualize the chroma content"**
+→ Use step 3 to generate a chromagram — peaks in chroma rows indicate dominant pitch classes.
+
+**"Generate MFCC features from this speech recording for my ML model"**
+→ Use step 4 to plot MFCCs, then extract the `mfccs` array for downstream ML use.
+
+## Cautions
+
+- librosa loads audio in float32 mono by default — stereo files are mixed down automatically
+- Large audio files (> 30 minutes) take significant time and memory to process — slice with `offset` and `duration` parameters if needed
+- `librosa.load` supports MP3, WAV, FLAC, OGG — ensure `soundfile` and `audioread` are installed for MP3 support
+- MFCC coefficients are sensitive to `n_mfcc` and `sr` — use consistent settings across all files in an ML dataset

package/workspace-templates/skills/songsee/skill.json

@@ -0,0 +1,25 @@
+{
+  "name": "songsee",
+  "version": "1.0.0",
+  "description": "Visualize audio files as mel spectrograms, chromagrams, and MFCC plots using Python librosa",
+  "author": "aiden",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "audio",
+    "spectrogram",
+    "mel",
+    "chroma",
+    "mfcc",
+    "librosa",
+    "visualization",
+    "music",
+    "sound-analysis"
+  ],
+  "created": "2026-04-27T17:11:40.732Z"
+}

package/workspace-templates/skills/ssllabs/SKILL.md

@@ -0,0 +1,107 @@
+---
+name: ssllabs
+description: Comprehensive TLS/SSL analysis via Qualys SSL Labs — grades cipher suites, certificate chains, protocol versions, and known vulnerabilities
+category: security
+version: 1.0.0
+license: Apache-2.0
+origin: aiden
+tags: security, ssl, tls, certificates, ssllabs, qualys, https, ciphers, heartbleed, poodle, compliance
+---
+
+# SSL Labs — TLS/SSL Deep Analysis
+
+Qualys SSL Labs performs a comprehensive TLS/SSL scan and assigns a grade from A+ to F. It checks cipher suite strength, certificate validity and chain, protocol support (TLS 1.0–1.3), forward secrecy, and known vulnerabilities like Heartbleed, POODLE, DROWN, and LOGJAM.
+
+**No API key required.** Scans can take 60–120 seconds for first-time analysis.
+
+## When to Use
+
+- Verify TLS configuration before or after a certificate renewal
+- Compliance check: confirm TLS 1.0/1.1 is disabled, HSTS is set
+- Incident response: check if a server is vulnerable to Heartbleed or POODLE
+- User asks "what grade is my SSL?", "is the TLS cert on X valid?", "does site support TLS 1.3?"
+
+## How to Use
+
+### Start a scan and poll for results
+
+```powershell
+$host   = "github.com"
+$apiUrl = "https://api.ssllabs.com/api/v3/analyze"
+
+# Start new scan
+$result = Invoke-RestMethod -Uri "$apiUrl`?host=$host&publish=off&startNew=on&all=done"
+Write-Host "Status: $($result.status)"
+
+# Poll until ready (may take 1-2 minutes)
+while ($result.status -ne 'READY' -and $result.status -ne 'ERROR') {
+    Start-Sleep -Seconds 20
+    $result = Invoke-RestMethod -Uri "$apiUrl`?host=$host&publish=off&all=done"
+    Write-Host "Status: $($result.status) — $(($result.endpoints | Measure-Object).Count) endpoint(s)"
+}
+
+$result.endpoints | ForEach-Object {
+    Write-Host "  $($_.ipAddress)  Grade: $($_.grade)  $($_.statusMessage)"
+}
+```
+
+### Check TLS protocols and known vulnerabilities
+
+```powershell
+$host   = "example.com"
+$result = Invoke-RestMethod -Uri "https://api.ssllabs.com/api/v3/analyze?host=$host&publish=off&all=done"
+
+while ($result.status -ne 'READY') {
+    Start-Sleep -Seconds 15
+    $result = Invoke-RestMethod -Uri "https://api.ssllabs.com/api/v3/analyze?host=$host&publish=off&all=done"
+}
+
+$ep = $result.endpoints[0]
+Write-Host "Grade:      $($ep.grade)"
+Write-Host "TLS protocols supported:"
+$ep.details.protocols | ForEach-Object { Write-Host "  $($_.name) $($_.version)" }
+Write-Host ""
+Write-Host "Vulnerabilities:"
+Write-Host "  Heartbleed:   $($ep.details.heartbleed)"
+Write-Host "  POODLE (SSL): $($ep.details.poodleSsl)"
+Write-Host "  FREAK:        $($ep.details.freak)"
+Write-Host "  LOGJAM:       $($ep.details.logjam)"
+Write-Host "  DROWN:        $($ep.details.drownVulnerable)"
+```
+
+### Get the direct report URL (instant — no waiting)
+
+```powershell
+$host    = "taracod.com"
+$encoded = [Uri]::EscapeDataString($host)
+$url     = "https://www.ssllabs.com/ssltest/analyze.html?d=$encoded&hideResults=on&ignoreMismatch=on"
+Write-Host "Open in browser: $url"
+Start-Process $url
+```
+
+## Examples
+
+**"What SSL grade does github.com get?"**
+→ Scan and poll — typically returns A+ in ~90 seconds.
+
+**"Is my server vulnerable to Heartbleed?"**
+→ Scan and check `endpoints[0].details.heartbleed` — should be false.
+
+**"Does this server still support TLS 1.0?"**
+→ Check `endpoints[0].details.protocols` — TLS 1.0 and 1.1 should be absent for A grade.
+
+**"Just give me the SSL Labs link for my site"**
+→ Use `quickScan` — returns the browser URL instantly without waiting.
+
+## Cautions
+
+- First-time scans for a new host take 60–120 seconds — cached results return in seconds
+- `publish=off` is essential — without it, results appear on the public leaderboard
+- SSL Labs API rate limits: 1 request per 2 seconds — do not spam the poll loop
+- Scans from the same IP on the same host within 24h return cached results by default
+- A READY result with `gradeTrustIgnored` different from `grade` means there is a certificate trust issue
+
+## Requirements
+
+- None — no API key needed
+- For bulk scanning, respect the rate limits or use the direct URL and view in browser