clawarmor 1.1.0 → 2.0.0-alpha.2

package/lib/prescan.js

@@ -0,0 +1,167 @@
+// ClawArmor v2.0 — Pre-scan a skill before installing
+// Downloads the npm package to a temp dir, scans it with the full
+// ClawArmor scanner, and exits 1 (blocks install) only on CRITICAL findings.
+
+import { mkdirSync, rmSync, readdirSync } from 'fs';
+import { join } from 'path';
+import { tmpdir } from 'os';
+import { execSync } from 'child_process';
+import { scanFile } from './scanner/file-scanner.js';
+import { scanSkillMdFiles } from './scanner/skill-md-scanner.js';
+import { paint, severityColor } from './output/colors.js';
+import { append } from './audit-log.js';
+
+const SEP = paint.dim('─'.repeat(52));
+
+function getAllFiles(dir, files = []) {
+  try {
+    for (const e of readdirSync(dir, { withFileTypes: true })) {
+      if (e.name.startsWith('.') || e.name === 'node_modules' || e.name === '__pycache__') continue;
+      const fp = join(dir, e.name);
+      if (e.isDirectory()) getAllFiles(fp, files);
+      else files.push(fp);
+    }
+  } catch { /* permission denied */ }
+  return files;
+}
+
+function cleanupTmp(dir) {
+  try { rmSync(dir, { recursive: true, force: true }); } catch { /* non-fatal */ }
+}
+
+export async function runPrescan(skillName) {
+  console.log('');
+  console.log(`  ${paint.bold('ClawArmor Prescan')} — ${paint.cyan(skillName)}`);
+  console.log(`  ${paint.dim('Fetching package from npm registry...')}`);
+  console.log('');
+
+  const tmpDir = join(tmpdir(), `clawarmor-prescan-${Date.now()}`);
+  mkdirSync(tmpDir, { recursive: true });
+
+  // ── Step 1: Download via npm pack ─────────────────────────────────────────
+  let tarball;
+  try {
+    execSync(`npm pack ${skillName}`, {
+      cwd: tmpDir,
+      timeout: 30000,
+      stdio: ['ignore', 'pipe', 'ignore'],
+    });
+    const tarballs = readdirSync(tmpDir).filter(f => f.endsWith('.tgz'));
+    if (!tarballs.length) throw new Error('npm pack produced no tarball');
+    tarball = join(tmpDir, tarballs[0]);
+  } catch {
+    cleanupTmp(tmpDir);
+    console.log(`  ${paint.dim('ℹ')}  Could not fetch skill for scanning`);
+    console.log(`     ${paint.dim('(package not found or network error — install not blocked)')}`);
+    console.log('');
+    return 0;
+  }
+
+  // ── Step 2: Extract tarball ────────────────────────────────────────────────
+  const extractDir = join(tmpDir, 'extracted');
+  mkdirSync(extractDir, { recursive: true });
+  try {
+    execSync(`tar -xzf "${tarball}" -C "${extractDir}"`, {
+      timeout: 15000,
+      stdio: ['ignore', 'ignore', 'ignore'],
+    });
+  } catch {
+    cleanupTmp(tmpDir);
+    console.log(`  ${paint.dim('ℹ')}  Could not extract skill package — install not blocked`);
+    console.log('');
+    return 0;
+  }
+
+  // ── Step 3: Collect all files ──────────────────────────────────────────────
+  const allFiles = getAllFiles(extractDir);
+  console.log(`  ${paint.dim('Scanning')} ${allFiles.length} file${allFiles.length !== 1 ? 's' : ''}...`);
+  console.log('');
+
+  // ── Step 4: Run ClawArmor scanners ────────────────────────────────────────
+  // Not a built-in — treat as third-party (isBuiltin = false)
+  const codeFindings = allFiles.flatMap(f => scanFile(f, false));
+  const mdResults = scanSkillMdFiles(allFiles, false);
+  const mdFindings = mdResults.flatMap(r => r.findings);
+  const allFindings = [...codeFindings, ...mdFindings];
+
+  const criticals = allFindings.filter(f => f.severity === 'CRITICAL');
+  const highs = allFindings.filter(f => f.severity === 'HIGH');
+  const mediums = allFindings.filter(f => f.severity === 'MEDIUM');
+  const lows = allFindings.filter(f => f.severity === 'LOW' || f.severity === 'INFO');
+
+  // ── Cleanup (always) ──────────────────────────────────────────────────────
+  cleanupTmp(tmpDir);
+
+  // ── Audit log ─────────────────────────────────────────────────────────────
+  append({
+    cmd: 'prescan',
+    trigger: 'prescan',
+    score: null,
+    delta: null,
+    findings: allFindings.map(f => ({ id: f.patternId || f.id || '?', severity: f.severity })),
+    blocked: criticals.length > 0,
+    skill: skillName,
+  });
+
+  // ── Output ────────────────────────────────────────────────────────────────
+  if (!allFindings.length) {
+    console.log(`  ${paint.green('✓')} ClawArmor prescan: clean — 0 findings`);
+    console.log('');
+    return 0;
+  }
+
+  // CRITICAL → print details, block install (exit 1)
+  if (criticals.length) {
+    console.log(SEP);
+    console.log(`  ${paint.red('✗')} ${paint.bold(`CRITICAL (${criticals.length}) — install blocked`)}`);
+    console.log(SEP);
+    for (const f of criticals) {
+      console.log('');
+      console.log(`  ${paint.red('✗')} ${(severityColor['CRITICAL'] || paint.red)('[CRITICAL]')} ${paint.bold(f.title)}`);
+      console.log(`    ${paint.dim(f.description || '')}`);
+      for (const m of (f.matches || []).slice(0, 2)) {
+        console.log(`    ${paint.dim('→')} ${paint.cyan(':' + m.line)}  ${paint.dim(m.snippet)}`);
+      }
+    }
+
+    if (highs.length || mediums.length) {
+      console.log('');
+      const extra = [];
+      if (highs.length) extra.push(`${highs.length} HIGH`);
+      if (mediums.length) extra.push(`${mediums.length} MEDIUM`);
+      console.log(`  ${paint.yellow('!')} Additional: ${extra.join(', ')} (fix criticals first)`);
+    }
+
+    console.log('');
+    console.log(`  ${paint.red('✗')} Skill blocked. Do NOT install ${paint.bold(skillName)}.`);
+    console.log('');
+    return 1;
+  }
+
+  // HIGH → warn, allow install
+  if (highs.length) {
+    console.log(SEP);
+    console.log(`  ${paint.yellow('⚠')} ${paint.bold(`HIGH (${highs.length}) — review before using`)}`);
+    console.log(SEP);
+    for (const f of highs) {
+      console.log('');
+      console.log(`  ${paint.yellow('!')} ${(severityColor['HIGH'] || paint.yellow)('[HIGH]')} ${paint.bold(f.title)}`);
+      console.log(`    ${paint.dim(f.description || '')}`);
+      for (const m of (f.matches || []).slice(0, 2)) {
+        console.log(`    ${paint.dim('→')} ${paint.cyan(':' + m.line)}  ${paint.dim(m.snippet)}`);
+      }
+    }
+    console.log('');
+  }
+
+  // MEDIUM/LOW → summary line only
+  if (mediums.length || lows.length) {
+    const parts = [];
+    if (mediums.length) parts.push(`${mediums.length} medium`);
+    if (lows.length) parts.push(`${lows.length} low/info`);
+    console.log(`  ${paint.dim('ℹ')}  ${parts.join(', ')} additional finding${(mediums.length + lows.length) > 1 ? 's' : ''} (review manually)`);
+    console.log('');
+  }
+
+  return 0;
+}

package/lib/protect.js

@@ -0,0 +1,333 @@
+// clawarmor protect — Install/uninstall/status the full ClawArmor guard system.
+// --install:   writes hook files, adds shell intercept, starts watch daemon
+// --uninstall: reverses all of the above cleanly
+// --status:    shows current state without modifying anything
+
+import {
+  existsSync, mkdirSync, readFileSync, writeFileSync, unlinkSync, readdirSync, rmSync,
+} from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { spawnSync } from 'child_process';
+import { watchDaemonStatus } from './watch.js';
+
+const HOME = homedir();
+const OC_DIR = join(HOME, '.openclaw');
+const CLAWARMOR_DIR = join(HOME, '.clawarmor');
+const HOOKS_DIR = join(OC_DIR, 'hooks');
+const GUARD_HOOK_DIR = join(HOOKS_DIR, 'clawarmor-guard');
+const CLI_PATH = new URL('../cli.js', import.meta.url).pathname;
+
+const SHELL_FUNCTION = `
+# ClawArmor intercept — added by: clawarmor protect --install
+# Wraps 'openclaw clawhub install' to scan skills before activation.
+openclaw() {
+  if [ "$1" = "clawhub" ] && [ "$2" = "install" ] && [ -n "$3" ]; then
+    echo "ClawArmor: scanning $3 before install..."
+    clawarmor prescan "$3" || { echo "Blocked by ClawArmor. Use --force to override."; return 1; }
+  fi
+  command openclaw "$@"
+}
+# End ClawArmor intercept
+`;
+
+const SHELL_MARKER_START = '# ClawArmor intercept — added by: clawarmor protect --install';
+const SHELL_MARKER_END = '# End ClawArmor intercept';
+
+const HOOK_MD = `---
+name: clawarmor-guard
+description: Runs a silent security audit on gateway startup and alerts on regressions
+events:
+  - gateway:startup
+requires:
+  bins:
+    - clawarmor
+---
+
+# clawarmor-guard
+
+Fires on every gateway startup. Runs \`clawarmor audit --json\` in the background,
+compares the score to the last known baseline, and alerts the agent if the score
+drops by 5 or more points, or if a new CRITICAL finding appears.
+
+Install with: \`clawarmor protect --install\`
+`;
+
+const HANDLER_JS = `// clawarmor-guard hook handler
+// Fires on gateway:startup. Silent unless score drops or CRITICAL finding appears.
+// No external dependencies.
+
+import { spawnSync } from 'child_process';
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+
+const HOME = homedir();
+const CLAWARMOR_DIR = join(HOME, '.clawarmor');
+const LAST_SCORE_FILE = join(CLAWARMOR_DIR, 'last-score.json');
+
+function readLastScore() {
+  try {
+    if (existsSync(LAST_SCORE_FILE)) return JSON.parse(readFileSync(LAST_SCORE_FILE, 'utf8'));
+  } catch {}
+  return null;
+}
+
+function writeLastScore(data) {
+  try {
+    mkdirSync(CLAWARMOR_DIR, { recursive: true });
+    writeFileSync(LAST_SCORE_FILE, JSON.stringify(data, null, 2), 'utf8');
+  } catch {}
+}
+
+function runAuditJson() {
+  try {
+    const result = spawnSync('clawarmor', ['audit', '--json'], {
+      encoding: 'utf8',
+      timeout: 30000,
+      maxBuffer: 1024 * 1024,
+    });
+    if (result.stdout) {
+      const jsonStart = result.stdout.indexOf('{');
+      if (jsonStart !== -1) return JSON.parse(result.stdout.slice(jsonStart));
+    }
+  } catch {}
+  return null;
+}
+
+// Main hook entry point — called by openclaw on gateway:startup
+export default async function handler(event) {
+  let auditResult;
+  try {
+    auditResult = runAuditJson();
+  } catch (e) {
+    // If clawarmor itself fails, don't block startup
+    return;
+  }
+
+  if (!auditResult) return;
+
+  const newScore = auditResult.score ?? null;
+  const lastState = readLastScore();
+  const lastScore = lastState?.score ?? null;
+  const isFirstRun = lastScore === null;
+
+  if (newScore !== null) {
+    if (isFirstRun) {
+      writeLastScore({ score: newScore, grade: auditResult.grade, timestamp: new Date().toISOString() });
+      // First run — establish baseline silently
+      return;
+    }
+
+    const drop = lastScore - newScore;
+    const newCriticals = (auditResult.failed || []).filter(f => f.severity === 'CRITICAL');
+    const hadCriticals = (lastState?.criticals || 0);
+    const newCriticalCount = newCriticals.length;
+
+    writeLastScore({
+      score: newScore,
+      grade: auditResult.grade,
+      criticals: newCriticalCount,
+      timestamp: new Date().toISOString(),
+    });
+
+    if (newCriticalCount > hadCriticals) {
+      // New CRITICAL finding — alert immediately
+      const names = newCriticals.map(f => f.id || f.title).join(', ');
+      console.error(\`[ClawArmor] CRITICAL security finding: \${names}\`);
+      console.error(\`[ClawArmor] Run: clawarmor audit   for details and fix commands.\`);
+      return;
+    }
+
+    if (drop >= 5) {
+      console.error(\`[ClawArmor] Security score dropped \${drop} points (\${lastScore} → \${newScore})\`);
+      console.error(\`[ClawArmor] Run: clawarmor audit   to see what changed.\`);
+    }
+    // Score improved or unchanged — no output (don't interrupt users with good news)
+  }
+}
+`;
+
+// ── Install ──────────────────────────────────────────────────────────────────
+
+function writeHookFiles() {
+  mkdirSync(GUARD_HOOK_DIR, { recursive: true });
+  writeFileSync(join(GUARD_HOOK_DIR, 'HOOK.md'), HOOK_MD, 'utf8');
+  writeFileSync(join(GUARD_HOOK_DIR, 'handler.js'), HANDLER_JS, 'utf8');
+}
+
+function removeHookFiles() {
+  if (!existsSync(GUARD_HOOK_DIR)) return false;
+  try {
+    rmSync(GUARD_HOOK_DIR, { recursive: true, force: true });
+    return true;
+  } catch { return false; }
+}
+
+function hookFilesExist() {
+  return existsSync(join(GUARD_HOOK_DIR, 'HOOK.md')) &&
+         existsSync(join(GUARD_HOOK_DIR, 'handler.js'));
+}
+
+// ── Shell function ────────────────────────────────────────────────────────────
+
+function shellFunctionPresent(rcPath) {
+  if (!existsSync(rcPath)) return false;
+  try {
+    return readFileSync(rcPath, 'utf8').includes(SHELL_MARKER_START);
+  } catch { return false; }
+}
+
+function injectShellFunction(rcPath) {
+  if (!existsSync(rcPath)) return false;
+  if (shellFunctionPresent(rcPath)) return true; // already there
+  try {
+    const existing = readFileSync(rcPath, 'utf8');
+    writeFileSync(rcPath, existing + '\n' + SHELL_FUNCTION, 'utf8');
+    return true;
+  } catch { return false; }
+}
+
+function removeShellFunction(rcPath) {
+  if (!existsSync(rcPath)) return false;
+  try {
+    const content = readFileSync(rcPath, 'utf8');
+    const start = content.indexOf(SHELL_MARKER_START);
+    const end = content.indexOf(SHELL_MARKER_END);
+    if (start === -1) return false;
+    const after = end !== -1 ? end + SHELL_MARKER_END.length : start;
+    const newContent = content.slice(0, start).trimEnd() + '\n' + content.slice(after + 1);
+    writeFileSync(rcPath, newContent, 'utf8');
+    return true;
+  } catch { return false; }
+}
+
+function startWatchDaemon() {
+  const result = spawnSync(process.execPath, [CLI_PATH, 'watch', '--daemon'], {
+    encoding: 'utf8',
+    timeout: 10000,
+    stdio: ['ignore', 'pipe', 'pipe'],
+  });
+  return result.status === 0;
+}
+
+// ── Public API ────────────────────────────────────────────────────────────────
+
+export async function runProtect(flags = {}) {
+  const zshrc = join(HOME, '.zshrc');
+  const bashrc = join(HOME, '.bashrc');
+
+  if (flags.install) {
+    console.log('\n  ClawArmor Protect — installing...\n');
+
+    // 1. Hook files
+    writeHookFiles();
+    console.log(`  ✓  Hook files written to: ~/.openclaw/hooks/clawarmor-guard/`);
+
+    // 2. Shell intercept
+    let shellInstalled = false;
+    if (injectShellFunction(zshrc)) {
+      console.log(`  ✓  Shell intercept added to ~/.zshrc`);
+      shellInstalled = true;
+    }
+    if (injectShellFunction(bashrc)) {
+      console.log(`  ✓  Shell intercept added to ~/.bashrc`);
+      shellInstalled = true;
+    }
+    if (!shellInstalled) {
+      console.log(`  !  No ~/.zshrc or ~/.bashrc found — shell intercept skipped`);
+    }
+
+    // 3. Start watch daemon
+    const daemonStarted = startWatchDaemon();
+    if (daemonStarted) {
+      console.log(`  ✓  Watch daemon started`);
+    } else {
+      console.log(`  !  Watch daemon could not be started automatically`);
+      console.log(`     Run manually: clawarmor watch --daemon`);
+    }
+
+    console.log('\n  ClawArmor Protect is now active.\n');
+    console.log(`  The guard hook fires on every gateway startup.`);
+    console.log(`  The watcher monitors config and skill changes in real time.`);
+    if (shellInstalled) {
+      console.log(`  Restart your shell (or: source ~/.zshrc) for the intercept to take effect.`);
+    }
+    console.log('');
+    return 0;
+  }
+
+  if (flags.uninstall) {
+    console.log('\n  ClawArmor Protect — uninstalling...\n');
+
+    // 1. Hook files
+    if (removeHookFiles()) {
+      console.log(`  ✓  Hook files removed`);
+    } else {
+      console.log(`  -  Hook files were not present`);
+    }
+
+    // 2. Shell function
+    let shellRemoved = false;
+    if (removeShellFunction(zshrc)) {
+      console.log(`  ✓  Shell intercept removed from ~/.zshrc`);
+      shellRemoved = true;
+    }
+    if (removeShellFunction(bashrc)) {
+      console.log(`  ✓  Shell intercept removed from ~/.bashrc`);
+      shellRemoved = true;
+    }
+    if (!shellRemoved) {
+      console.log(`  -  No shell intercept found to remove`);
+    }
+
+    // 3. Stop watch daemon
+    const { stopDaemon } = await import('./watch.js');
+    stopDaemon();
+
+    console.log('\n  ClawArmor Protect has been uninstalled.\n');
+    return 0;
+  }
+
+  if (flags.status) {
+    console.log('\n  ClawArmor Protect — Status\n');
+
+    // Hook files
+    const hookOk = hookFilesExist();
+    console.log(`  Hook (gateway:startup)   ${hookOk ? '✓ installed' : '✗ not installed'}`);
+
+    // Watch daemon
+    const daemon = watchDaemonStatus();
+    console.log(`  Watch daemon             ${daemon.running ? `● running  (PID ${daemon.pid})` : '○ not running'}`);
+
+    // Shell function
+    const inZsh = shellFunctionPresent(zshrc);
+    const inBash = shellFunctionPresent(bashrc);
+    if (inZsh || inBash) {
+      const where = [inZsh && '~/.zshrc', inBash && '~/.bashrc'].filter(Boolean).join(', ');
+      console.log(`  Shell intercept          ✓ active  (${where})`);
+    } else {
+      console.log(`  Shell intercept          ✗ not installed`);
+    }
+
+    const allActive = hookOk && daemon.running && (inZsh || inBash);
+    console.log('');
+    if (allActive) {
+      console.log(`  Full protection active.`);
+    } else {
+      console.log(`  Protection incomplete. Run: clawarmor protect --install`);
+    }
+    console.log('');
+    return 0;
+  }
+
+  // No flag — show usage
+  console.log('');
+  console.log(`  Usage: clawarmor protect [--install | --uninstall | --status]`);
+  console.log('');
+  console.log(`    --install    Install the guard hook, shell intercept, and watch daemon`);
+  console.log(`    --uninstall  Remove all ClawArmor protect components`);
+  console.log(`    --status     Show current protection state`);
+  console.log('');
+  return 0;
+}

package/lib/scan.js

@@ -2,6 +2,7 @@ import { paint, severityColor } from './output/colors.js';
 import { scanFile } from './scanner/file-scanner.js';
 import { findInstalledSkills } from './scanner/skill-finder.js';
 import { scanSkillMdFiles } from './scanner/skill-md-scanner.js';
+import { append as auditLogAppend } from './audit-log.js';
 
 const SEP = paint.dim('─'.repeat(52));
 const HOME = process.env.HOME || '';
@@ -33,6 +34,7 @@ export async function runScan() {
 
   let totalCritical = 0, totalHigh = 0;
   const flagged = [];
+  const auditFindings = []; // accumulated for audit log
 
   for (const skill of skills) {
     process.stdout.write(`  ${skill.isBuiltin ? paint.dim('⊙') : paint.cyan('▶')} ${paint.bold(skill.name)}${paint.dim(skill.isBuiltin?' [built-in]':' [user]')}...`);
@@ -45,6 +47,7 @@ export async function runScan() {
     const mdFindings = mdResults.flatMap(r => r.findings);
 
     const allFindings = [...codeFindings, ...mdFindings];
+    for (const f of allFindings) auditFindings.push({ id: f.patternId || f.id || '?', severity: f.severity });
 
     const critical = allFindings.filter(f => f.severity==='CRITICAL');
     const high = allFindings.filter(f => f.severity==='HIGH');
@@ -125,5 +128,16 @@ export async function runScan() {
   }
   console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor audit')} ${paint.dim('to check your config.')}`);
   console.log('');
+
+  auditLogAppend({
+    cmd: 'scan',
+    trigger: 'manual',
+    score: null,
+    delta: null,
+    findings: auditFindings,
+    blocked: null,
+    skill: null,
+  });
+
   return totalCritical > 0 ? 1 : 0;
 }

package/lib/scanner/file-scanner.js

@@ -1,7 +1,8 @@
 import { readFileSync } from 'fs';
-import { extname, basename } from 'path';
+import { extname } from 'path';
 import { CRITICAL_PATTERNS, HIGH_PATTERNS, MEDIUM_PATTERNS,
   SCANNABLE_EXTENSIONS, SKIP_EXTENSIONS, isSpawnInBinaryWrapper } from './patterns.js';
+import { scanForObfuscation } from './obfuscation.js';
 
 function getExt(p) { return extname(p).replace('.','').toLowerCase(); }
 
@@ -65,5 +66,10 @@ export function scanFile(filePath, isBuiltin = false) {
     findings.push({ patternId: pattern.id, severity, title: pattern.title,
       description: pattern.description, file: filePath, matches, note });
   }
+
+  // Obfuscation analysis (catches what naive grep misses)
+  const obfusFindings = scanForObfuscation(filePath, content, isBuiltin);
+  findings.push(...obfusFindings);
+
   return findings;
 }

package/lib/scanner/obfuscation.js

@@ -0,0 +1,130 @@
+// obfuscation.js — v1.2.0
+// Detects obfuscated code patterns that bypass naive string-grep analysis.
+// Zero external dependencies. Pure regex, adversarially reviewed.
+//
+// Targets:
+//   - String concatenation reassembly: 'ev'+'al', 'ex'+'ec'
+//   - Bracket property access with concat: obj['ex'+'ec']
+//   - Buffer.from(base64).toString() decode chains
+//   - eval(atob(...)) decode+exec
+//   - globalThis/global bracket access to dangerous names
+//   - ['constructor'] escape pattern
+//   - Unicode/hex escape sequences for dangerous keywords
+
+export const OBFUSCATION_PATTERNS = [
+  {
+    id: 'obfus-str-concat-eval',
+    severity: 'CRITICAL',
+    title: "String-concat 'eval' reassembly",
+    description: "Obfuscated eval via string concat: 'ev'+'al'. Bypasses naive keyword grep.",
+    note: 'Legitimate code rarely splits the word eval across string literals.',
+    regex: /'ev'\s*\+\s*'al'|"ev"\s*\+\s*"al"|'e'\s*\+\s*'val'|"e"\s*\+\s*"val"/,
+  },
+  {
+    id: 'obfus-str-concat-exec',
+    severity: 'HIGH',
+    title: "String-concat 'exec' reassembly",
+    description: "Obfuscated exec via string concat: 'ex'+'ec'. Common shell command injection prep.",
+    note: 'Legitimate code rarely splits exec across string literals.',
+    regex: /'ex'\s*\+\s*'ec'|"ex"\s*\+\s*"ec"|'e'\s*\+\s*'xec'|"e"\s*\+\s*"xec"/,
+  },
+  {
+    id: 'obfus-bracket-concat',
+    severity: 'HIGH',
+    title: 'Bracket property access via string concat',
+    description: "obj['ex'+'ec'] bypasses static method-name analysis. Common obfuscation technique.",
+    note: 'Legitimate code almost never accesses properties via concatenated string literals.',
+    regex: /\[\s*'[a-zA-Z]{1,5}'\s*\+\s*'[a-zA-Z]{1,5}'\s*\]|\[\s*"[a-zA-Z]{1,5}"\s*\+\s*"[a-zA-Z]{1,5}"\s*\]/,
+  },
+  {
+    id: 'obfus-buffer-base64',
+    severity: 'HIGH',
+    title: 'Buffer.from(base64).toString() decode chain',
+    description: "Decodes a base64 payload at runtime — common technique for hiding malicious code strings.",
+    note: 'May be legitimate for binary data handling, but unusual in skill files.',
+    regex: /Buffer\.from\((?:'[A-Za-z0-9+\/=]{20,}'|"[A-Za-z0-9+\/=]{20,}")\s*,\s*(?:'base64'|"base64")\)/,
+  },
+  {
+    id: 'obfus-atob-exec',
+    severity: 'CRITICAL',
+    title: 'eval(atob(...)) decode+execute',
+    description: "Decodes and executes a base64 string. Textbook obfuscation for hiding eval payloads.",
+    regex: /(?:eval|Function)\s*\(\s*atob\s*\(/,
+  },
+  {
+    id: 'obfus-globalthis-bracket',
+    severity: 'HIGH',
+    title: 'globalThis[...] bracket access',
+    description: "Accesses global scope via bracket notation — hides dangerous function names from static analysis.",
+    note: 'globalThis["eval"] is equivalent to eval but bypasses keyword scanners.',
+    regex: /globalThis\s*\[\s*['"][^'"]{1,30}['"]\s*\]|global\s*\[\s*['"][^'"]{1,30}['"]\s*\]/,
+  },
+  {
+    id: 'obfus-constructor-escape',
+    severity: 'CRITICAL',
+    title: "['constructor'] Function escape",
+    description: "Accesses Function constructor via bracket notation to execute arbitrary code strings.",
+    note: "Pattern: obj['constructor']('return process')(). Classic prototype escape.",
+    regex: /\[\s*['"]constructor['"]\s*\]/,
+  },
+  {
+    id: 'obfus-unicode-escape',
+    severity: 'HIGH',
+    title: 'Unicode escape for dangerous keyword',
+    description: "Uses \\u escapes to spell dangerous keywords: \\u0065val = eval. Bypasses string matching.",
+    regex: /\\u00(?:65|45)\\u00(?:76|56)\\u00(?:61|41)\\u00(?:6c|4c)|\\u0065\\u0076\\u0061\\u006c/i,
+  },
+  {
+    id: 'obfus-encoded-require',
+    severity: 'HIGH',
+    title: 'Encoded require() or import()',
+    description: "Calls require() or import() with a runtime-decoded string argument (atob, fromCharCode, etc.).",
+    regex: /(?:require|import)\s*\(\s*(?:atob|String\.fromCharCode|Buffer\.from)\s*\(/,
+  },
+];
+
+/**
+ * Scan file content for obfuscation patterns.
+ * Returns findings array (same shape as file-scanner.js output).
+ */
+export function scanForObfuscation(filePath, content, isBuiltin = false) {
+  const findings = [];
+  const lines = content.split('\n');
+
+  for (const pattern of OBFUSCATION_PATTERNS) {
+    const regex = new RegExp(pattern.regex.source, 'gi');
+    const matches = [];
+    let m;
+
+    while ((m = regex.exec(content)) !== null) {
+      const lineNum = content.substring(0, m.index).split('\n').length;
+      const line = lines[lineNum - 1]?.trim() || '';
+
+      // Skip comment lines
+      if (/^\s*(\/\/|#|\*|<!--)/.test(line)) continue;
+
+      matches.push({ line: lineNum, snippet: line.substring(0, 120) });
+      if (matches.length >= 3) break;
+    }
+
+    if (!matches.length) continue;
+
+    // Built-in skills: downgrade severity (still worth reporting but lower urgency)
+    let severity = pattern.severity;
+    if (isBuiltin) {
+      severity = severity === 'CRITICAL' ? 'MEDIUM' : 'LOW';
+    }
+
+    findings.push({
+      patternId: pattern.id,
+      severity,
+      title: pattern.title,
+      description: pattern.description,
+      note: pattern.note || null,
+      file: filePath,
+      matches,
+    });
+  }
+
+  return findings;
+}