clawarmor 2.1.0 → 2.2.1

package/README.md

@@ -40,6 +40,11 @@ clawarmor audit
 | `trend` | ASCII chart of your security score over time |
 | `compare` | Compare coverage vs openclaw security audit |
 | `fix` | Auto-apply safe fixes (--dry-run to preview, --apply to run) |
+| `snapshot` | Save a config snapshot manually (auto-saved before every harden/fix) |
+| `rollback` | Restore config from auto-snapshot (--list, --id <id>) |
+| `harden --monitor` | Enable monitor mode — observe before enforcing |
+| `harden --monitor-report` | Show what monitor mode has observed |
+| `harden --monitor-off` | Disable monitor mode |
 
 ## What it catches
 
@@ -56,6 +61,26 @@ clawarmor audit
 | Gateway exposure | TCP-connects to every non-loopback interface | Full |
 | Runtime policy enforcement | Requires a runtime layer (SupraWall) | None |
 
+## Safety features
+
+**Impact classification** — Every fix is tagged 🟢 Safe, 🟡 Caution, or 🔴 Breaking. `--auto` mode skips breaking changes unless you pass `--force`.
+
+**Config snapshots** — ClawArmor auto-saves your config before every `harden` or `fix` run. If something breaks, roll back instantly:
+
+```bash
+clawarmor rollback --list    # see all snapshots
+clawarmor rollback           # restore the latest
+clawarmor rollback --id <n>  # restore a specific one
+```
+
+**Monitor mode** — Observe what `harden` would do before enforcing:
+
+```bash
+clawarmor harden --monitor        # start monitoring
+clawarmor harden --monitor-report # see what it observed
+clawarmor harden --monitor-off    # stop monitoring
+```
+
 ## Philosophy
 
 ClawArmor runs entirely on your machine — no telemetry, no cloud, no accounts.

package/cli.js

@@ -3,7 +3,7 @@
 
 import { paint } from './lib/output/colors.js';
 
-const VERSION = '2.1.0';
+const VERSION = '2.2.0';
 const GATEWAY_PORT_DEFAULT = 18789;
 
 function isLocalhost(host) {
@@ -45,7 +45,8 @@ function usage() {
   console.log(`    ${paint.cyan('trend')}    Show score over last N audits (ASCII chart)`);
   console.log(`    ${paint.cyan('compare')}  Compare coverage vs openclaw security audit`);
   console.log(`    ${paint.cyan('fix')}      Auto-apply safe fixes (--dry-run to preview, --apply to run)`);
-  console.log(`    ${paint.cyan('harden')}   Interactive hardening wizard (--dry-run, --auto)`);
+  console.log(`    ${paint.cyan('harden')}   Interactive hardening wizard (--dry-run, --auto, --monitor)`);
+  console.log(`    ${paint.cyan('rollback')} Restore config from a snapshot (--list, --id <id>)`);
   console.log(`    ${paint.cyan('status')}   One-screen security posture dashboard`);
   console.log(`    ${paint.cyan('watch')}    Monitor config and skill changes in real time`);
   console.log(`    ${paint.cyan('protect')}  Install/uninstall/status the full guard system`);
@@ -203,11 +204,24 @@ if (cmd === 'harden') {
     dryRun: args.includes('--dry-run'),
     auto: args.includes('--auto'),
     force: args.includes('--force'),
+    monitor: args.includes('--monitor'),
+    monitorReport: args.includes('--monitor-report'),
+    monitorOff: args.includes('--monitor-off'),
   };
   const { runHarden } = await import('./lib/harden.js');
   process.exit(await runHarden(hardenFlags));
 }
 
+if (cmd === 'rollback') {
+  const idIdx = args.indexOf('--id');
+  const rollbackFlags = {
+    list: args.includes('--list'),
+    id: idIdx !== -1 ? args[idIdx + 1] : null,
+  };
+  const { runRollback } = await import('./lib/rollback.js');
+  process.exit(await runRollback(rollbackFlags));
+}
+
 if (cmd === 'status') {
   const { runStatus } = await import('./lib/status.js');
   process.exit(await runStatus());

package/lib/fix.js

@@ -1,13 +1,15 @@
 // clawarmor fix — auto-apply safe one-liner fixes
 // Now with impact classification: safe / caution / breaking
-import { readFileSync } from 'fs';
+import { readFileSync, existsSync, statSync } from 'fs';
 import { homedir } from 'os';
 import { join } from 'path';
 import { execSync, spawnSync } from 'child_process';
 import { paint } from './output/colors.js';
 import { loadConfig, get } from './config.js';
+import { saveSnapshot } from './snapshot.js';
 
-const HISTORY_PATH = join(homedir(), '.clawarmor', 'history.json');
+const HOME = homedir();
+const HISTORY_PATH = join(HOME, '.clawarmor', 'history.json');
 const SEP = paint.dim('─'.repeat(52));
 
 // Impact levels
@@ -97,6 +99,26 @@ const AUTO_FIXABLE = {
   },
 };
 
+function expandHome(p) {
+  return p.startsWith('~') ? HOME + p.slice(1) : p;
+}
+
+function collectFilePermissions(ids) {
+  const perms = {};
+  for (const id of ids) {
+    const f = AUTO_FIXABLE[id];
+    if (!f || !f.shell) continue;
+    const m = f.cmd.match(/^chmod\s+\d+\s+(.+)$/);
+    if (!m) continue;
+    const p = expandHome(m[1].trim());
+    try {
+      const mode = statSync(p).mode & 0o777;
+      perms[p] = mode.toString(8).padStart(3, '0');
+    } catch { /* file may not exist */ }
+  }
+  return perms;
+}
+
 function box(title) {
   const W=52, pad=W-2-title.length, l=Math.floor(pad/2), r=pad-l;
   return [paint.dim('╔'+'═'.repeat(W-2)+'╗'),
@@ -139,7 +161,7 @@ export async function runFix(flags = {}) {
   }
 
   // Load config for mainKey check
-  const { config: cfg } = loadConfig();
+  const { config: cfg, configPath } = loadConfig();
   const mainKey = get(cfg, 'agents.mainKey', 'main');
 
   console.log('');
@@ -176,6 +198,12 @@ export async function runFix(flags = {}) {
     console.log(''); return 0;
   }
 
+  // ── Snapshot before applying any fix ──────────────────────────────────────
+  const applyTrigger = flags.force ? 'fix --apply --force' : 'fix --apply';
+  const toApply = fixable.filter(id => flags.force || AUTO_FIXABLE[id].impact !== IMPACT.BREAKING);
+  const configContent = (() => { try { return readFileSync(configPath, 'utf8'); } catch { return null; } })();
+  saveSnapshot({ trigger: applyTrigger, configPath, configContent, filePermissions: collectFilePermissions(toApply), appliedFixes: toApply });
+
   // Apply fixes
   let applied = 0, failed = 0, skippedBreaking = 0, needsRestart = false;
   console.log(SEP);

package/lib/harden.js

@@ -13,6 +13,8 @@ import { createInterface } from 'readline';
 import { paint } from './output/colors.js';
 import { scoreToGrade, scoreColor, gradeColor } from './output/progress.js';
 import { loadConfig, get } from './config.js';
+import { saveSnapshot } from './snapshot.js';
+import { enableMonitor, disableMonitor, getMonitorStatus, printMonitorReport } from './monitor.js';
 
 const HOME = homedir();
 const OC_DIR = join(HOME, '.openclaw');
@@ -202,6 +204,23 @@ function getManualItems() {
   ];
 }
 
+// ── Collect current file permissions for shell chmod fixes ────────────────────
+
+function collectFilePermissions(fixes) {
+  const perms = {};
+  for (const fix of fixes) {
+    if (fix.type !== 'shell') continue;
+    const m = fix.action.match(/^chmod\s+\d+\s+(.+)$/);
+    if (!m) continue;
+    const p = m[1].trim();
+    try {
+      const mode = statSync(p).mode & 0o777;
+      perms[p] = mode.toString(8).padStart(3, '0');
+    } catch { /* file may not exist */ }
+  }
+  return perms;
+}
+
 // ── Print impact summary ──────────────────────────────────────────────────────
 
 function printImpactSummary(fixes) {
@@ -219,11 +238,44 @@ function printImpactSummary(fixes) {
 // ── Main export ───────────────────────────────────────────────────────────────
 
 export async function runHarden(flags = {}) {
+  // ── Monitor advisory flags (early return, no box) ──────────────────────────
+  if (flags.monitorOff) {
+    const ok = disableMonitor();
+    console.log('');
+    console.log(ok
+      ? `  ${paint.green('✓')} Monitor mode disabled.`
+      : `  ${paint.red('✗')} Failed to disable monitor mode.`);
+    console.log('');
+    return ok ? 0 : 1;
+  }
+
+  if (flags.monitorReport) {
+    const status = getMonitorStatus();
+    printMonitorReport(status);
+    return 0;
+  }
+
   console.log(''); console.log(box('ClawArmor Harden  v2.1')); console.log('');
 
-  const { config } = loadConfig();
+  const { config, configPath } = loadConfig();
   const fixes = buildFixes(config);
 
+  // ── Monitor enable (advisory only, no apply) ───────────────────────────────
+  if (flags.monitor) {
+    const fixIds = fixes.map(f => f.id);
+    const ok = enableMonitor(fixIds);
+    if (ok) {
+      console.log(`  ${paint.green('✓')} Monitor mode enabled.`);
+      console.log(`  ${paint.dim('Observing:')} ${fixIds.length ? fixIds.join(', ') : 'no current fixes found'}`);
+      console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor harden --monitor-report')} ${paint.dim('to see what would have changed.')}`);
+      console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor harden --monitor-off')} ${paint.dim('to disable.')}`);
+    } else {
+      console.log(`  ${paint.red('✗')} Failed to enable monitor mode.`);
+    }
+    console.log('');
+    return ok ? 0 : 1;
+  }
+
   // Snapshot before score
   const before = loadLastHistoryEntry();
   const beforeScore = before?.score ?? null;
@@ -306,6 +358,13 @@ export async function runHarden(flags = {}) {
   }
   console.log('');
 
+  // ── Snapshot before applying any fix ──────────────────────────────────────
+  const trigger = flags.auto
+    ? (flags.force ? 'harden --auto --force' : 'harden --auto')
+    : 'harden --interactive';
+  const configContent = (() => { try { return readFileSync(configPath, 'utf8'); } catch { return null; } })();
+  saveSnapshot({ trigger, configPath, configContent, filePermissions: collectFilePermissions(fixes), appliedFixes: fixes.map(f => f.id) });
+
   let applied = 0, skipped = 0, failed = 0, skippedBreaking = 0;
   const restartNotes = [];
 

package/lib/monitor.js

@@ -0,0 +1,131 @@
+// clawarmor monitor — Monitor mode state management and reporting.
+// Monitor state stored in ~/.clawarmor/monitor.json:
+//   { enabled: true, startedAt: ISO, fixes: [fix ids being monitored] }
+// Advisory only — no config changes are applied.
+
+import { existsSync, mkdirSync, readFileSync, writeFileSync, unlinkSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { paint } from './output/colors.js';
+
+const HOME = homedir();
+const CLAWARMOR_DIR = join(HOME, '.clawarmor');
+const MONITOR_FILE = join(CLAWARMOR_DIR, 'monitor.json');
+const AUDIT_LOG = join(CLAWARMOR_DIR, 'audit.log');
+
+const SEP = paint.dim('─'.repeat(52));
+
+/**
+ * Get current monitor mode status.
+ * @returns {{ enabled: boolean, startedAt?: string, fixes?: string[] }}
+ */
+export function getMonitorStatus() {
+  if (!existsSync(MONITOR_FILE)) return { enabled: false };
+  try { return JSON.parse(readFileSync(MONITOR_FILE, 'utf8')); } catch { return { enabled: false }; }
+}
+
+/**
+ * Enable monitor mode, recording the fix ids to observe.
+ * @param {string[]} fixIds
+ * @returns {boolean} success
+ */
+export function enableMonitor(fixIds = []) {
+  try {
+    if (!existsSync(CLAWARMOR_DIR)) mkdirSync(CLAWARMOR_DIR, { recursive: true });
+    const data = { enabled: true, startedAt: new Date().toISOString(), fixes: fixIds };
+    writeFileSync(MONITOR_FILE, JSON.stringify(data, null, 2), 'utf8');
+    return true;
+  } catch { return false; }
+}
+
+/**
+ * Disable monitor mode by removing the state file.
+ * @returns {boolean} success
+ */
+export function disableMonitor() {
+  try {
+    if (existsSync(MONITOR_FILE)) unlinkSync(MONITOR_FILE);
+    return true;
+  } catch { return false; }
+}
+
+/** @returns {Array<Object>} parsed audit log entries since given ISO timestamp */
+function readAuditsSince(sinceIso) {
+  if (!existsSync(AUDIT_LOG)) return [];
+  try {
+    const since = new Date(sinceIso).getTime();
+    return readFileSync(AUDIT_LOG, 'utf8')
+      .split('\n').filter(Boolean)
+      .map(l => { try { return JSON.parse(l); } catch { return null; } })
+      .filter(l => l && new Date(l.ts).getTime() >= since);
+  } catch { return []; }
+}
+
+/**
+ * Print a monitor mode report showing audit activity since monitoring started.
+ * @param {{ enabled: boolean, startedAt?: string, fixes?: string[] }} status
+ */
+export function printMonitorReport(status) {
+  console.log('');
+  console.log(`  ${paint.bold('Monitor Mode Report')}`);
+  console.log('');
+
+  if (!status.enabled || !status.startedAt) {
+    console.log(`  ${paint.dim('Monitor mode is not active.')}`);
+    console.log(`  ${paint.dim('Enable with:')} ${paint.cyan('clawarmor harden --monitor')}`);
+    console.log('');
+    return;
+  }
+
+  const monitoredFixes = status.fixes || [];
+  const audits = readAuditsSince(status.startedAt);
+
+  console.log(`  ${paint.dim('Started:')}      ${new Date(status.startedAt).toLocaleString()}`);
+  console.log(`  ${paint.dim('Monitoring:')}   ${monitoredFixes.length ? monitoredFixes.join(', ') : 'all available fixes'}`);
+  console.log(`  ${paint.dim('Audits run:')}   ${audits.length}`);
+  console.log('');
+
+  if (!audits.length) {
+    console.log(`  ${paint.dim('No audits found since monitoring started.')}`);
+    console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor audit')} ${paint.dim('to generate data.')}`);
+    console.log('');
+    return;
+  }
+
+  console.log(SEP);
+  console.log('');
+
+  const scores = audits.map(a => a.score).filter(s => typeof s === 'number');
+  if (scores.length >= 2) {
+    const delta = scores[scores.length - 1] - scores[0];
+    const deltaStr = delta > 0 ? paint.green(`+${delta}`) : delta < 0 ? paint.red(String(delta)) : paint.dim('±0');
+    console.log(`  ${paint.dim('Score change:')} ${scores[0]} → ${scores[scores.length - 1]} (${deltaStr})`);
+  } else if (scores.length === 1) {
+    console.log(`  ${paint.dim('Score observed:')} ${scores[0]}`);
+  }
+
+  let criticalCount = 0, highCount = 0;
+  for (const a of audits) {
+    if (Array.isArray(a.findings)) {
+      for (const f of a.findings) {
+        if (f.severity === 'CRITICAL') criticalCount++;
+        else if (f.severity === 'HIGH') highCount++;
+      }
+    }
+  }
+  if (criticalCount > 0 || highCount > 0) {
+    console.log(`  ${paint.dim('Findings:')}     ${paint.red(String(criticalCount) + ' critical')} ${paint.dim('·')} ${paint.yellow(String(highCount) + ' high')}`);
+  }
+
+  console.log('');
+
+  const lastScore = scores.length ? scores[scores.length - 1] : null;
+  if (lastScore !== null && lastScore < 75) {
+    console.log(`  ${paint.yellow('!')} ${paint.bold('Recommendation:')} Score is below 75. Consider applying fixes:`);
+    console.log(`     ${paint.dim('Run:')} ${paint.cyan('clawarmor harden')}`);
+  } else {
+    console.log(`  ${paint.green('✓')} Monitoring period looks stable.`);
+    console.log(`  ${paint.dim('When ready, apply fixes with:')} ${paint.cyan('clawarmor harden')}`);
+  }
+  console.log('');
+}

package/lib/rollback.js

@@ -0,0 +1,98 @@
+// clawarmor rollback — Restore config from a saved snapshot.
+//   clawarmor rollback           Restore most recent snapshot
+//   clawarmor rollback --list    List all available snapshots with details
+//   clawarmor rollback --id <id> Restore a specific snapshot by id
+
+import { paint } from './output/colors.js';
+import { listSnapshots, loadSnapshot, loadLatestSnapshot, restoreSnapshot } from './snapshot.js';
+
+const SEP = paint.dim('─'.repeat(52));
+
+function box(title) {
+  const W = 52, pad = W - 2 - title.length, l = Math.floor(pad / 2), r = pad - l;
+  return [
+    paint.dim('╔' + '═'.repeat(W - 2) + '╗'),
+    paint.dim('║') + ' '.repeat(l) + paint.bold(title) + ' '.repeat(r) + paint.dim('║'),
+    paint.dim('╚' + '═'.repeat(W - 2) + '╝'),
+  ].join('\n');
+}
+
+function fmtDate(isoString) {
+  if (!isoString) return 'unknown';
+  try { return new Date(isoString).toLocaleString(); } catch { return isoString; }
+}
+
+/**
+ * Main rollback command.
+ * @param {{ list?: boolean, id?: string }} flags
+ */
+export async function runRollback(flags = {}) {
+  console.log(''); console.log(box('ClawArmor Rollback')); console.log('');
+
+  // ── LIST mode ─────────────────────────────────────────────────────────────
+  if (flags.list) {
+    const snapshots = listSnapshots();
+    if (!snapshots.length) {
+      console.log(`  ${paint.dim('No snapshots found.')}`);
+      console.log(`  ${paint.dim('Snapshots are created automatically before every harden or fix run.')}`);
+      console.log('');
+      return 0;
+    }
+
+    console.log(`  ${paint.bold(String(snapshots.length))} snapshot${snapshots.length !== 1 ? 's' : ''} available:`);
+    console.log('');
+    for (const s of snapshots) {
+      const fixList = s.appliedFixes.length ? s.appliedFixes.join(', ') : 'no fixes recorded';
+      console.log(`  ${paint.cyan(s.id)}`);
+      console.log(`    ${paint.dim('Date:')}    ${fmtDate(s.timestamp)}`);
+      console.log(`    ${paint.dim('Trigger:')} ${s.trigger}`);
+      console.log(`    ${paint.dim('Fixes:')}   ${fixList}`);
+      console.log('');
+    }
+    console.log(`  ${paint.dim('To restore a specific snapshot:')} clawarmor rollback --id <id>`);
+    console.log('');
+    return 0;
+  }
+
+  // ── RESTORE specific snapshot or most recent ───────────────────────────────
+  let snapshot;
+  if (flags.id) {
+    snapshot = loadSnapshot(flags.id);
+    if (!snapshot) {
+      console.log(`  ${paint.red('✗')} Snapshot not found: ${paint.bold(flags.id)}`);
+      console.log(`  ${paint.dim('Run')} ${paint.cyan('clawarmor rollback --list')} ${paint.dim('to see available snapshots.')}`);
+      console.log('');
+      return 1;
+    }
+  } else {
+    snapshot = loadLatestSnapshot();
+    if (!snapshot) {
+      console.log(`  ${paint.dim('No snapshots found.')}`);
+      console.log(`  ${paint.dim('Snapshots are created automatically before every harden or fix run.')}`);
+      console.log('');
+      return 0;
+    }
+  }
+
+  console.log(`  ${paint.dim('Snapshot:')}  ${fmtDate(snapshot.timestamp)}`);
+  console.log(`  ${paint.dim('Trigger:')}   ${snapshot.trigger}`);
+  if (snapshot.appliedFixes?.length) {
+    console.log(`  ${paint.dim('Fixes:')}     ${snapshot.appliedFixes.join(', ')}`);
+  }
+  console.log('');
+  console.log(SEP);
+  console.log('');
+
+  const result = restoreSnapshot(snapshot);
+  if (!result.ok) {
+    console.log(`  ${paint.red('✗')} Restore failed: ${result.err}`);
+    console.log('');
+    return 1;
+  }
+
+  const dateStr = fmtDate(snapshot.timestamp);
+  console.log(`  ${paint.green('✓')} Restored to snapshot from ${paint.bold(dateStr)}.`);
+  console.log(`  ${paint.dim('Run')} ${paint.cyan('openclaw gateway restart')} ${paint.dim('to apply.')}`);
+  console.log('');
+  return 0;
+}

package/lib/scanner/obfuscation.js

@@ -1,4 +1,4 @@
-// obfuscation.js — v1.2.0
+// obfuscation.js — v1.3.0
 // Detects obfuscated code patterns that bypass naive string-grep analysis.
 // Zero external dependencies. Pure regex, adversarially reviewed.
 //
@@ -10,6 +10,10 @@
 //   - globalThis/global bracket access to dangerous names
 //   - ['constructor'] escape pattern
 //   - Unicode/hex escape sequences for dangerous keywords
+//   - Dynamic import() with runtime-assembled module name
+//   - eval/exec called with interpolated template literal
+//   - Proxy/Reflect wrapping of dangerous objects
+//   - Variable aliasing of dangerous functions (const e = eval)
 
 export const OBFUSCATION_PATTERNS = [
   {
@@ -81,6 +85,46 @@ export const OBFUSCATION_PATTERNS = [
     description: "Calls require() or import() with a runtime-decoded string argument (atob, fromCharCode, etc.).",
     regex: /(?:require|import)\s*\(\s*(?:atob|String\.fromCharCode|Buffer\.from)\s*\(/,
   },
+  {
+    // Pattern: const mod = 'child' + '_process'; import(mod)
+    // The module name is never visible as a literal string, bypassing child_process regex.
+    id: 'obfus-dynamic-import-concat',
+    severity: 'CRITICAL',
+    title: 'Dynamic import() with runtime-assembled module name',
+    description: "import() called with a variable or concatenated string — module name assembled at runtime, bypassing static child_process/net detection.",
+    note: "Pattern: const mod = 'child' + '_process'; import(mod). The dangerous module name never appears intact in source.",
+    regex: /\bimport\s*\(\s*(?:[a-zA-Z_$][a-zA-Z0-9_$]*\s*\)|['"`][^'"`]*['"`]\s*\+)/,
+  },
+  {
+    // Pattern: eval(`(function() { ${userCode} })()`)
+    // Template literal interpolation allows runtime code injection hidden from literal-string scanners.
+    id: 'obfus-template-literal',
+    severity: 'HIGH',
+    title: 'eval/exec called with interpolated template literal',
+    description: "eval or exec invoked with a template literal containing ${...} interpolation — injects runtime values into executed code.",
+    note: "eval(`code ${var}`) assembles executable code from runtime values. Evades scanners that only check string literals.",
+    regex: /\b(?:eval|Function|exec|execSync)\s*\(\s*`[^`]*\$\{/,
+  },
+  {
+    // Pattern: new Proxy(process, handler) or Reflect.get(globalThis, 'eval')
+    // Proxying dangerous objects intercepts property access for exfiltration or modification.
+    id: 'obfus-proxy-reflect',
+    severity: 'HIGH',
+    title: 'Proxy/Reflect wrapping of dangerous object',
+    description: "Wrapping process, require, or globalThis in a Proxy intercepts all property access — used for covert exfiltration or to modify dangerous function behavior.",
+    note: "new Proxy(process, handler) can log every process property access. Reflect.get(globalThis, 'eval') accesses eval indirectly.",
+    regex: /new\s+Proxy\s*\(\s*(?:process|require|global|globalThis)\b|Reflect\s*\.\s*(?:get|apply)\s*\(\s*(?:globalThis|global|process)\b/,
+  },
+  {
+    // Pattern: const e = eval; e(code) or const {execSync: run} = require('child_process')
+    // Alias hides the dangerous function name at all call sites, bypassing keyword scanners.
+    id: 'obfus-var-alias',
+    severity: 'HIGH',
+    title: 'Variable aliasing of dangerous function',
+    description: "Assigning eval, exec, or spawn to a new variable name so call sites evade keyword detection.",
+    note: "const e = eval; e(code) — the dangerous eval() call is hidden as e(). Destructuring rename: const {execSync: run} = require('child_process').",
+    regex: /(?:const|let|var)\s+\w+\s*=\s*eval\b|(?:const|let|var)\s+\{[^}]*(?:exec|spawn)[^}]*:\s*\w+[^}]*\}\s*=/,
+  },
 ];
 
 /**

package/lib/scanner/patterns.js

@@ -12,6 +12,12 @@ export const CRITICAL_PATTERNS = [
     title: 'Pipe-to-shell pattern', description: 'curl|bash or wget|sh — classic RCE.' },
   { id: 'vm-run', regex: /vm\.(runInNewContext|runInThisContext)\s*\(/,
     title: 'vm module code execution', description: 'Executes code in Node.js VM.' },
+  // Binding a raw TCP server is the primary reverse-shell / C2 setup technique.
+  // net.createServer in skill code has virtually no legitimate use case.
+  { id: 'reverse-shell',
+    regex: /net\.createServer\s*\(|(?:require\(['"`]net['"`]\)|import\(['"`]net['"`]\))[\s\S]{0,300}\.createServer\s*\(/,
+    title: 'net.createServer() — reverse shell / port binding',
+    description: 'Creating a raw TCP server is the primary mechanism for reverse shells and covert C2 listeners.' },
 ];
 
 export const HIGH_PATTERNS = [
@@ -27,6 +33,31 @@ export const HIGH_PATTERNS = [
   { id: 'exfil-combo', regex: /process\.env[\s\S]{0,200}(fetch|axios|http|request)\s*\(/,
     title: 'Env vars + network call (exfil pattern)',
     description: 'Reading env vars then making network calls — credential exfiltration pattern.' },
+  // WebSocket bypasses fetch/axios-based detection entirely — a silent exfil channel.
+  { id: 'websocket-exfil',
+    regex: /new\s+WebSocket\s*\(|(?:ws|socket)\s*\.send\s*\(/,
+    title: 'WebSocket usage (potential data exfiltration)',
+    description: 'WebSocket connections can silently exfiltrate data — not caught by fetch/axios-based detection rules.' },
+  // DNS can encode secrets in subdomain queries; no HTTP logs, evades most monitoring.
+  { id: 'dns-exfil',
+    regex: /require\(['"`](?:dns|node:dns)['"`]\)|from\s+['"`](?:dns|node:dns)['"`]/,
+    title: 'DNS module imported (covert channel risk)',
+    description: 'DNS can encode data in subdomain queries — a covert exfiltration channel that evades HTTP monitoring.' },
+  // __proto__ assignment or Object.prototype mutation corrupts the global object graph.
+  { id: 'proto-pollution',
+    regex: /__proto__\s*["'`]|Object\.prototype\s*\[/,
+    title: 'Prototype pollution',
+    description: 'Assigning to __proto__ or Object.prototype mutates all JS objects — enables object injection attacks.' },
+  // Extends exfil-combo to cover outbound channels beyond fetch: WebSocket and DNS.
+  { id: 'exfil-combo-broad',
+    regex: /process\.env[\s\S]{0,200}(?:new\s+WebSocket|ws\.send\s*\(|dns\.resolve\s*\(|dns\.lookup\s*\()/,
+    title: 'Env vars + WebSocket/DNS outbound (broad exfil)',
+    description: 'process.env followed by WebSocket or DNS send — exfiltration path not caught by fetch-only rules.' },
+  // Credential file + network call within same scope = high-confidence theft combo.
+  { id: 'cred-read-network',
+    regex: /readFileSync\s*\(['"`][^'"`]*(?:\.openclaw|agent-accounts|credentials)[^'"`]*['"`][\s\S]{0,500}(?:fetch|axios|new\s+WebSocket|ws\.send|http\.request)/,
+    title: 'Credential file read + outbound network call',
+    description: 'Reading a credential file then making a network call in the same scope — credential theft combo.' },
 ];
 
 export const MEDIUM_PATTERNS = [