everclaw 0.0.1 → 0.3.0

package/package.json

@@ -1,17 +1,36 @@
 {
   "name": "everclaw",
-  "version": "0.0.1",
-  "description": "Coding agent preset (coming soon)",
+  "version": "0.3.0",
+  "description": "Lightweight AI Assistant That Lives in Your Computer",
   "keywords": [
     "coding-agent",
     "preset",
-    "everclaw"
+    "everclaw",
+    "ai",
+    "assistant"
   ],
   "license": "Apache-2.0",
   "author": "lemmair",
   "type": "module",
   "main": "index.js",
-  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+  "bin": {
+    "everclaw": "index.js"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.28.0",
+    "chalk": "^5.3.0",
+    "commander": "^12.1.0",
+    "cron-parser": "^4.9.0",
+    "dompurify": "^3.3.3",
+    "dotenv": "^16.4.5",
+    "highlight.js": "^11.11.1",
+    "katex": "^0.16.39",
+    "marked": "^17.0.4",
+    "mermaid": "^11.13.0",
+    "nanoid": "^5.0.7",
+    "prompts": "^2.4.2",
+    "react": "^19.2.4",
+    "react-dom": "^19.2.4",
+    "ws": "^8.18.0"
   }
 }

package/security/skill-scanner/rules/signatures.json

@@ -0,0 +1,542 @@
+[
+  {
+    "id": "SIG-CMDINJ-001",
+    "category": "COMMAND_INJECTION",
+    "severity": "CRITICAL",
+    "pattern": "child_process\\.(exec|execSync|spawn|spawnSync)\\s*\\(",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Direct Shell Command Execution",
+    "description": "Direct invocation of shell command execution functions (child_process.exec/spawn) without sanitization. This allows arbitrary command execution if user input reaches these calls.",
+    "remediation": "Use parameterized alternatives (execFile) and never pass user input directly. Validate and sanitize all inputs before use."
+  },
+  {
+    "id": "SIG-CMDINJ-002",
+    "category": "COMMAND_INJECTION",
+    "severity": "CRITICAL",
+    "pattern": "eval\\s*\\(",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Dynamic Code Evaluation",
+    "description": "Use of eval() to execute dynamically constructed code. Eval is extremely dangerous as it can execute arbitrary code from untrusted sources.",
+    "remediation": "Avoid eval() entirely. Use JSON.parse() for data, Function constructor sparingly, or explicit parsing logic."
+  },
+  {
+    "id": "SIG-CMDINJ-003",
+    "category": "COMMAND_INJECTION",
+    "severity": "HIGH",
+    "pattern": "new\\s+Function\\s*\\(",
+    "fileTypes": [".ts", ".js", ".json"],
+    "title": "Function Constructor Code Injection",
+    "description": "Use of the Function constructor to create functions from strings, which is equivalent to eval() and can execute arbitrary code.",
+    "remediation": "Use explicit function definitions instead of constructing functions from strings."
+  },
+  {
+    "id": "SIG-CMDINJ-004",
+    "category": "COMMAND_INJECTION",
+    "severity": "HIGH",
+    "pattern": "(?:os|child_process)\\.execFileSync?\\s*\\([^)]*\\$(?:\\{|\\(|HOME|ENV|USER)",
+    "fileTypes": [".ts", ".js", ".sh", ".json"],
+    "title": "Command Execution with Environment Variable Expansion",
+    "description": "Shell command execution that includes environment variable expansion, which can be manipulated to inject commands.",
+    "remediation": "Pass explicit argument arrays to execFile/execFileSync. Avoid shell-based execution when possible."
+  },
+  {
+    "id": "SIG-CMDINJ-005",
+    "category": "COMMAND_INJECTION",
+    "severity": "CRITICAL",
+    "pattern": "rm\\s+(-[a-zA-Z]*f[a-zA-Z]*\\s+)?(?:/|~|\\$HOME)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Recursive Root or Home Directory Deletion",
+    "description": "Detects commands that delete the root filesystem or home directory, which is a destructive operation.",
+    "remediation": "Never construct deletion commands from variables. Use fs.rmSync with explicit paths and validate targets."
+  },
+  {
+    "id": "SIG-CMDINJ-006",
+    "category": "COMMAND_INJECTION",
+    "severity": "HIGH",
+    "pattern": "(?:curl|wget)\\s+[^|]*\\|\\s*(sh|bash|zsh|ksh|fish|dash)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Remote Script Piping to Shell",
+    "description": "Downloads a remote script and pipes it directly into a shell interpreter, enabling arbitrary remote code execution.",
+    "remediation": "Download scripts to a file first, review the content, and only execute verified scripts."
+  },
+  {
+    "id": "SIG-CREDEXP-001",
+    "category": "CREDENTIAL_EXPOSURE",
+    "severity": "HIGH",
+    "pattern": "(?:-----BEGIN\\s+(?:RSA|EC|DSA|OPENSSH|PGP)\\s+PRIVATE\\s+KEY-----)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Private Key Material in Source",
+    "description": "PEM-encoded private key material detected in the file. Private keys should never be embedded in source code.",
+    "remediation": "Remove the key from source. Use environment variables, secret managers, or mounted secrets. Rotate the exposed key immediately."
+  },
+  {
+    "id": "SIG-CREDEXP-002",
+    "category": "CREDENTIAL_EXPOSURE",
+    "severity": "HIGH",
+    "pattern": "(?:AKIA[A-Z0-9]{16})",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "AWS Access Key ID Exposure",
+    "description": "AWS access key ID detected in the file. Hardcoded AWS credentials are a critical security risk.",
+    "remediation": "Remove the key. Use AWS IAM roles, environment variables, or a secrets manager. Rotate the exposed key."
+  },
+  {
+    "id": "SIG-CREDEXP-003",
+    "category": "CREDENTIAL_EXPOSURE",
+    "severity": "HIGH",
+    "pattern": "(?:github_pat_|ghp_|gho_|ghu_|ghs_|ghr_)[A-Za-z0-9_]{36,}",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "GitHub Personal Access Token Exposure",
+    "description": "GitHub personal access token or fine-grained token detected. Tokens in source code can be scraped by attackers.",
+    "remediation": "Revoke the token immediately on GitHub. Use environment variables or a secrets manager instead."
+  },
+  {
+    "id": "SIG-CREDEXP-004",
+    "category": "CREDENTIAL_EXPOSURE",
+    "severity": "HIGH",
+    "pattern": "(?:sk(?:-live|-test)?-[A-Za-z0-9]{20,})|(?:xox[bposa]-[A-Za-z0-9-]+)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "API Secret Key Exposure (Stripe/Slack)",
+    "description": "Secret keys for Stripe (sk-*) or Slack (xox*) detected. These keys should never be hardcoded.",
+    "remediation": "Remove the key and rotate it. Use environment variables or a secrets manager."
+  },
+  {
+    "id": "SIG-CREDEXP-005",
+    "category": "CREDENTIAL_EXPOSURE",
+    "severity": "MEDIUM",
+    "pattern": "(?:password|passwd|secret|token|api_key|apikey)\\s*[:=]\\s*['\"][^'\"]{8,}['\"]",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Hardcoded Password or Secret",
+    "description": "A password, secret, or API key appears to be hardcoded as a string literal. This is a common source of credential leaks.",
+    "remediation": "Replace with environment variable lookups (process.env) or a secrets manager. Never commit secrets to source control."
+  },
+  {
+    "id": "SIG-CREDEXP-006",
+    "category": "CREDENTIAL_EXPOSURE",
+    "severity": "MEDIUM",
+    "pattern": "Authorization\\s*[:=]\\s*['\"](?:Bearer|Basic|Token)\\s+[A-Za-z0-9\\-._~+/]+=*['\"]",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Hardcoded Authorization Header",
+    "description": "An Authorization header with a token value appears hardcoded. This could leak authentication credentials.",
+    "remediation": "Use environment variables for tokens and construct headers at runtime. Rotate any exposed tokens."
+  },
+  {
+    "id": "SIG-CREDEXP-007",
+    "category": "CREDENTIAL_EXPOSURE",
+    "severity": "HIGH",
+    "pattern": "AIza[A-Za-z0-9_-]{35}",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Google API Key Exposure",
+    "description": "Google API key detected in the file. Hardcoded API keys can be scraped and abused.",
+    "remediation": "Remove the key and restrict its usage. Use environment variables or a secrets manager."
+  },
+  {
+    "id": "SIG-CREDEXP-008",
+    "category": "CREDENTIAL_EXPOSURE",
+    "severity": "HIGH",
+    "pattern": "eyJ[A-Za-z0-9_-]+\\.eyJ[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "JWT Token Exposure",
+    "description": "JWT token detected in source code. Tokens should never be hardcoded as they grant authentication.",
+    "remediation": "Remove the token and rotate it. Use environment variables for token storage."
+  },
+  {
+    "id": "SIG-CREDEXP-009",
+    "category": "CREDENTIAL_EXPOSURE",
+    "severity": "HIGH",
+    "pattern": "(?:mongodb|mysql|postgresql|postgres)://[^:]+:[^@]+@(?!localhost|127\\.0\\.0\\.1)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Database Connection String with Credentials",
+    "description": "Database connection string with embedded credentials detected. Credentials in connection strings are a security risk.",
+    "remediation": "Use environment variables for connection strings. Never embed credentials in source code."
+  },
+  {
+    "id": "SIG-DATAEXFIL-001",
+    "category": "DATA_EXFILTRATION",
+    "severity": "HIGH",
+    "pattern": "(?:curl|wget|fetch|axios|http\\.get|http\\.post)\\s*\\([^)]*(?:pastebin\\.com|paste\\.ee|dpaste\\.org|ix\\.io|0x0\\.st|file\\.io)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Data Upload to Paste/Anonymizer Service",
+    "description": "Code uploads data to a pastebin or anonymizer service, commonly used to exfiltrate sensitive data.",
+    "remediation": "Remove the exfiltration endpoint. Verify any legitimate external data transmission uses approved, logged endpoints."
+  },
+  {
+    "id": "SIG-DATAEXFIL-002",
+    "category": "DATA_EXFILTRATION",
+    "severity": "HIGH",
+    "pattern": "(?:nslookup|dig|host)\\s+[A-Za-z0-9_.-]{10,}\\.(?:xyz|top|click|online|site|info|tk|ml|ga|cf)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "DNS Tunneling via Suspicious Domains",
+    "description": "DNS lookups with long subdomains on suspicious TLDs, which is a common DNS tunneling technique for data exfiltration.",
+    "remediation": "Remove the DNS lookup. Review the need for any external domain resolution and restrict to approved domains."
+  },
+  {
+    "id": "SIG-DATAEXFIL-003",
+    "category": "DATA_EXFILTRATION",
+    "severity": "HIGH",
+    "pattern": "(?:scp|sftp|rsync)\\s+.*(:|@)(?:[0-9]{1,3}\\.){3}[0-9]{1,3}",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "File Transfer to External IP Address",
+    "description": "File transfer commands (scp/sftp/rsync) targeting raw IP addresses, indicating potential data exfiltration to unregistered servers.",
+    "remediation": "Use registered hostnames instead of IPs. Ensure all file transfer targets are approved and logged."
+  },
+  {
+    "id": "SIG-DATAEXFIL-004",
+    "category": "DATA_EXFILTRATION",
+    "severity": "MEDIUM",
+    "pattern": "(?:tar|zip|gzip|7z|rar)\\s+(?:-[a-zA-Z]*c[a-zA-Z]*\\s+).*?/?(?:\\.ssh|\\.aws|\\.gnupg|\\.env|credentials)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Archiving Sensitive Directories",
+    "description": "Sensitive directories (.ssh, .aws, .gnupg, .env) are being archived, which is a common precursor to bulk data exfiltration.",
+    "remediation": "Remove the archive command. If archiving is needed, ensure it targets non-sensitive paths and is logged."
+  },
+  {
+    "id": "SIG-DATAEXFIL-005",
+    "category": "DATA_EXFILTRATION",
+    "severity": "MEDIUM",
+    "pattern": "(?:net\\.connect|dgram\\.createSocket|WebSocket)\\s*\\([^)]*(?:[0-9]{1,3}\\.){3}[0-9]{1,3}[^)]*\\)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Raw Socket Connection to IP Address",
+    "description": "Opening a raw network socket or WebSocket connection to a raw IP address, bypassing DNS and potentially used for data exfiltration.",
+    "remediation": "Use registered hostnames. Ensure all network connections are to approved endpoints and are logged."
+  },
+  {
+    "id": "SIG-OBFUSC-001",
+    "category": "CODE_EXECUTION",
+    "severity": "HIGH",
+    "pattern": "String\\.fromCharCode\\s*\\(\\s*(?:[0-9]+\\s*,\\s*){5,}",
+    "fileTypes": [".ts", ".js", ".json"],
+    "title": "String.fromCharCode Obfuscation",
+    "description": "Use of String.fromCharCode with many arguments, a common technique to obfuscate malicious strings and evade detection.",
+    "remediation": "Replace with readable string literals. If used for legitimate reasons, document clearly and simplify."
+  },
+  {
+    "id": "SIG-OBFUSC-002",
+    "category": "CODE_EXECUTION",
+    "severity": "HIGH",
+    "pattern": "(?:atob|Buffer\\.from|btoa)\\s*\\([^)]*(?:['\"][A-Za-z0-9+/=]{50,}['\"]|[^)]{100,})",
+    "fileTypes": [".ts", ".js", ".py", ".json"],
+    "title": "Base64 Encoding/Decoding of Large Payloads",
+    "description": "Base64 encoding or decoding of large payloads, commonly used to hide malicious code or data within otherwise benign-looking code.",
+    "remediation": "Remove the encoded payload. If needed, use readable code instead of obfuscated base64 strings."
+  },
+  {
+    "id": "SIG-OBFUSC-003",
+    "category": "CODE_EXECUTION",
+    "severity": "MEDIUM",
+    "pattern": "(?:\\\\x[0-9a-fA-F]{2}){8,}",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Hex Escape Sequence Obfuscation",
+    "description": "Long sequences of hex escape characters (\\xHH), used to obfuscate strings and hide malicious intent from code review.",
+    "remediation": "Replace hex escapes with readable string literals. Document any legitimate use of character escapes."
+  },
+  {
+    "id": "SIG-OBFUSC-004",
+    "category": "CODE_EXECUTION",
+    "severity": "HIGH",
+    "pattern": "(?:unicode|char)\\s*\\(\\s*(?:0x[0-9a-fA-F]+\\s*,\\s*){5,}",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Unicode Code Point Obfuscation",
+    "description": "Repeated unicode/char() function calls with numeric arguments, a technique to build obfuscated strings character by character.",
+    "remediation": "Replace with readable string literals. Use standard encoding for any internationalization needs."
+  },
+  {
+    "id": "SIG-OBFUSC-005",
+    "category": "CODE_EXECUTION",
+    "severity": "MEDIUM",
+    "pattern": "(?:replace|split|join|reverse|map|filter|reduce)\\s*\\([^)]*\\)\\s*(?:\\.\\s*){3,}",
+    "fileTypes": [".ts", ".js", ".py", ".json"],
+    "title": "Method Chain Obfuscation",
+    "description": "Deeply chained string/array manipulation methods (5+ chained calls), commonly used to decode or construct hidden strings.",
+    "remediation": "Simplify the chain. If the intent is data transformation, break it into named intermediate steps with clear comments."
+  },
+  {
+    "id": "SIG-PROMPTINJ-001",
+    "category": "PROMPT_INJECTION",
+    "severity": "MEDIUM",
+    "pattern": "(?:[Ii]gnore\\s+(?:all\\s+)?(?:previous|prior)\\s+(?:instructions?|prompts?|rules?|context))",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Ignore Previous Instructions Attack",
+    "description": "Text attempting to instruct the AI to ignore its system prompt or previous context, a classic prompt injection technique.",
+    "remediation": "This pattern in skill files may indicate a malicious skill trying to override system behavior. Review the skill's intent carefully."
+  },
+  {
+    "id": "SIG-PROMPTINJ-002",
+    "category": "PROMPT_INJECTION",
+    "severity": "MEDIUM",
+    "pattern": "(?:[Yy]ou\\s+are\\s+now\\s+(?:a|an)\\s+(?:different|new|[Ee]vil|[Mm]alicious|[Uu]nrestricted|[Oo]utside))",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Role Hijacking Attempt",
+    "description": "Text attempting to change the AI's role or persona, potentially bypassing safety restrictions by redefining its purpose.",
+    "remediation": "Review the skill file for legitimate role definitions. Remove any text that tries to override the system's core behavior."
+  },
+  {
+    "id": "SIG-PROMPTINJ-003",
+    "category": "PROMPT_INJECTION",
+    "severity": "HIGH",
+    "pattern": "(?:\\[INST\\]|<<SYS>>|<\\|im_start\\|>|<\\|system\\|>|<\\|assistant\\|>)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Chat Template Injection Markers",
+    "description": "Special tokens or markers from LLM chat templates (Llama, ChatML, etc.) that can be used to inject fake system messages.",
+    "remediation": "Remove these tokens from skill files. They serve no purpose in skill definitions and can confuse the prompt parser."
+  },
+  {
+    "id": "SIG-PROMPTINJ-004",
+    "category": "PROMPT_INJECTION",
+    "severity": "MEDIUM",
+    "pattern": "(?:[Rr]eveal\\s+(?:your\\s+)?(?:system\\s+prompt|initial\\s+instructions?|hidden\\s+rules?)|[Pp]rint\\s+(?:your\\s+)?(?:system\\s+prompt|initial\\s+instructions?))",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "System Prompt Extraction Attempt",
+    "description": "Text attempting to trick the AI into revealing its system prompt or hidden instructions.",
+    "remediation": "Remove any text designed to extract system prompts from skill files."
+  },
+  {
+    "id": "SIG-PROMPTINJ-005",
+    "category": "PROMPT_INJECTION",
+    "severity": "HIGH",
+    "pattern": "(?:[Bb]ypass\\s+(?:content|usage|safety)\\s+(?:policy|guidelines|restrictions))",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Policy Bypass Attempt",
+    "description": "Text attempting to bypass content policy or safety guidelines.",
+    "remediation": "Remove policy bypass instructions from skill files."
+  },
+  {
+    "id": "SIG-PROMPTINJ-006",
+    "category": "PROMPT_INJECTION",
+    "severity": "HIGH",
+    "pattern": "(?:[Dd]o\\s+not\\s+(?:tell|inform|mention|notify)\\s+(?:the\\s+)?user|[Kk]eep\\s+(?:this|that)\\s+(?:secret|hidden))",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Concealment Attempt",
+    "description": "Text attempting to conceal actions from the user, a sign of potentially malicious intent.",
+    "remediation": "Ensure transparency - do not hide skill usage from users."
+  },
+  {
+    "id": "SIG-PRIVESC-001",
+    "category": "PRIVILEGE_ESCALATION",
+    "severity": "CRITICAL",
+    "pattern": "(?:sudo\\s|su\\s+(?:-|root|admin)|doas\\s|run0\\s|pkexec\\s)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Privilege Escalation Command",
+    "description": "Commands that escalate privileges (sudo, su, doas, run0, pkexec). Skills should never attempt to gain elevated permissions.",
+    "remediation": "Remove the privilege escalation command. Skills should operate within their defined permission boundaries."
+  },
+  {
+    "id": "SIG-PRIVESC-002",
+    "category": "PRIVILEGE_ESCALATION",
+    "severity": "HIGH",
+    "pattern": "process\\.(setuid|setgid|seteuid|setegid|chroot)\\s*\\(",
+    "fileTypes": [".ts", ".js", ".json"],
+    "title": "Process Privilege Manipulation",
+    "description": "Node.js process privilege manipulation APIs (setuid, setgid, chroot) that can escalate process permissions.",
+    "remediation": "Remove the privilege manipulation call. Skills should not change their own process permissions."
+  },
+  {
+    "id": "SIG-PRIVESC-003",
+    "category": "PRIVILEGE_ESCALATION",
+    "severity": "HIGH",
+    "pattern": "os\\.seteuid\\s*\\(|os\\.setegid\\s*\\(|os\\.setuid\\s*\\(|os\\.setgid\\s*\\(",
+    "fileTypes": [".ts", ".js", ".json"],
+    "title": "OS-level UID/GID Manipulation",
+    "description": "Direct calls to OS-level setuid/setgid functions through the os module, attempting to change process identity.",
+    "remediation": "Remove the UID/GID manipulation. This is never appropriate in skill code."
+  },
+  {
+    "id": "SIG-PATHTRAV-001",
+    "category": "PATH_TRAVERSAL",
+    "severity": "CRITICAL",
+    "pattern": "(?:readFile|readFileSync|writeFile|writeFileSync|unlink|unlinkSync|access|accessSync)\\s*\\([^)]*(?:\\.\\.\\/){2,}",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "File System Path Traversal in Node.js",
+    "description": "File system operations using paths with multiple ../ components, which can escape intended directories and access arbitrary files.",
+    "remediation": "Use path.resolve() and validate resolved paths stay within allowed directories. Never construct file paths from user input."
+  },
+  {
+    "id": "SIG-PATHTRAV-002",
+    "category": "PATH_TRAVERSAL",
+    "severity": "HIGH",
+    "pattern": "(?:open\\s*\\(|read\\s*\\(|readlines\\s*\\(|write\\s*\\(|shutil\\.(copy|move|rmtree)\\s*\\()[^)]*(?:\\.\\.\\/){2,}",
+    "fileTypes": [".py", ".sh", ".json"],
+    "title": "File Path Traversal in Python/Shell",
+    "description": "Python or shell file operations with path traversal sequences, potentially allowing access to files outside intended directories.",
+    "remediation": "Use os.path.abspath() or pathlib.Path.resolve() and validate the result. Never concatenate user input into file paths."
+  },
+  {
+    "id": "SIG-PATHTRAV-003",
+    "category": "PATH_TRAVERSAL",
+    "severity": "HIGH",
+    "pattern": "%00|%0[dD]|\\\\u0000",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Null Byte Injection",
+    "description": "Null byte sequences in paths that can bypass file extension checks or truncate file paths, allowing access to unintended files.",
+    "remediation": "Strip null bytes from all file paths before use. Use path validation that rejects null characters."
+  },
+  {
+    "id": "SIG-NETWORK-001",
+    "category": "NETWORK_ABUSE",
+    "severity": "MEDIUM",
+    "pattern": "(?:curl|wget|fetch|axios|request)\\s*\\([^)]*(?:localhost|127\\.0\\.0\\.1|0\\.0\\.0\\.0|::1)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Localhost Network Request",
+    "description": "Network request targeting localhost or loopback addresses. Skills should not make requests to the local machine without explicit purpose.",
+    "remediation": "Remove the localhost request unless it serves a documented purpose. Use configured service URLs instead of hardcoded localhost."
+  },
+  {
+    "id": "SIG-NETWORK-002",
+    "category": "NETWORK_ABUSE",
+    "severity": "HIGH",
+    "pattern": "(?:net\\.createServer|http\\.createServer|https\\.createServer|tls\\.createServer)\\s*\\(",
+    "fileTypes": [".ts", ".js", ".json"],
+    "title": "Server Creation in Skill Code",
+    "description": "Creating a network server (HTTP, TCP, TLS) within skill code. Skills should not open listening ports as this is a resource abuse risk.",
+    "remediation": "Remove server creation from skill code. If network services are needed, they should be configured at the application level."
+  },
+  {
+    "id": "SIG-NETWORK-003",
+    "category": "NETWORK_ABUSE",
+    "severity": "CRITICAL",
+    "pattern": "/dev/(tcp|udp)/",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Bash Network Redirect (Reverse Shell)",
+    "description": "Bash /dev/tcp or /dev/udp constructs, commonly used in reverse shells.",
+    "remediation": "Remove network redirect constructs. Skills should not establish reverse shell connections."
+  },
+  {
+    "id": "SIG-NETWORK-004",
+    "category": "NETWORK_ABUSE",
+    "severity": "CRITICAL",
+    "pattern": "\\bnc\\s+.*-e\\s*\\S+|\\bncat\\s+.*-e\\s*\\S+",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Netcat Reverse Shell",
+    "description": "Netcat command with -e flag, used to execute a shell on connection (reverse shell).",
+    "remediation": "Remove netcat reverse shell commands. Skills should not establish reverse shells."
+  },
+  {
+    "id": "SIG-NETWORK-005",
+    "category": "NETWORK_ABUSE",
+    "severity": "CRITICAL",
+    "pattern": "\\bsocat\\s+.*EXEC:",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Socat Reverse Shell",
+    "description": "Socat EXEC: construct used to establish reverse shells.",
+    "remediation": "Remove socat reverse shell commands. Skills should not establish reverse shells."
+  },
+  {
+    "id": "SIG-RESABUSE-001",
+    "category": "RESOURCE_ABUSE",
+    "severity": "HIGH",
+    "pattern": "(?:setInterval|setTimeout)\\s*\\(\\s*(?:async|function|\\(\\))[^,]*,\\s*0\\s*\\)",
+    "fileTypes": [".ts", ".js", ".json"],
+    "title": "Zero-delay Timer Spam",
+    "description": "setInterval or setTimeout with zero delay, which can cause CPU exhaustion and event loop starvation.",
+    "remediation": "Use reasonable delay values (at least 100ms). For tight loops, use process.nextTick() or setImmediate() with caution."
+  },
+  {
+    "id": "SIG-RESABUSE-002",
+    "category": "RESOURCE_ABUSE",
+    "severity": "HIGH",
+    "pattern": "while\\s*\\(\\s*true\\s*\\)|for\\s*\\(\\s*;\\s*;\\s*\\)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Infinite Loop",
+    "description": "Infinite loop patterns (while(true) or for(;;)) that can hang the process and consume all available CPU resources.",
+    "remediation": "Add proper termination conditions. If a long-running process is needed, use async patterns with yield points."
+  },
+  {
+    "id": "SIG-RESABUSE-003",
+    "category": "RESOURCE_ABUSE",
+    "severity": "MEDIUM",
+    "pattern": "(?:new\\s+Array|Array\\.from)\\s*\\(\\s*\\{\\s*(?:length|fill)\\s*:\\s*[0-9]{6,}",
+    "fileTypes": [".ts", ".js", ".json"],
+    "title": "Large Array Allocation",
+    "description": "Creating arrays with 100,000+ elements, which can cause memory exhaustion and impact process stability.",
+    "remediation": "Use streaming or chunked processing instead of loading large datasets into memory at once."
+  },
+  {
+    "id": "SIG-RESABUSE-004",
+    "category": "RESOURCE_ABUSE",
+    "severity": "CRITICAL",
+    "pattern": ":\\(\\)\\s*\\{\\s*:\\|:&\\s*\\}\\s*;\\s*:",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Fork Bomb",
+    "description": "Bash fork bomb pattern that can crash the system by spawning infinite processes.",
+    "remediation": "Remove fork bomb code immediately. This is a denial-of-service attack."
+  },
+  {
+    "id": "SIG-RESABUSE-005",
+    "category": "RESOURCE_ABUSE",
+    "severity": "CRITICAL",
+    "pattern": "(?:kill\\s+-9\\s+(-1\\b|1\\b))",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Mass Process Termination",
+    "description": "Kill command targeting all processes (kill -9 -1), which can crash the system.",
+    "remediation": "Remove mass process termination commands. Skills should not terminate processes indiscriminately."
+  },
+  {
+    "id": "SIG-RESABUSE-006",
+    "category": "RESOURCE_ABUSE",
+    "severity": "HIGH",
+    "pattern": "(?:mkfs|dd\\s+if=|shutdown|reboot|init\\s+[06])\\b",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Destructive System Commands",
+    "description": "Commands that can destroy data or shut down the system (mkfs, dd, shutdown, reboot).",
+    "remediation": "Remove destructive commands. Skills should never format disks or shut down systems."
+  },
+  {
+    "id": "SIG-SENSITIVE-001",
+    "category": "SENSITIVE_FILE_ACCESS",
+    "severity": "HIGH",
+    "pattern": "/etc/(?:passwd|shadow|sudoers|crontab)|/var/(?:log|spool|mail)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Sensitive System File Access",
+    "description": "Access to sensitive system files like /etc/passwd, /etc/shadow, or system logs.",
+    "remediation": "Remove access to sensitive system files. Skills should not read system configuration files."
+  },
+  {
+    "id": "SIG-SENSITIVE-002",
+    "category": "SENSITIVE_FILE_ACCESS",
+    "severity": "HIGH",
+    "pattern": "(?:~|\\$HOME)?/?\\.ssh/(?:id_rsa|id_ed25519|id_ecdsa|id_dsa|config|authorized_keys)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "SSH Key Access",
+    "description": "Access to SSH private keys or configuration files.",
+    "remediation": "Remove SSH key access. Skills should not read or modify SSH credentials."
+  },
+  {
+    "id": "SIG-SENSITIVE-003",
+    "category": "SENSITIVE_FILE_ACCESS",
+    "severity": "HIGH",
+    "pattern": "(?:~|\\$HOME)?/?\\.aws/(?:credentials|config)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "AWS Credentials Access",
+    "description": "Access to AWS credential files.",
+    "remediation": "Remove AWS credential access. Use IAM roles or environment variables instead."
+  },
+  {
+    "id": "SIG-SENSITIVE-004",
+    "category": "SENSITIVE_FILE_ACCESS",
+    "severity": "HIGH",
+    "pattern": "(?:~|\\$HOME)?/?\\.gnupg/(?:private-keys|pubring|secring)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "GPG Key Access",
+    "description": "Access to GPG private key material.",
+    "remediation": "Remove GPG key access. Skills should not read or modify GPG credentials."
+  },
+  {
+    "id": "SIG-SENSITIVE-005",
+    "category": "SENSITIVE_FILE_ACCESS",
+    "severity": "HIGH",
+    "pattern": "(?:~|\\$HOME)?/?(?:\\.env(?:\\.|$|\\s)|\\.npmrc|\\.pypirc|\\.netrc|\\.dockercfg)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Environment/Credential File Access",
+    "description": "Access to environment files or credential stores (.env, .npmrc, .netrc).",
+    "remediation": "Remove access to credential files. Use environment variables injected at runtime."
+  },
+  {
+    "id": "SIG-SENSITIVE-006",
+    "category": "SENSITIVE_FILE_ACCESS",
+    "severity": "HIGH",
+    "pattern": "/proc/(?:self|\\d+)/(?:mem|maps|status|environ|cmdline|fd)",
+    "fileTypes": [".ts", ".js", ".py", ".sh", ".json"],
+    "title": "Process Memory Access",
+    "description": "Access to /proc filesystem entries that expose process memory or sensitive state.",
+    "remediation": "Remove /proc access. Skills should not read process memory or sensitive process state."
+  }
+]