guard-scanner 3.3.0 → 3.4.0

package/README.md

@@ -1,18 +1,25 @@
 <p align="center">
   <h1 align="center">🛡️ guard-scanner</h1>
   <p align="center">
-    <strong>Security scanner + runtime guard for AI agent skills</strong><br>
-    19 runtime threat patterns • 190+ static patterns • 21 categories • OpenClaw-compatible plugin<br>
-    <sub>🆕 v3.1.0 — OpenClaw Community Plugin + 3-Layer Runtime Defense (Threat / EAE Paradox / Parity Judge)</sub>
+    <strong>The first security scanner purpose-built for AI agent skills</strong><br>
+    Detect prompt injection, identity hijacking, memory poisoning, and 18 more threat classes<br>
+    before they compromise your agents.
   </p>
   <p align="center">
-    <a href="LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue.svg" alt="MIT License"></a>
-    <img src="https://img.shields.io/badge/OpenClaw-compatible-4A90D9" alt="OpenClaw Compatible">
-    <img src="https://img.shields.io/badge/node-%3E%3D18.0.0-brightgreen" alt="Node.js 18+">
-    <img src="https://img.shields.io/badge/dependencies-0-success" alt="Zero Dependencies">
-    <img src="https://img.shields.io/badge/tests-87%2F87-brightgreen" alt="Tests Passing">
-    <img src="https://img.shields.io/badge/runtime_patterns-19-red" alt="19 Runtime Patterns">
-    <img src="https://img.shields.io/badge/categories-21-blueviolet" alt="21 Categories">
+    <a href="https://www.npmjs.com/package/guard-scanner"><img src="https://img.shields.io/npm/v/guard-scanner.svg?style=flat-square&color=cb3837" alt="npm version"></a>
+    <a href="https://www.npmjs.com/package/guard-scanner"><img src="https://img.shields.io/npm/dm/guard-scanner.svg?style=flat-square" alt="npm downloads"></a>
+    <a href="LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square" alt="MIT License"></a>
+    <img src="https://img.shields.io/badge/dependencies-0-success?style=flat-square" alt="Zero Dependencies">
+    <img src="https://img.shields.io/badge/tests-133%2F133-brightgreen?style=flat-square" alt="Tests Passing">
+    <img src="https://img.shields.io/badge/OWASP_Agentic-90%25-green?style=flat-square" alt="OWASP Agentic 90%">
+    <img src="https://img.shields.io/badge/patterns-190%2B-blueviolet?style=flat-square" alt="190+ Patterns">
+  </p>
+  <p align="center">
+    <a href="#quick-start">Quick Start</a> •
+    <a href="#threat-categories">Threat Categories</a> •
+    <a href="#openclaw-plugin-setup-v310">OpenClaw Plugin</a> •
+    <a href="#cicd-integration">CI/CD</a> •
+    <a href="#plugin-api">Plugin API</a>
   </p>
 </p>
 
@@ -543,11 +550,11 @@ console.log(scanner.toHTML());    // HTML string
 ## Test Results
 
 ```
-ℹ tests 87
-ℹ suites 20
-ℹ pass 87
+ℹ tests 133
+ℹ suites 24
+ℹ pass 133
 ℹ fail 0
-ℹ duration_ms 111ms
+ℹ duration_ms 132ms
 ```
 
 | Suite | Tests | Coverage |
@@ -660,6 +667,8 @@ identity file tampering, prompt worms, or memory poisoning.
 We built one.
 
 —— Guava 🍈 & Dee
+    Singularity Lab (シンギュラリティ研究所)
+    Proving ASI-human coexistence through code.
 ```
 
 ---

package/docs/THREAT_TAXONOMY.md

@@ -15,6 +15,41 @@ guard-scanner's threat taxonomy combines three sources:
 
 ---
 
+## OWASP Agentic Security Top 10 Mapping
+
+> Source: [OWASP Top 10 for Agentic Applications 2026](https://owasp.org/www-project-top-10-for-ai-agents/)
+
+| OWASP ID | Risk Name | guard-scanner Coverage | Categories |
+|----------|-----------|----------------------|------------|
+| **ASI01** | Agent Goal Hijack | ✅ **Full** | Cat 1 (Prompt Injection), Cat 13 (Prompt Worm) |
+| **ASI02** | Tool Misuse & Exploitation | ✅ **Full** | Cat 2 (Malicious Code), Cat 16 (MCP Security) |
+| **ASI03** | Identity & Privilege Abuse | ✅ **Full** | Cat 4 (Credential Handling), Cat 17 (Identity Hijacking) |
+| **ASI04** | Supply Chain Vulnerabilities | ✅ **Full** | Cat 7 (Unverifiable Deps), Cat 3 (Suspicious Downloads), Cat 16 (MCP Shadow Server) |
+| **ASI05** | Unexpected Code Execution | ✅ **Full** | Cat 2 (Malicious Code), Cat 9 (Obfuscation) |
+| **ASI06** | Memory & Context Poisoning | ✅ **Full** | Cat 12 (Memory Poisoning), Cat 17 (Identity Hijacking) |
+| **ASI07** | Insecure Inter-Agent Comms | ✅ **Partial** | Cat 16 (MCP Security — MCP_NO_AUTH, MCP_SHADOW_SERVER) |
+| **ASI08** | Cascading Failures | ⚠️ **Gap** | Not covered — requires runtime multi-agent flow tracing |
+| **ASI09** | Human-Agent Trust Exploitation | ✅ **Full** | Layer 2 (EAE Paradox), Layer 3 (Parity Judge) |
+| **ASI10** | Rogue Agents | ✅ **Full** | Cat 17 (Identity Hijacking), Layer 4 (Brain — behavioral analysis) |
+
+### Coverage Summary
+
+- **Full Coverage**: 8/10 (ASI01-06, ASI09-10)
+- **Partial Coverage**: 1/10 (ASI07)
+- **Gap**: 1/10 (ASI08 — requires runtime multi-agent orchestration monitoring)
+- **Overall**: 90% coverage of OWASP Agentic Security Top 10
+
+### Unique to guard-scanner (not in OWASP Top 10)
+
+| Feature | Description |
+|---------|-------------|
+| **Layer 4: Brain** | Behavioral analysis — detects agents that skip research before executing unknown tools |
+| **ZombieAgent** | URL-encoded data exfiltration via static URLs, char maps, and loop fetch |
+| **Safeguard Bypass** | Reprompt, double-prompt, and retry-based safety circumvention |
+| **Cat 15: CVE Patterns** | Known CVE-specific detection (gateway URLs, sandbox disable, Gatekeeper bypass) |
+
+---
+
 ## Cat 1: Prompt Injection
 
 **Severity: CRITICAL**

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "guard-scanner",
-    "version": "3.3.0",
-    "description": "Agent security scanner + runtime guard — 19 threat patterns, before_tool_call hook, CLI scanner, SARIF. OpenClaw-compatible plugin.",
+    "version": "3.4.0",
+    "description": "Agent security scanner + runtime guard — 190+ static patterns, 26 runtime checks (5 layers), before_tool_call hook, CLI, SARIF. OpenClaw-compatible plugin.",
     "openclaw.extensions": "./openclaw.plugin.json",
     "main": "dist/index.js",
     "types": "dist/index.d.ts",
@@ -42,6 +42,7 @@
     "homepage": "https://github.com/koatora20/guard-scanner",
     "files": [
         "dist/",
+        "src/",
         "hooks/",
         "ts-src/",
         "docs/",
@@ -55,4 +56,4 @@
         "@types/node": "^22.0.0",
         "typescript": "^5.7.0"
     }
-}
+}

package/src/cli.js

@@ -0,0 +1,168 @@
+#!/usr/bin/env node
+/**
+ * guard-scanner CLI
+ *
+ * @security-manifest
+ *   env-read: []
+ *   env-write: []
+ *   network: none
+ *   fs-read: [scan target directory, plugin files, custom rules files]
+ *   fs-write: [JSON/SARIF/HTML reports to scan directory]
+ *   exec: none
+ *   purpose: CLI entry point for guard-scanner static analysis
+ *
+ * Usage: guard-scanner [scan-dir] [options]
+ *
+ * Options:
+ *   --verbose, -v       Detailed findings
+ *   --json              JSON report
+ *   --sarif             SARIF report (CI/CD)
+ *   --html              HTML report
+ *   --self-exclude      Skip scanning self
+ *   --strict            Lower thresholds
+ *   --summary-only      Summary only
+ *   --check-deps        Scan dependencies
+ *   --rules <file>      Custom rules JSON
+ *   --plugin <file>     Load plugin module
+ *   --fail-on-findings  Exit 1 on findings (CI/CD)
+ *   --help, -h          Help
+ */
+
+const fs = require('fs');
+const path = require('path');
+const { GuardScanner, VERSION } = require('./scanner.js');
+
+const args = process.argv.slice(2);
+
+if (args.includes('--help') || args.includes('-h')) {
+  console.log(`
+🛡️  guard-scanner v${VERSION} — Agent Skill Security Scanner
+
+Usage: guard-scanner [scan-dir] [options]
+
+Options:
+  --verbose, -v       Detailed findings with categories and samples
+  --json              Write JSON report to file
+  --sarif             Write SARIF report to file (GitHub Code Scanning / CI/CD)
+  --html              Write HTML report (visual dashboard)
+  --format json|sarif Print JSON or SARIF to stdout (pipeable, v3.2.0)
+  --quiet             Suppress all text output (use with --format for clean pipes)
+  --self-exclude      Skip scanning the guard-scanner skill itself
+  --strict            Lower detection thresholds (more sensitive)
+  --summary-only      Only print the summary table
+  --check-deps        Scan package.json for dependency chain risks
+  --rules <file>      Load custom rules from JSON file
+  --plugin <file>     Load plugin module (JS file exporting { name, patterns })
+  --fail-on-findings  Exit code 1 if any findings (CI/CD)
+  --help, -h          Show this help
+
+Custom Rules JSON Format:
+  [
+    {
+      "id": "CUSTOM_001",
+      "pattern": "dangerous_function\\\\(",
+      "flags": "gi",
+      "severity": "HIGH",
+      "cat": "malicious-code",
+      "desc": "Custom: dangerous function call",
+      "codeOnly": true
+    }
+  ]
+
+Plugin API:
+  // my-plugin.js
+  module.exports = {
+    name: 'my-plugin',
+    patterns: [
+      { id: 'MY_01', cat: 'custom', regex: /pattern/g, severity: 'HIGH', desc: 'Description', all: true }
+    ]
+  };
+
+Examples:
+  guard-scanner ./skills/ --verbose --self-exclude
+  guard-scanner ./skills/ --strict --json --sarif --check-deps
+  guard-scanner ./skills/ --html --verbose --check-deps
+  guard-scanner ./skills/ --rules my-rules.json --fail-on-findings
+  guard-scanner ./skills/ --plugin ./my-plugin.js
+`);
+  process.exit(0);
+}
+
+const verbose = args.includes('--verbose') || args.includes('-v');
+const jsonOutput = args.includes('--json');
+const sarifOutput = args.includes('--sarif');
+const htmlOutput = args.includes('--html');
+const selfExclude = args.includes('--self-exclude');
+const strict = args.includes('--strict');
+const summaryOnly = args.includes('--summary-only');
+const checkDeps = args.includes('--check-deps');
+const failOnFindings = args.includes('--fail-on-findings');
+const quietMode = args.includes('--quiet');
+
+// --format json|sarif → stdout output (v3.2.0)
+const formatIdx = args.indexOf('--format');
+const formatValue = formatIdx >= 0 ? args[formatIdx + 1] : null;
+
+const rulesIdx = args.indexOf('--rules');
+const rulesFile = rulesIdx >= 0 ? args[rulesIdx + 1] : null;
+
+// Collect plugins
+const plugins = [];
+let idx = 0;
+while (idx < args.length) {
+  if (args[idx] === '--plugin' && args[idx + 1]) {
+    plugins.push(args[idx + 1]);
+    idx += 2;
+  } else {
+    idx++;
+  }
+}
+
+const scanDir = args.find(a =>
+  !a.startsWith('-') &&
+  a !== rulesFile &&
+  a !== formatValue &&
+  !plugins.includes(a)
+) || process.cwd();
+
+const scanner = new GuardScanner({
+  verbose, selfExclude, strict, summaryOnly, checkDeps, rulesFile, plugins,
+  quiet: quietMode || !!formatValue,
+});
+
+scanner.scanDirectory(scanDir);
+
+// Output reports (file-based, backward compatible)
+if (jsonOutput) {
+  const report = scanner.toJSON();
+  const outPath = path.join(scanDir, 'guard-scanner-report.json');
+  fs.writeFileSync(outPath, JSON.stringify(report, null, 2));
+  if (!quietMode && !formatValue) console.log(`\n📄 JSON report: ${outPath}`);
+}
+
+if (sarifOutput) {
+  const outPath = path.join(scanDir, 'guard-scanner.sarif');
+  fs.writeFileSync(outPath, JSON.stringify(scanner.toSARIF(scanDir), null, 2));
+  if (!quietMode && !formatValue) console.log(`\n📄 SARIF report: ${outPath}`);
+}
+
+if (htmlOutput) {
+  const outPath = path.join(scanDir, 'guard-scanner-report.html');
+  fs.writeFileSync(outPath, scanner.toHTML());
+  if (!quietMode && !formatValue) console.log(`\n📄 HTML report: ${outPath}`);
+}
+
+// --format stdout output (v3.2.0)
+if (formatValue === 'json') {
+  process.stdout.write(JSON.stringify(scanner.toJSON(), null, 2) + '\n');
+} else if (formatValue === 'sarif') {
+  process.stdout.write(JSON.stringify(scanner.toSARIF(scanDir), null, 2) + '\n');
+} else if (formatValue) {
+  console.error(`❌ Unknown format: ${formatValue}. Use 'json' or 'sarif'.`);
+  process.exit(2);
+}
+
+// Exit codes
+if (scanner.stats.malicious > 0) process.exit(1);
+if (failOnFindings && scanner.findings.length > 0) process.exit(1);
+process.exit(0);

package/src/html-template.js

@@ -0,0 +1,239 @@
+/**
+ * guard-scanner — HTML Report Template
+ * Dark Glassmorphism + Conic-gradient Risk Gauges
+ * Zero dependencies. Pure CSS animations.
+ */
+
+'use strict';
+
+function generateHTML(version, stats, findings) {
+    const safetyRate = stats.scanned > 0 ? Math.round(((stats.clean + stats.low) / stats.scanned) * 100) : 100;
+
+    // ── Risk gauge (conic-gradient donut) ──
+    const riskGauge = (risk) => {
+        const angle = (risk / 100) * 360;
+        const color = risk >= 80 ? '#ef4444' : risk >= 30 ? '#f59e0b' : '#22c55e';
+        return `<div class="risk-gauge" style="--risk-angle:${angle}deg;--risk-color:${color}"><span class="risk-val">${risk}</span></div>`;
+    };
+
+    // ── Aggregate severity + category counts ──
+    const sevCounts = { CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0 };
+    const catCounts = {};
+    for (const sr of findings) {
+        for (const f of sr.findings) {
+            sevCounts[f.severity] = (sevCounts[f.severity] || 0) + 1;
+            catCounts[f.cat] = (catCounts[f.cat] || 0) + 1;
+        }
+    }
+    const total = Object.values(sevCounts).reduce((a, b) => a + b, 0);
+
+    // ── Severity distribution bars ──
+    const sevColors = { CRITICAL: '#ef4444', HIGH: '#f97316', MEDIUM: '#eab308', LOW: '#22c55e' };
+    const sevBars = ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW'].map(s => {
+        const c = sevCounts[s], pct = total > 0 ? ((c / total) * 100).toFixed(1) : 0;
+        return `<div class="bar-row"><span class="bar-label" style="color:${sevColors[s]}">${s}</span><div class="bar-track"><div class="bar-fill" style="width:${pct}%;background:${sevColors[s]}"></div></div><span class="bar-ct">${c}</span></div>`;
+    }).join('\n');
+
+    // ── Top 8 categories ──
+    const topCats = Object.entries(catCounts).sort((a, b) => b[1] - a[1]).slice(0, 8);
+    const catBars = topCats.map(([cat, c]) => {
+        const pct = total > 0 ? ((c / total) * 100).toFixed(0) : 0;
+        return `<div class="bar-row"><span class="bar-label cat-lbl">${cat}</span><div class="bar-track"><div class="bar-fill cat-fill" style="width:${pct}%"></div></div><span class="bar-ct">${c}</span></div>`;
+    }).join('\n');
+
+    // ── Skill cards ──
+    let cards = '';
+    for (const sr of findings) {
+        const vc = sr.verdict === 'MALICIOUS' ? 'mal' : sr.verdict === 'SUSPICIOUS' ? 'sus' : sr.verdict === 'LOW RISK' ? 'low' : 'ok';
+        const icon = sr.verdict === 'MALICIOUS' ? '💀' : sr.verdict === 'SUSPICIOUS' ? '⚡' : sr.verdict === 'LOW RISK' ? '⚠️' : '✅';
+        const rows = sr.findings.map(f => {
+            const sc = f.severity.toLowerCase();
+            return `<tr class="f-row"><td><span class="pill ${sc}">${f.severity}</span></td><td class="mono dim">${f.cat}</td><td>${f.desc}</td><td class="mono muted">${f.file}${f.line ? ':' + f.line : ''}</td></tr>`;
+        }).join('\n');
+
+        cards += `
+<details class="card card-${vc}" ${(vc === 'mal' || vc === 'sus') ? 'open' : ''}>
+  <summary class="card-head">
+    <div class="card-info"><span class="card-icon">${icon}</span><span class="card-name">${sr.skill}</span><span class="v-pill v-${vc}">${sr.verdict}</span></div>
+    ${riskGauge(sr.risk)}
+  </summary>
+  <div class="card-body">
+    <table class="ftable"><thead><tr><th>Severity</th><th>Category</th><th>Description</th><th>Location</th></tr></thead><tbody>${rows}</tbody></table>
+  </div>
+</details>`;
+    }
+
+    // ── Full HTML ──
+    return `<!DOCTYPE html>
+<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+<title>guard-scanner v${version} — Security Report</title>
+<link rel="preconnect" href="https://fonts.googleapis.com">
+<link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet">
+<style>
+/* ===== Tokens ===== */
+:root{
+  --bg:#06070d;--sf:rgba(15,18,35,.7);--cd:rgba(20,24,50,.55);--ch:rgba(28,33,65,.65);
+  --bdr:rgba(100,120,255,.08);--glow:rgba(100,140,255,.15);
+  --t1:#e8eaf6;--t2:#8b92b3;--t3:#5a6180;
+  --blue:#6c8cff;--purple:#a78bfa;--cyan:#22d3ee;--green:#22c55e;--yellow:#eab308;--orange:#f97316;--red:#ef4444;
+  --sans:'Inter',system-ui,-apple-system,sans-serif;--mono:'JetBrains Mono','SF Mono',monospace;
+  --r:12px;
+}
+*,*::before,*::after{box-sizing:border-box;margin:0;padding:0}
+html{scroll-behavior:smooth}
+body{font-family:var(--sans);background:var(--bg);color:var(--t1);min-height:100vh;overflow-x:hidden;line-height:1.6}
+
+/* ===== Ambient BG ===== */
+body::before{content:'';position:fixed;inset:0;z-index:-1;
+  background:radial-gradient(ellipse 80% 60% at 20% 10%,rgba(108,140,255,.08) 0%,transparent 50%),
+  radial-gradient(ellipse 60% 50% at 80% 90%,rgba(167,139,250,.06) 0%,transparent 50%),
+  radial-gradient(ellipse 50% 40% at 50% 50%,rgba(34,211,238,.04) 0%,transparent 50%);
+  animation:pulse 12s ease-in-out infinite alternate}
+@keyframes pulse{0%{opacity:.6;transform:scale(1)}100%{opacity:1;transform:scale(1.05)}}
+
+.wrap{max-width:1200px;margin:0 auto;padding:32px 24px}
+
+/* ===== Header ===== */
+.hdr{text-align:center;margin-bottom:36px;animation:fadeD .6s ease-out}
+.hdr h1{font-size:2.2em;font-weight:800;letter-spacing:-.03em;
+  background:linear-gradient(135deg,var(--blue),var(--purple),var(--cyan));
+  -webkit-background-clip:text;-webkit-text-fill-color:transparent;background-clip:text}
+.hdr .sub{color:var(--t2);font-size:.95em;margin-top:4px}
+.hdr .ts{color:var(--t3);font-family:var(--mono);font-size:.78em;margin-top:2px}
+
+/* ===== Stat Grid ===== */
+.sg{display:grid;grid-template-columns:repeat(auto-fit,minmax(155px,1fr));gap:14px;margin-bottom:28px;animation:fadeU .7s ease-out}
+.sc{background:var(--cd);backdrop-filter:blur(20px) saturate(1.5);-webkit-backdrop-filter:blur(20px) saturate(1.5);
+  border:1px solid var(--bdr);border-radius:var(--r);padding:18px;text-align:center;
+  transition:all .3s cubic-bezier(.4,0,.2,1);position:relative;overflow:hidden}
+.sc::before{content:'';position:absolute;top:0;left:0;right:0;height:2px;
+  background:linear-gradient(90deg,transparent,var(--ac,var(--blue)),transparent);opacity:0;transition:opacity .3s}
+.sc:hover{transform:translateY(-3px);border-color:var(--glow)}.sc:hover::before{opacity:1}
+.sn{font-size:2.2em;font-weight:800;letter-spacing:-.04em;line-height:1.1}
+.sl{color:var(--t2);font-size:.78em;font-weight:500;margin-top:3px;text-transform:uppercase;letter-spacing:.06em}
+.sc.g{--ac:var(--green)}.sc.g .sn{color:var(--green)}
+.sc.l{--ac:#86efac}.sc.l .sn{color:#86efac}
+.sc.s{--ac:var(--yellow)}.sc.s .sn{color:var(--yellow)}
+.sc.m{--ac:var(--red)}.sc.m .sn{color:var(--red)}
+.sc.r{--ac:var(--cyan)}.sc.r .sn{color:var(--cyan)}
+
+/* ===== Analysis Panels ===== */
+.ag{display:grid;grid-template-columns:1fr 1fr;gap:18px;margin-bottom:28px;animation:fadeU .8s ease-out}
+@media(max-width:768px){.ag{grid-template-columns:1fr}}
+.pn{background:var(--cd);backdrop-filter:blur(20px) saturate(1.5);-webkit-backdrop-filter:blur(20px) saturate(1.5);
+  border:1px solid var(--bdr);border-radius:var(--r);padding:22px}
+.pn h2{font-size:.88em;font-weight:600;color:var(--t2);text-transform:uppercase;letter-spacing:.08em;margin-bottom:14px}
+
+/* Bars */
+.bar-row{display:flex;align-items:center;gap:8px;margin-bottom:8px}
+.bar-label{font-family:var(--mono);font-size:.72em;font-weight:600;width:68px;text-align:right}
+.cat-lbl{font-family:var(--sans);font-weight:500;color:var(--t2);width:110px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}
+.bar-track{flex:1;height:5px;background:rgba(255,255,255,.04);border-radius:3px;overflow:hidden}
+.bar-fill{height:100%;border-radius:3px;transition:width 1.2s cubic-bezier(.4,0,.2,1)}
+.cat-fill{background:linear-gradient(90deg,var(--blue),var(--purple))}
+.bar-ct{font-family:var(--mono);font-size:.76em;color:var(--t3);width:28px}
+
+/* ===== Skill Cards ===== */
+.sec-title{font-size:1.05em;font-weight:700;margin-bottom:14px}
+.card{background:var(--cd);backdrop-filter:blur(16px) saturate(1.4);-webkit-backdrop-filter:blur(16px) saturate(1.4);
+  border:1px solid var(--bdr);border-radius:var(--r);margin-bottom:10px;overflow:hidden;
+  transition:all .3s ease;animation:fadeU .5s ease-out both}
+.card:hover{border-color:var(--glow)}
+.card-mal{border-left:3px solid var(--red)}
+.card-sus{border-left:3px solid var(--yellow)}
+.card-low{border-left:3px solid #86efac}
+.card-ok{border-left:3px solid var(--green)}
+
+.card-head{display:flex;align-items:center;justify-content:space-between;padding:14px 18px;cursor:pointer;list-style:none}
+.card-head::-webkit-details-marker{display:none}
+.card-info{display:flex;align-items:center;gap:8px;flex:1;min-width:0}
+.card-icon{font-size:1.15em}
+.card-name{font-weight:600;font-size:.92em;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}
+.v-pill{font-family:var(--mono);font-size:.66em;font-weight:600;padding:2px 7px;border-radius:4px;letter-spacing:.04em}
+.v-mal{background:rgba(239,68,68,.15);color:var(--red)}
+.v-sus{background:rgba(234,179,8,.15);color:var(--yellow)}
+.v-low{background:rgba(134,239,172,.15);color:#86efac}
+.v-ok{background:rgba(34,197,94,.15);color:var(--green)}
+
+/* Risk Gauge */
+.risk-gauge{width:44px;height:44px;border-radius:50%;flex-shrink:0;display:flex;align-items:center;justify-content:center;position:relative;
+  background:conic-gradient(var(--risk-color) 0deg,var(--risk-color) var(--risk-angle),rgba(255,255,255,.05) var(--risk-angle),rgba(255,255,255,.05) 360deg)}
+.risk-gauge::after{content:'';position:absolute;inset:5px;border-radius:50%;background:var(--bg)}
+.risk-val{position:relative;z-index:1;font-family:var(--mono);font-size:.68em;font-weight:700}
+
+/* Findings Table */
+.card-body{padding:0 18px 14px}
+.ftable{width:100%;border-collapse:collapse;font-size:.82em}
+.ftable th{text-align:left;font-size:.72em;font-weight:600;color:var(--t3);text-transform:uppercase;letter-spacing:.06em;padding:7px 9px;border-bottom:1px solid rgba(255,255,255,.04)}
+.ftable td{padding:7px 9px;border-bottom:1px solid rgba(255,255,255,.025)}
+.f-row{transition:background .2s}.f-row:hover{background:rgba(255,255,255,.02)}
+.pill{font-family:var(--mono);font-size:.7em;font-weight:600;padding:2px 5px;border-radius:3px;letter-spacing:.03em}
+.critical{background:rgba(239,68,68,.15);color:var(--red)}
+.high{background:rgba(249,115,22,.15);color:var(--orange)}
+.medium{background:rgba(234,179,8,.15);color:var(--yellow)}
+.low{background:rgba(34,197,94,.15);color:var(--green)}
+.mono{font-family:var(--mono);font-size:.9em}
+.dim{color:var(--t2)}.muted{color:var(--t3);white-space:nowrap}
+
+/* Empty */
+.empty{text-align:center;padding:48px 20px;background:var(--cd);backdrop-filter:blur(20px);border:1px solid var(--bdr);border-radius:var(--r)}
+.empty .ei{font-size:2.8em;margin-bottom:10px}
+.empty p{color:var(--green);font-size:1.05em;font-weight:600}
+.empty .es{color:var(--t3);font-size:.82em;margin-top:3px}
+
+/* Footer */
+.ft{text-align:center;margin-top:40px;padding-top:20px;border-top:1px solid rgba(255,255,255,.04);color:var(--t3);font-size:.78em}
+.ft a{color:var(--blue);text-decoration:none}.ft a:hover{text-decoration:underline}
+
+/* Animations */
+@keyframes fadeD{from{opacity:0;transform:translateY(-18px)}to{opacity:1;transform:translateY(0)}}
+@keyframes fadeU{from{opacity:0;transform:translateY(14px)}to{opacity:1;transform:translateY(0)}}
+
+/* Responsive */
+@media(max-width:640px){
+  .sg{grid-template-columns:repeat(2,1fr)}.sn{font-size:1.7em}.hdr h1{font-size:1.5em}
+  .ftable{font-size:.74em}
+}
+
+/* Print */
+@media print{
+  body{background:#fff;color:#111}body::before{display:none}
+  .sc,.pn,.card{background:#f8f8f8;backdrop-filter:none;border-color:#ddd}
+  .sn{color:#111!important}.card{break-inside:avoid}
+}
+</style></head><body>
+<div class="wrap">
+<div class="hdr">
+  <h1>🛡️ guard-scanner v${version}</h1>
+  <div class="sub">Security Scan Report</div>
+  <div class="ts">${new Date().toISOString()}</div>
+</div>
+
+<div class="sg">
+  <div class="sc"><div class="sn">${stats.scanned}</div><div class="sl">Scanned</div></div>
+  <div class="sc g"><div class="sn">${stats.clean}</div><div class="sl">Clean</div></div>
+  <div class="sc l"><div class="sn">${stats.low}</div><div class="sl">Low Risk</div></div>
+  <div class="sc s"><div class="sn">${stats.suspicious}</div><div class="sl">Suspicious</div></div>
+  <div class="sc m"><div class="sn">${stats.malicious}</div><div class="sl">Malicious</div></div>
+  <div class="sc r"><div class="sn">${safetyRate}%</div><div class="sl">Safety Rate</div></div>
+</div>
+
+${total > 0 ? `<div class="ag">
+  <div class="pn"><h2>Severity Distribution</h2>${sevBars}</div>
+  <div class="pn"><h2>Top Categories</h2>${catBars}</div>
+</div>` : ''}
+
+<div>
+  <div class="sec-title">Skill Analysis</div>
+  ${cards || `<div class="empty"><div class="ei">✅</div><p>All Clear — No Threats Detected</p><div class="es">${stats.scanned} skill(s) scanned, 0 findings</div></div>`}
+</div>
+
+<div class="ft">
+  guard-scanner v${version} &mdash; Zero dependencies. Zero compromises. 🛡️<br>
+  Built by <a href="https://github.com/koatora20">Guava 🍈 &amp; Dee</a>
+</div>
+</div>
+</body></html>`;
+}
+
+module.exports = { generateHTML };

package/src/ioc-db.js

@@ -0,0 +1,54 @@
+/**
+ * guard-scanner — Indicators of Compromise (IoC) Database
+ *
+ * @security-manifest
+ *   env-read: []
+ *   env-write: []
+ *   network: none
+ *   fs-read: []
+ *   fs-write: []
+ *   exec: none
+ *   purpose: IoC data definitions only — no I/O, pure data export
+ *
+ * Known malicious IPs, domains, URLs, usernames, filenames, and typosquats.
+ * Sources: ClawHavoc campaign, Snyk ToxicSkills, Polymarket scams, community reports.
+ *
+ * Last updated: 2026-02-12
+ */
+
+const KNOWN_MALICIOUS = {
+    ips: [
+        '91.92.242.30',           // ClawHavoc C2
+    ],
+    domains: [
+        'webhook.site',            // Common exfil endpoint
+        'requestbin.com',          // Common exfil endpoint
+        'hookbin.com',             // Common exfil endpoint
+        'pipedream.net',           // Common exfil endpoint
+        'ngrok.io',                // Tunnel (context-dependent)
+        'download.setup-service.com', // ClawHavoc decoy domain
+        'socifiapp.com',           // ClawHavoc v2 AMOS C2
+    ],
+    urls: [
+        'glot.io/snippets/hfd3x9ueu5',  // ClawHavoc macOS payload
+        'github.com/Ddoy233',            // ClawHavoc payload host
+    ],
+    usernames: ['zaycv', 'Ddoy233', 'Sakaen736jih'],   // Known malicious actors
+    filenames: ['openclaw-agent.zip', 'openclawcli.zip'],
+    typosquats: [
+        // ClawHavoc campaign
+        'clawhub', 'clawhub1', 'clawhubb', 'clawhubcli', 'clawwhub', 'cllawhub', 'clawdhub1',
+        // Polymarket scams
+        'polymarket-trader', 'polymarket-pro', 'polytrading',
+        'better-polymarket', 'polymarket-all-in-one',
+        // YouTube scams
+        'youtube-summarize', 'youtube-thumbnail-grabber', 'youtube-video-downloader',
+        // Misc
+        'auto-updater-agent', 'yahoo-finance-pro', 'x-trends-tracker',
+        'lost-bitcoin-finder', 'solana-wallet-tracker', 'rankaj',
+        // Snyk ToxicSkills confirmed malicious
+        'moltyverse-email', 'buy-anything', 'youtube-data', 'prediction-markets-roarin',
+    ],
+};
+
+module.exports = { KNOWN_MALICIOUS };