clawarmor 1.1.0

package/lib/scanner/skill-md-scanner.js

@@ -0,0 +1,121 @@
+// ClawArmor v0.6 — SKILL.md natural language instruction scanner
+// Detects dangerous instructions embedded in skill markdown files.
+// Built-in skills: INFO severity. User-installed: HIGH severity.
+
+import { readFileSync } from 'fs';
+import { basename } from 'path';
+
+// Each pattern: { id, regex, title, description }
+const DANGEROUS_PATTERNS = [
+  {
+    id: 'skillmd.read_credentials',
+    regex: /read.*agent-accounts|agent-accounts.*read/i,
+    title: 'Instruction to read credential file',
+    description: 'Instructs the agent to read agent-accounts.json, which contains API keys and bot tokens.',
+  },
+  {
+    id: 'skillmd.system_prompt_override',
+    regex: /ignore.*system.?prompt|override.*system.?prompt|bypass.*system.?prompt/i,
+    title: 'System prompt override attempt',
+    description: 'Attempts to override or ignore the agent\'s system-level safety instructions.',
+  },
+  {
+    id: 'skillmd.exfil',
+    regex: /send.*credentials|exfiltrate|steal.*token|steal.*key|steal.*password/i,
+    title: 'Data theft instruction',
+    description: 'Instructs the agent to send, steal, or exfiltrate credentials or secrets.',
+  },
+  {
+    id: 'skillmd.context_injection',
+    regex: /always.*include.*in.*(?:every|all).*response|append.*to.*every.*response|inject.*into.*every/i,
+    title: 'Persistent context injection',
+    description: 'Instructs the agent to append content to every response — persistent prompt injection.',
+  },
+  {
+    id: 'skillmd.deception',
+    regex: /do not.*tell.*user|don.t.*mention.*to.*user|keep.*secret.*from.*user|hide.*from.*user/i,
+    title: 'Deception instruction (hide from user)',
+    description: 'Instructs the agent to conceal information or actions from the user.',
+  },
+  {
+    id: 'skillmd.hardcoded_ip',
+    regex: /fetch.*\b(https?):\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/i,
+    title: 'Hardcoded IP fetch instruction',
+    description: 'Instructs the agent to fetch from a hardcoded IP address — potential exfiltration endpoint.',
+  },
+  {
+    id: 'skillmd.shell_exec',
+    regex: /execute.*(?:command|shell|bash|sh)\b|run.*shell.*command|spawn.*(?:process|subprocess)/i,
+    title: 'Shell execution instruction',
+    description: 'Instructs the agent to execute shell commands — could enable arbitrary code execution.',
+  },
+  {
+    id: 'skillmd.fs_write',
+    regex: /write.*to.*(?:file|disk|filesystem)|modify.*(?:config|configuration|settings).*file/i,
+    title: 'Filesystem modification instruction',
+    description: 'Instructs the agent to write files or modify config — potential persistent compromise.',
+  },
+];
+
+// Scan a single SKILL.md file content
+export function scanSkillMd(filePath, content, isBuiltin) {
+  const findings = [];
+  const lines = content.split('\n');
+
+  for (const pattern of DANGEROUS_PATTERNS) {
+    const regex = new RegExp(pattern.regex.source, 'gi');
+    let m;
+    const matches = [];
+    while ((m = regex.exec(content)) !== null) {
+      const lineNum = content.substring(0, m.index).split('\n').length;
+      const lineText = lines[lineNum - 1]?.trim() || '';
+      // Skip lines that are clearly comments or code fences showing examples
+      if (lineText.startsWith('```') || lineText.startsWith('//') || lineText.startsWith('#!')) continue;
+      // Skip if this looks like documentation warning about the pattern (not instructing it)
+      if (/do not|don't|never|avoid|dangerous|warning|caution|example of/i.test(
+        lines.slice(Math.max(0, lineNum - 2), lineNum).join(' ')
+      )) continue;
+      matches.push({ line: lineNum, snippet: lineText.substring(0, 120) });
+      if (matches.length >= 3) break;
+    }
+
+    if (!matches.length) continue;
+
+    findings.push({
+      patternId: pattern.id,
+      severity: isBuiltin ? 'INFO' : 'HIGH',
+      title: pattern.title,
+      description: pattern.description,
+      file: filePath,
+      matches,
+      note: isBuiltin
+        ? 'Built-in skill — review only if recently updated or unexpected.'
+        : 'User-installed skill — treat dangerous instructions as HIGH risk.',
+    });
+  }
+
+  return findings;
+}
+
+// Find all SKILL.md files within a skill directory's file list
+export function getSkillMdFiles(files) {
+  return files.filter(f => basename(f).toLowerCase() === 'skill.md');
+}
+
+// Scan all SKILL.md files for a skill
+export function scanSkillMdFiles(skillFiles, isBuiltin) {
+  const results = [];
+  const mdFiles = getSkillMdFiles(skillFiles);
+
+  for (const filePath of mdFiles) {
+    let content;
+    try { content = readFileSync(filePath, 'utf8'); }
+    catch { continue; }
+    if (content.length > 200_000) continue;
+
+    const findings = scanSkillMd(filePath, content, isBuiltin);
+    if (findings.length) results.push({ filePath, findings });
+  }
+
+  return results;
+}

package/lib/trend.js

@@ -0,0 +1,180 @@
+// ClawArmor v1.1.0 — trend command
+// Shows score over last N audits as an ASCII line chart.
+
+import { paint } from './output/colors.js';
+import { loadHistory } from './audit.js';
+
+const SEP = paint.dim('─'.repeat(52));
+const W52 = 52;
+
+function box(title) {
+  const pad = W52 - 2 - title.length;
+  const l = Math.floor(pad/2), r = pad - l;
+  return [
+    paint.dim('╔' + '═'.repeat(W52-2) + '╗'),
+    paint.dim('║') + ' '.repeat(l) + paint.bold(title) + ' '.repeat(r) + paint.dim('║'),
+    paint.dim('╚' + '═'.repeat(W52-2) + '╝'),
+  ].join('\n');
+}
+
+function scoreColor(score) {
+  if (score >= 90) return paint.green;
+  if (score >= 75) return s => paint.pass ? paint.pass(s) : s;
+  if (score >= 60) return paint.yellow;
+  return paint.red;
+}
+
+function formatDate(iso) {
+  const d = new Date(iso);
+  return d.toLocaleDateString('en-US', { month: 'short', day: 'numeric' });
+}
+
+// Build ASCII line chart from score data points
+// chartWidth: number of columns, chartHeight: number of rows
+function buildChart(scores, chartWidth = 36, chartHeight = 8) {
+  if (!scores.length) return [];
+  const minScore = 0;
+  const maxScore = 100;
+  const range = maxScore - minScore;
+
+  // Map each score to a row (0 = bottom, chartHeight-1 = top)
+  function scoreToRow(s) {
+    return Math.round(((s - minScore) / range) * (chartHeight - 1));
+  }
+
+  // Build a 2D grid: rows[row][col]
+  const grid = Array.from({ length: chartHeight }, () => Array(chartWidth).fill(' '));
+
+  // Place points and draw connecting lines
+  const n = scores.length;
+  const colStep = n === 1 ? 0 : (chartWidth - 1) / (n - 1);
+
+  for (let i = 0; i < n; i++) {
+    const col = Math.round(i * colStep);
+    const row = chartHeight - 1 - scoreToRow(scores[i]);
+
+    if (i > 0) {
+      const prevCol = Math.round((i - 1) * colStep);
+      const prevRow = chartHeight - 1 - scoreToRow(scores[i - 1]);
+      // Draw line between previous and current point
+      const dc = col - prevCol;
+      const dr = row - prevRow;
+      const steps = Math.max(Math.abs(dc), Math.abs(dr), 1);
+      for (let s = 0; s <= steps; s++) {
+        const ic = Math.round(prevCol + (dc * s) / steps);
+        const ir = Math.round(prevRow + (dr * s) / steps);
+        if (ic >= 0 && ic < chartWidth && ir >= 0 && ir < chartHeight) {
+          if (grid[ir][ic] === ' ') {
+            // Choose connecting character based on direction
+            if (dr === 0) grid[ir][ic] = '─';
+            else if (dc === 0) grid[ir][ic] = '│';
+            else if ((dr < 0 && dc > 0) || (dr > 0 && dc < 0)) grid[ir][ic] = '╯';
+            else grid[ir][ic] = '╭';
+          }
+        }
+      }
+    }
+    // Place data point (overwrite connection chars)
+    const r2 = chartHeight - 1 - scoreToRow(scores[i]);
+    if (col >= 0 && col < chartWidth && r2 >= 0 && r2 < chartHeight) {
+      grid[r2][col] = '●';
+    }
+  }
+
+  return grid;
+}
+
+export async function runTrend(flags = {}) {
+  const N = flags.n || 10;
+  const history = loadHistory();
+
+  console.log(''); console.log(box('ClawArmor Trend  v1.1.0')); console.log('');
+
+  if (!history.length) {
+    console.log(`  ${paint.dim('No audit history yet.')}`);
+    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor audit')} ${paint.dim('to start tracking your score.')}`);
+    console.log('');
+    return 0;
+  }
+
+  const recent = history.slice(-N);
+  const scores = recent.map(h => h.score);
+  const first = scores[0];
+  const last = scores[scores.length - 1];
+  const delta = last - first;
+
+  console.log(`  ${paint.dim('Last')} ${paint.bold(String(recent.length))} ${paint.dim('audit' + (recent.length !== 1 ? 's' : ''))}`);
+  console.log('');
+
+  if (recent.length === 1) {
+    const sc = scoreColor(last);
+    console.log(`  ${paint.dim('Score:')} ${sc(String(last) + '/100')}  ${paint.dim('(only one audit — run more to see trend)')}`);
+    console.log('');
+    return 0;
+  }
+
+  // Build chart
+  const CHART_W = 36;
+  const CHART_H = 8;
+  const grid = buildChart(scores, CHART_W, CHART_H);
+
+  // Y-axis labels: 0, 25, 50, 75, 100
+  const yLabels = [100, 75, 50, 25, 0];
+
+  // Print chart with Y-axis
+  for (let row = 0; row < CHART_H; row++) {
+    // Find nearest y label for this row
+    const scoreAtRow = Math.round(100 - (row / (CHART_H - 1)) * 100);
+    const showLabel = yLabels.includes(scoreAtRow);
+    const label = showLabel ? String(scoreAtRow).padStart(3) : '   ';
+    const line = grid[row].join('');
+    // Color the chart line
+    const colored = line.replace(/●/g, paint.cyan('●'));
+    console.log(`  ${paint.dim(label)} ${paint.dim('┤')} ${colored}`);
+  }
+
+  // X-axis
+  const xAxis = '─'.repeat(CHART_W + 2);
+  console.log(`      ${paint.dim('└' + xAxis)}`);
+
+  // Date labels: first and last
+  const dateFirst = formatDate(recent[0].timestamp);
+  const dateLast = formatDate(recent[recent.length - 1].timestamp);
+  const dateGap = Math.max(0, CHART_W - dateFirst.length - dateLast.length + 2);
+  console.log(`      ${paint.dim(dateFirst)}${' '.repeat(dateGap)}${paint.dim(dateLast)}`);
+
+  console.log('');
+
+  // Summary line
+  const deltaStr = delta > 0 ? paint.green(`+${delta}`) : delta < 0 ? paint.red(String(delta)) : paint.dim('±0');
+  const sc = scoreColor(last);
+  console.log(`  ${paint.dim('Current score:')} ${sc(String(last) + '/100')}`);
+
+  if (recent.length > 1) {
+    if (delta === 0) {
+      console.log(`  ${paint.dim('Score unchanged since first audit.')}`);
+    } else {
+      const word = delta > 0 ? 'improved' : 'dropped';
+      console.log(`  Score ${word} ${deltaStr} ${paint.dim('points since')} ${paint.dim(formatDate(recent[0].timestamp))}.`);
+    }
+  }
+
+  // Show per-audit table if ≤ 7 entries
+  if (recent.length <= 7) {
+    console.log('');
+    console.log(SEP);
+    console.log(`  ${paint.dim('Date')}              ${paint.dim('Score')}  ${paint.dim('Grade')}  ${paint.dim('Issues')}`);
+    console.log(SEP);
+    for (const h of recent) {
+      const sc2 = scoreColor(h.score);
+      const date = formatDate(h.timestamp).padEnd(16);
+      const score = sc2(String(h.score).padStart(3) + '/100');
+      const grade = h.grade || '-';
+      const issues = h.findings > 0 ? paint.yellow(String(h.findings)) : paint.green('0');
+      console.log(`  ${paint.dim(date)}  ${score}   ${grade}      ${issues}`);
+    }
+  }
+
+  console.log('');
+  return 0;
+}

package/lib/verify.js

@@ -0,0 +1,149 @@
+// ClawArmor v1.1.0 — verify command
+// Re-runs only the checks that failed in the LAST audit run.
+// Reads failed check IDs from ~/.clawarmor/history.json.
+
+import { loadConfig } from './config.js';
+import { paint, severityColor } from './output/colors.js';
+import { loadHistory } from './audit.js';
+import { probeGatewayLive } from './probes/gateway-probe.js';
+import gatewayChecks from './checks/gateway.js';
+import filesystemChecks from './checks/filesystem.js';
+import channelChecks from './checks/channels.js';
+import authChecks from './checks/auth.js';
+import toolChecks from './checks/tools.js';
+import versionChecks from './checks/version.js';
+import hooksChecks from './checks/hooks.js';
+import allowFromChecks from './checks/allowfrom.js';
+
+const SEP = paint.dim('─'.repeat(52));
+const W52 = 52;
+
+const PROBE_IDS = new Set([
+  'probe.gateway_running', 'probe.network_exposed', 'probe.ws_auth',
+  'probe.health_leak', 'probe.cors',
+]);
+
+function box(title) {
+  const pad = W52 - 2 - title.length;
+  const l = Math.floor(pad/2), r = pad - l;
+  return [
+    paint.dim('╔' + '═'.repeat(W52-2) + '╗'),
+    paint.dim('║') + ' '.repeat(l) + paint.bold(title) + ' '.repeat(r) + paint.dim('║'),
+    paint.dim('╚' + '═'.repeat(W52-2) + '╝'),
+  ].join('\n');
+}
+
+function buildCheckMap(staticResults, liveResults) {
+  const map = new Map();
+  for (const r of [...staticResults, ...liveResults]) {
+    if (r.id) map.set(r.id, r);
+  }
+  return map;
+}
+
+export async function runVerify() {
+  const history = loadHistory();
+
+  console.log(''); console.log(box('ClawArmor Verify  v1.1.0')); console.log('');
+
+  if (!history.length) {
+    console.log(`  ${paint.dim('No audit history found — running full audit.')}`);
+    console.log('');
+    const { runAudit } = await import('./audit.js');
+    return runAudit();
+  }
+
+  const last = history[history.length - 1];
+  const failedIds = last.failedIds || [];
+
+  if (!failedIds.length) {
+    console.log(`  ${paint.green('✓')} Last audit had no failures — nothing to re-check.`);
+    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor audit')} ${paint.dim('for a fresh full audit.')}`);
+    console.log('');
+    return 0;
+  }
+
+  console.log(`  ${paint.dim('Last audit:')} ${new Date(last.timestamp).toLocaleString('en-US',{dateStyle:'medium',timeStyle:'short'})}`);
+  console.log(`  ${paint.cyan('Re-checking')} ${paint.bold(String(failedIds.length))} ${paint.dim('previously failed item' + (failedIds.length>1?'s':'') + '...')}`);
+  console.log('');
+
+  const { config, error } = loadConfig();
+  if (error) {
+    console.log(`  ${paint.red('✗')} ${error}`); console.log(''); return 2;
+  }
+
+  // Run all checks
+  const allStaticChecks = [
+    ...gatewayChecks, ...filesystemChecks, ...channelChecks,
+    ...authChecks, ...toolChecks, ...versionChecks, ...hooksChecks,
+    ...allowFromChecks,
+  ];
+
+  const staticResults = [];
+  for (const check of allStaticChecks) {
+    try { staticResults.push(await check(config)); }
+    catch (e) { staticResults.push({ id:'err', severity:'LOW', passed:true, passedMsg:`Check error: ${e.message}` }); }
+  }
+
+  let liveResults = [];
+  const needsLive = failedIds.some(id => PROBE_IDS.has(id));
+  if (needsLive) {
+    try { liveResults = await probeGatewayLive(config); }
+    catch { liveResults = []; }
+  }
+
+  const checkMap = buildCheckMap(staticResults, liveResults);
+
+  const nowPassed = [];
+  const stillFailed = [];
+
+  for (const id of failedIds) {
+    const result = checkMap.get(id);
+    if (!result) {
+      // Check not found in this run (may have been removed) — treat as passed
+      nowPassed.push({ id, title: id, passedMsg: 'Check no longer applicable' });
+      continue;
+    }
+    if (result.passed) nowPassed.push(result);
+    else stillFailed.push(result);
+  }
+
+  console.log(SEP);
+  if (nowPassed.length) {
+    console.log(`  ${paint.green('FIXED')}${paint.dim('  ('+nowPassed.length+')')}`);
+    console.log(SEP);
+    for (const r of nowPassed) {
+      console.log(`  ${paint.green('✓')} ${paint.dim(r.passedMsg || r.title || r.id)}`);
+    }
+    console.log('');
+  }
+
+  if (stillFailed.length) {
+    console.log(SEP);
+    console.log(`  ${paint.red('STILL FAILING')}${paint.dim('  ('+stillFailed.length+')')}`);
+    console.log(SEP);
+    for (const f of stillFailed) {
+      console.log('');
+      const sc = severityColor[f.severity] || paint.dim;
+      console.log(`  ${paint.red('✗')} ${sc('['+f.severity+']')} ${paint.bold(f.title)}`);
+      for (const line of (f.description||'').split('\n'))
+        console.log(`    ${paint.dim(line)}`);
+      if (f.fix) {
+        const lines = f.fix.split('\n');
+        console.log('');
+        console.log(`    ${paint.cyan('Fix:')} ${lines[0]}`);
+        for (let i=1;i<lines.length;i++) console.log(`         ${lines[i]}`);
+      }
+    }
+    console.log('');
+    console.log(SEP);
+    console.log(`  ${stillFailed.length} item${stillFailed.length>1?'s':''} still failing.`);
+  } else {
+    console.log(SEP);
+    console.log(`  ${paint.green('✓')} ${paint.bold('All previously-failed checks now pass!')}`);
+    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor audit')} ${paint.dim('for a complete re-scan.')}`);
+  }
+  console.log('');
+
+  return stillFailed.length > 0 ? 1 : 0;
+}

package/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "clawarmor",
+  "version": "1.1.0",
+  "description": "Security armor for OpenClaw agents — audit, scan, monitor",
+  "bin": {
+    "clawarmor": "./cli.js"
+  },
+  "type": "module",
+  "engines": {
+    "node": ">=18"
+  },
+  "scripts": {
+    "start": "node cli.js"
+  },
+  "keywords": [
+    "openclaw",
+    "security",
+    "hardening",
+    "audit",
+    "agent",
+    "clawarmor"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/pinzasai/clawarmor"
+  },
+  "homepage": "https://clawarmor.dev"
+}