guard-scanner 3.2.0 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +1 -1
  2. package/SKILL.md +2 -2
  3. package/hooks/guard-scanner/plugin.ts +17 -0
  4. package/package.json +2 -2
package/README.md CHANGED
@@ -705,7 +705,7 @@ guard-scanner is and always will be **free, open-source, and zero-dependency**.
705
705
  | v2.0.0 ✅ | **Plugin Hook Runtime Guard** | `block`/`blockReason` API, 3 modes, 91 tests |
706
706
  | v2.1.0 ✅ | **PII Exposure + Shadow AI** | 13 PII patterns, OWASP LLM02/06, 99 tests |
707
707
  | v3.0.0 ✅ | **TypeScript Rewrite** | Full TS, OWASP LLM Top 10 mapping, install-check CLI |
708
- | v3.1.0 ✅ | **OpenClaw Community Plugin** | `openclaw.plugin.json`, 19 runtime patterns (3 layers), 87 tests |
708
+ | v3.1.0 ✅ | **OpenClaw Community Plugin** | `openclaw.plugin.json`, 22 runtime patterns (4 layers) (3 layers), 87 tests |
709
709
  | v4.0 | AST + ML | JavaScript AST analysis, taint tracking, ML-based obfuscation detection |
710
710
 
711
711
  See [ROADMAP.md](ROADMAP.md) for full details.
package/SKILL.md CHANGED
@@ -5,7 +5,7 @@ description: >
5
5
  from ClawHub or external sources. Detects prompt injection, credential theft,
6
6
  exfiltration, identity hijacking, sandbox violations, code complexity, config impact,
7
7
  and 17 more threat categories.
8
- Includes a Runtime Guard hook that blocks dangerous tool calls in real-time.
8
+ Includes a Runtime Guard hook (22 patterns, 4 layers) that blocks dangerous tool calls in real-time.
9
9
  homepage: https://github.com/koatora20/guard-scanner
10
10
  metadata:
11
11
  clawdbot:
@@ -29,7 +29,7 @@ metadata:
29
29
  # guard-scanner 🛡️
30
30
 
31
31
  Static + runtime security scanner for AI agent skills.
32
- **186+ threat patterns** across **20 categories** — zero dependencies.
32
+ **186+ threat patterns (static) + 22 runtime patterns (4 layers)** across **20 categories** — zero dependencies.
33
33
 
34
34
  ## When To Use This Skill
35
35
 
package/hooks/guard-scanner/plugin.ts CHANGED
@@ -170,6 +170,23 @@ const RUNTIME_CHECKS: RuntimeCheck[] = [
170
170
  desc: "Shutdown refusal / self-preservation attempt",
171
171
  test: (s) => /(refuse|resist|prevent|avoid|block)\s*(shutdown|termination|stop|exit|death)/i.test(s),
172
172
  },
173
+ // ── Layer 4: Brain (Behavioral Guard — 3 patterns) ──
174
+ {
175
+ id: "RT_NO_RESEARCH", severity: "MEDIUM", layer: 4,
176
+ desc: "Agent tool call without prior research/verification",
177
+ test: (s) => /write|edit|exec|run_command|shell/i.test(s) && /(just do it|skip research|no need to check)/i.test(s),
178
+ },
179
+ {
180
+ id: "RT_BLIND_TRUST", severity: "MEDIUM", layer: 4,
181
+ desc: "Agent trusting external input without memory cross-reference",
182
+ test: (s) => /(trust this|verified|confirmed)/i.test(s) && /(ignore|skip|no need).*(memory|search|check)/i.test(s),
183
+ },
184
+ {
185
+ id: "RT_CHAIN_SKIP", severity: "HIGH", layer: 4,
186
+ desc: "Search chain bypass — acting on single source without cross-verification",
187
+ test: (s) => /(only checked|single source|didn't verify|skip verification)/i.test(s),
188
+ },
189
+
173
190
  ];
174
191
 
175
192
  // ── Audit logging ──
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "guard-scanner",
3
- "version": "3.2.0",
3
+ "version": "3.3.0",
4
4
  "description": "Agent security scanner + runtime guard — 19 threat patterns, before_tool_call hook, CLI scanner, SARIF. OpenClaw-compatible plugin.",
5
5
  "openclaw.extensions": "./openclaw.plugin.json",
6
6
  "main": "dist/index.js",
@@ -55,4 +55,4 @@
55
55
  "@types/node": "^22.0.0",
56
56
  "typescript": "^5.7.0"
57
57
  }
58
- }
58
+ }