aiden-runtime 3.19.5 → 3.19.7

package/workspace-templates/skills/censys/index.ts

@@ -0,0 +1,133 @@
+// skills/censys/index.ts
+// Programmatic handler — host lookup, search, and certificate analysis via Censys v2 API.
+
+import { ApiSkill } from '../../core/apiSkillBase'
+
+// Censys uses HTTP Basic auth: Base64(API_ID:API_SECRET)
+// We build the credential lazily so env vars can be set after module load.
+
+let _skill: ApiSkill | null = null
+
+function getSkill(): ApiSkill {
+  if (_skill) return _skill
+
+  const apiId     = process.env['CENSYS_API_ID']     ?? ''
+  const apiSecret = process.env['CENSYS_API_SECRET']  ?? ''
+
+  if (!apiId || !apiSecret) {
+    throw new Error(
+      'CENSYS_API_ID and CENSYS_API_SECRET are not configured.\n' +
+      'Add them to .env:\n  CENSYS_API_ID=your-id\n  CENSYS_API_SECRET=your-secret\n' +
+      'Free account: https://search.censys.io/register',
+    )
+  }
+
+  const encoded = Buffer.from(`${apiId}:${apiSecret}`).toString('base64')
+
+  _skill = new ApiSkill({
+    name:       'censys',
+    baseUrl:    'https://search.censys.io/api/v2',
+    authType:   'header',
+    authHeader: 'Authorization',
+    apiKey:     `Basic ${encoded}`,
+    rateLimit:  { requests: 4, windowMs: 10_000 },  // 0.4 req/sec
+    timeout:    20_000,
+    retries:    2,
+  })
+  return _skill
+}
+
+// ── Output types ──────────────────────────────────────────────
+
+export interface CensysService {
+  port:      number
+  protocol:  string    // e.g. "TCP"
+  name:      string    // e.g. "HTTP", "HTTPS"
+}
+
+export interface CensysHost {
+  ip:          string
+  asn:         number
+  asnName:     string
+  country:     string
+  city:        string
+  services:    CensysService[]
+  lastUpdated: string
+}
+
+export interface CensysSearchResult {
+  total:   number
+  hits: Array<{
+    ip:      string
+    asn:     number
+    asnName: string
+    country: string
+  }>
+}
+
+export interface CensysCertificate {
+  fingerprint:  string
+  subjectDn:    string
+  issuerDn:     string
+  names:        string[]
+  validStart:   string
+  validEnd:     string
+}
+
+// ── Public API ────────────────────────────────────────────────
+
+/** Look up a specific IP address in Censys. */
+export async function hostLookup(ip: string): Promise<CensysHost> {
+  const raw = await getSkill().get(`/hosts/${encodeURIComponent(ip)}`)
+  const r   = raw.result ?? raw  // some responses nest under result
+
+  const services: CensysService[] = (r.services ?? []).map((s: any) => ({
+    port:     s.port             ?? 0,
+    protocol: s.transport_protocol ?? 'TCP',
+    name:     s.service_name    ?? s.extended_service_name ?? '',
+  }))
+
+  const as = r.autonomous_system ?? {}
+  const loc = r.location         ?? {}
+
+  return {
+    ip:          r.ip             ?? ip,
+    asn:         as.asn           ?? 0,
+    asnName:     as.name          ?? as.bgp_prefix ?? '',
+    country:     loc.country      ?? loc.country_code ?? '',
+    city:        loc.city         ?? '',
+    services,
+    lastUpdated: r.last_updated_at ?? '',
+  }
+}
+
+/** Search Censys hosts with a query string. */
+export async function hostSearch(query: string, perPage = 25): Promise<CensysSearchResult> {
+  const raw = await getSkill().get('/hosts/search', { q: query, per_page: String(perPage) })
+  const r   = raw.result ?? raw
+
+  const hits = (r.hits ?? []).map((h: any) => ({
+    ip:      h.ip                        ?? '',
+    asn:     h.autonomous_system?.asn    ?? 0,
+    asnName: h.autonomous_system?.name   ?? '',
+    country: h.location?.country         ?? h.location?.country_code ?? '',
+  }))
+
+  return { total: r.total ?? hits.length, hits }
+}
+
+/** Look up a TLS certificate by its SHA-256 fingerprint. */
+export async function certificateLookup(sha256: string): Promise<CensysCertificate> {
+  const raw    = await getSkill().get(`/certificates/${sha256.toLowerCase()}`)
+  const parsed = (raw.result ?? raw).parsed ?? {}
+  const val    = parsed.validity ?? {}
+
+  return {
+    fingerprint: sha256,
+    subjectDn:   parsed.subject_dn             ?? '',
+    issuerDn:    parsed.issuer_dn              ?? '',
+    names:       parsed.names_from_san         ?? [],
+    validStart:  val.start                     ?? '',
+    validEnd:    val.end                       ?? '',
+  }
+}

package/workspace-templates/skills/censys/skill.json

@@ -0,0 +1,25 @@
+{
+  "name": "censys",
+  "version": "1.0.0",
+  "description": "Search Censys for internet-exposed hosts, certificates, and services — host lookups, queries, and certificate analysis",
+  "author": "aiden",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "security",
+    "censys",
+    "osint",
+    "recon",
+    "ports",
+    "certificates",
+    "tls",
+    "asset-discovery",
+    "internet-scan"
+  ],
+  "created": "2026-04-27T17:11:39.264Z"
+}

package/workspace-templates/skills/clipboard-history/SKILL.md

@@ -0,0 +1,101 @@
+---
+name: clipboard-history
+description: Read, write, and manage Windows clipboard content including text, HTML, images, and clipboard history via PowerShell
+category: windows
+version: 1.0.0
+platform: windows
+tags: clipboard, copy, paste, history, windows, powershell, text
+license: Apache-2.0
+---
+
+# Clipboard History
+
+Read and write Windows clipboard content, access clipboard history (Win+V), and manipulate clipboard data — text, HTML, and file lists — via PowerShell.
+
+## When to Use
+
+- User wants to read what's currently on the clipboard
+- User asks Aiden to set or overwrite clipboard content
+- User wants to pipe command output directly to the clipboard
+- User needs to clear the clipboard or check clipboard history
+- User wants to copy a file path, URL, or code snippet to clipboard
+
+## How to Use
+
+### Read current clipboard text
+```powershell
+Get-Clipboard
+```
+
+### Write text to clipboard
+```powershell
+Set-Clipboard -Value "Hello from Aiden!"
+```
+
+### Pipe command output to clipboard
+```powershell
+Get-Process | Out-String | Set-Clipboard
+```
+
+### Copy a file path to clipboard
+```powershell
+Set-Clipboard -Value "C:\Users\shiva\Documents\report.pdf"
+```
+
+### Clear the clipboard
+```powershell
+Set-Clipboard -Value $null
+```
+
+### Read clipboard as HTML (if HTML is on clipboard)
+```powershell
+Add-Type -AssemblyName System.Windows.Forms
+[System.Windows.Forms.Clipboard]::GetText([System.Windows.Forms.TextDataFormat]::Html)
+```
+
+### Check if clipboard contains an image
+```powershell
+Add-Type -AssemblyName System.Windows.Forms
+[System.Windows.Forms.Clipboard]::ContainsImage()
+```
+
+### Save clipboard image to file
+```powershell
+Add-Type -AssemblyName System.Windows.Forms
+$img = [System.Windows.Forms.Clipboard]::GetImage()
+if ($img) {
+  $img.Save("$env:USERPROFILE\Desktop\clipboard-image.png")
+  Write-Host "Saved to Desktop"
+} else {
+  Write-Host "No image on clipboard"
+}
+```
+
+### Access clipboard history entries (Win+V API)
+```powershell
+# Clipboard history requires Windows 10 1809+ and history enabled in Settings
+# Use the ContentDeliveryManager workaround or UWP API via PowerShell
+Add-Type -AssemblyName Windows.ApplicationModel
+$history = [Windows.ApplicationModel.DataTransfer.Clipboard,Windows.ApplicationModel,ContentType=WindowsRuntime]
+# Note: full UWP clipboard history requires a packaged app context
+# For CLI use, pipe history via the built-in Win+V UI or a third-party tool
+Write-Host "Open Win+V to view clipboard history interactively"
+```
+
+## Examples
+
+**"Copy the output of dir to clipboard"**
+→ `Get-ChildItem | Out-String | Set-Clipboard`
+
+**"Put my public IP address on the clipboard"**
+→ `(Invoke-RestMethod -Uri 'https://api.ipify.org').Trim() | Set-Clipboard`
+
+**"Clear whatever is on the clipboard"**
+→ `Set-Clipboard -Value $null`
+
+## Cautions
+
+- `Set-Clipboard` requires PowerShell 5.1+ on Windows; earlier versions use `clip.exe` as fallback
+- Clipboard history (Win+V) requires it to be enabled in Settings → System → Clipboard
+- Image and HTML clipboard operations require `System.Windows.Forms` assembly — only available on Windows
+- Clipboard contents are not persisted across reboots unless pinned in the clipboard history UI

package/workspace-templates/skills/clipboard-history/skill.json

@@ -0,0 +1,23 @@
+{
+  "name": "clipboard-history",
+  "version": "1.0.0",
+  "description": "Read, write, and manage Windows clipboard content including text, HTML, images, and clipboard history via PowerShell",
+  "author": "local",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "clipboard",
+    "copy",
+    "paste",
+    "history",
+    "windows",
+    "powershell",
+    "text"
+  ],
+  "created": "2026-04-27T17:11:39.322Z"
+}

package/workspace-templates/skills/crt-sh/SKILL.md

@@ -0,0 +1,102 @@
+---
+name: crt.sh
+description: Search certificate transparency logs to enumerate subdomains and TLS certificates for any domain — no API key required
+category: security
+version: 1.0.0
+license: Apache-2.0
+origin: aiden
+tags: security, osint, certificates, subdomains, tls, ssl, ct-logs, recon, crt.sh
+---
+
+# Certificate Transparency Search (crt.sh)
+
+Query [crt.sh](https://crt.sh) to enumerate all TLS/SSL certificates ever issued for a domain. Certificate transparency logs are public — no API key or account needed.
+
+## When to Use
+
+- User wants to find all subdomains of a domain (recon / asset discovery)
+- User wants to see what TLS certificates have been issued for their domain
+- User is doing OSINT on an organization's infrastructure
+- User asks "what subdomains does X have" or "find all certs for domain"
+- Security audit: discover forgotten or misconfigured subdomains
+
+## How to Use
+
+### List all certificates for a domain
+
+```powershell
+$domain = "taracod.com"
+$url    = "https://crt.sh/?q=$domain&output=json"
+
+$certs = Invoke-RestMethod -Uri $url
+Write-Host "Found $($certs.Count) certificate records"
+$certs | Select-Object -First 10 | Format-Table id, name_value, not_before, not_after -AutoSize
+```
+
+### Extract unique subdomain names
+
+```powershell
+$domain = "taracod.com"
+$url    = "https://crt.sh/?q=$([Uri]::EscapeDataString("*.$domain"))&output=json"
+
+$certs  = Invoke-RestMethod -Uri $url
+$names  = $certs | ForEach-Object { $_.name_value -split "`n" } |
+          Sort-Object -Unique |
+          Where-Object { $_ -ne "" -and $_ -ne "*.$domain" }
+
+Write-Host "Unique subdomains / names ($($names.Count)):"
+$names | ForEach-Object { Write-Host "  $_" }
+```
+
+### Search for certificates by organization (CA issuance)
+
+```powershell
+$domain  = "taracod.com"
+$url     = "https://crt.sh/?q=$domain&output=json"
+$certs   = Invoke-RestMethod -Uri $url
+
+$certs | Select-Object issuer_name, not_before, not_after, name_value |
+    Sort-Object not_before -Descending |
+    Select-Object -First 20 |
+    Format-Table -AutoSize
+```
+
+### Find recently issued certificates (last 30 days)
+
+```powershell
+$domain    = "example.com"
+$url       = "https://crt.sh/?q=$domain&output=json"
+$certs     = Invoke-RestMethod -Uri $url
+$cutoff    = (Get-Date).AddDays(-30)
+
+$recent = $certs | Where-Object {
+    [datetime]$_.not_before -gt $cutoff
+} | Select-Object name_value, not_before, issuer_name
+
+Write-Host "Certificates issued in the last 30 days: $($recent.Count)"
+$recent | Format-Table -AutoSize
+```
+
+## Examples
+
+**"Find all subdomains for google.com"**
+→ Use the subdomain extraction snippet with `$domain = "google.com"`.
+
+**"What TLS certificates has github.com had?"**
+→ Use the first snippet with `$domain = "github.com"` and look at `not_before`/`not_after`.
+
+**"Show me recently issued certs for competitor.com"**
+→ Use the "recently issued" snippet — useful for tracking new infrastructure.
+
+## Cautions
+
+- crt.sh is a free public service — do not hammer it with rapid requests; add a short delay between bulk queries
+- Results include historical (expired) certificates unless you filter by `not_after`
+- Wildcard certificates (`*.example.com`) are returned — the `name_value` field may contain multiple names separated by newlines
+- Subdomains found here may no longer be active — always verify with DNS before assuming they are live
+- Certificate transparency data is public by design; this is open-source intelligence, not hacking
+
+## Requirements
+
+- No API key required — crt.sh is fully public
+- PowerShell's `Invoke-RestMethod` handles JSON parsing automatically

package/workspace-templates/skills/crt-sh/index.ts

@@ -0,0 +1,59 @@
+// skills/crt-sh/index.ts
+// Programmatic handler — no auth required, uses ApiSkill for retries/timeout.
+
+import { ApiSkill } from '../../core/apiSkillBase'
+
+const skill = new ApiSkill({
+  name:     'crt.sh',
+  baseUrl:  'https://crt.sh',
+  authType: 'none',
+  timeout:  30_000,
+  retries:  3,
+})
+
+export interface CertRecord {
+  id:          number
+  name_value:  string
+  issuer_name: string
+  not_before:  string
+  not_after:   string
+}
+
+export async function searchCerts(domain: string): Promise<{
+  total:      number
+  subdomains: string[]
+  raw:        CertRecord[]
+}> {
+  const results: CertRecord[] = await skill.get('/', {
+    q:      `%.${domain}`,
+    output: 'json',
+  })
+
+  if (!Array.isArray(results) || results.length === 0) {
+    return { total: 0, subdomains: [], raw: [] }
+  }
+
+  // Flatten multi-value name fields and deduplicate
+  const subdomains = [
+    ...new Set(
+      results
+        .flatMap(r => r.name_value.split('\n'))
+        .map(s => s.trim())
+        .filter(s => s && !s.startsWith('*.')),
+    ),
+  ].sort()
+
+  return { total: results.length, subdomains, raw: results }
+}
+
+export async function formatSubdomains(domain: string): Promise<string> {
+  const { total, subdomains } = await searchCerts(domain)
+
+  if (total === 0) return `No certificates found for ${domain}`
+
+  return [
+    `Found ${total} certificate records for ${domain}.`,
+    `Unique subdomains/names (${subdomains.length}):`,
+    ...subdomains.map(s => `  ${s}`),
+  ].join('\n')
+}

package/workspace-templates/skills/crt-sh/skill.json

@@ -0,0 +1,25 @@
+{
+  "name": "crt-sh",
+  "version": "1.0.0",
+  "description": "Search certificate transparency logs to enumerate subdomains and TLS certificates for any domain — no API key required",
+  "author": "aiden",
+  "license": "MIT",
+  "tools": [],
+  "trigger_phrases": [],
+  "compatible_agents": [
+    "aiden"
+  ],
+  "min_agent_version": "3.0.0",
+  "tags": [
+    "security",
+    "osint",
+    "certificates",
+    "subdomains",
+    "tls",
+    "ssl",
+    "ct-logs",
+    "recon",
+    "crt.sh"
+  ],
+  "created": "2026-04-27T17:11:39.411Z"
+}

package/workspace-templates/skills/cveapi/SKILL.md

@@ -0,0 +1,114 @@
+---
+name: cveapi
+description: Look up CVE vulnerability details by ID via MITRE CVE API with NVD fallback — severity, CVSS score, affected products, and references
+category: security
+version: 1.0.0
+license: Apache-2.0
+origin: aiden
+tags: security, cve, vulnerability, nvd, mitre, cvss, patch, incident-response, compliance
+---
+
+# CVE API — Vulnerability Lookup
+
+Look up any CVE (Common Vulnerabilities and Exposures) by ID to get severity, CVSS score, affected products, and reference links. Uses the MITRE CVE API (cveawg.mitre.org) with automatic fallback to the NVD (National Vulnerability Database) for richer data.
+
+**No API key required.** Optionally set `NVD_API_KEY` for higher rate limits on the NVD endpoint.
+
+## When to Use
+
+- User asks about a specific CVE by ID (e.g. "what is CVE-2021-44228?")
+- Security team needs severity and CVSS score for patch prioritization
+- Incident response: quickly triage whether a reported CVE is critical
+- Compliance audit: confirm affected software versions for a given vulnerability
+- User asks "is this CVE critical?", "what does CVE-XXXX-XXXXX affect?"
+
+## How to Use
+
+### Look up a single CVE (MITRE CVE API)
+
+```powershell
+$cveId = "CVE-2021-44228"
+$url   = "https://cveawg.mitre.org/api/cve/$cveId"
+
+$result = Invoke-RestMethod -Uri $url
+$cna    = $result.containers.cna
+$desc   = ($cna.descriptions | Where-Object { $_.lang -eq 'en' } | Select-Object -First 1).value
+$cvss   = $cna.metrics | ForEach-Object {
+    $_.PSObject.Properties | Where-Object { $_.Name -like 'cvssV3*' } |
+    Select-Object -First 1 -ExpandProperty Value
+} | Select-Object -First 1
+
+Write-Host "CVE:          $($result.cveMetadata.cveId)"
+Write-Host "State:        $($result.cveMetadata.state)"
+Write-Host "Published:    $($result.cveMetadata.datePublished)"
+Write-Host "Score:        $($cvss.baseScore) ($($cvss.baseSeverity))"
+Write-Host "Description:  $desc"
+Write-Host "References:   $(($cna.references | Select-Object -First 3 -ExpandProperty url) -join ', ')"
+```
+
+### Look up via NVD (richer data, optional API key)
+
+```powershell
+$cveId   = "CVE-2021-44228"
+$headers = @{}
+if ($env:NVD_API_KEY) { $headers['apiKey'] = $env:NVD_API_KEY }
+
+$url    = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=$cveId"
+$result = Invoke-RestMethod -Uri $url -Headers $headers
+$cve    = $result.vulnerabilities[0].cve
+$desc   = ($cve.descriptions | Where-Object { $_.lang -eq 'en' } | Select-Object -First 1).value
+$metric = $cve.metrics.cvssMetricV31[0].cvssData
+
+Write-Host "CVE:       $($cve.id)"
+Write-Host "Published: $($cve.published)"
+Write-Host "Score:     $($metric.baseScore) ($($metric.baseSeverity))"
+Write-Host "Vector:    $($metric.vectorString)"
+Write-Host "Desc:      $($desc.Substring(0, [Math]::Min(200, $desc.Length)))..."
+```
+
+### Batch lookup — check multiple CVEs
+
+```powershell
+$cveIds = @("CVE-2021-44228", "CVE-2023-4863", "CVE-2024-3094")
+
+foreach ($id in $cveIds) {
+    try {
+        $url    = "https://cveawg.mitre.org/api/cve/$id"
+        $result = Invoke-RestMethod -Uri $url
+        $cna    = $result.containers.cna
+        $cvss   = ($cna.metrics | Where-Object { $_.PSObject.Properties.Name -like 'cvssV3*' } |
+                   Select-Object -First 1).PSObject.Properties.Value | Select-Object -First 1
+        Write-Host "$id  Score: $($cvss.baseScore ?? 'N/A')  ($($cvss.baseSeverity ?? 'UNKNOWN'))"
+    } catch {
+        Write-Host "$id  ERROR: $($_.Exception.Message)"
+    }
+    Start-Sleep -Milliseconds 200   # polite rate limiting
+}
+```
+
+## Examples
+
+**"Look up CVE-2021-44228"**
+→ Returns Log4Shell details: CVSS 10.0 CRITICAL, affects Apache Log4j 2.x.
+
+**"What's the severity of CVE-2023-4863?"**
+→ Returns WebP heap buffer overflow: CVSS 8.8 HIGH, affects Chrome/libwebp.
+
+**"Get details for CVE-2024-3094"**
+→ Returns XZ Utils backdoor: CVSS 10.0 CRITICAL, supply-chain attack.
+
+**"Is CVE-2024-12345 critical?"**
+→ Looks up and reports severity tier: CRITICAL / HIGH / MEDIUM / LOW / NONE.
+
+## Cautions
+
+- MITRE CVE API has no documented rate limit — use 1–2 req/sec as a courtesy
+- NVD has stricter rate limiting: 5 req/30s without a key, 50 req/30s with `NVD_API_KEY`
+- Some CVEs are `RESERVED` (not yet disclosed) — the API returns limited data
+- CVSS score may be absent for very new or disputed CVEs
+- NVD and MITRE may have slightly different data — NVD is generally more complete
+
+## Requirements
+
+- No key required for basic use
+- `NVD_API_KEY` (optional) — free at https://nvd.nist.gov/developers/request-an-api-key