npm - guard-scanner - Versions diffs - 4.0.0 → 4.0.1 - Mend

guard-scanner 4.0.0 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -12,7 +12,7 @@
     <img src="https://img.shields.io/badge/dependencies-0-success?style=flat-square" alt="Zero Dependencies">
     <img src="https://img.shields.io/badge/tests-133%2F133-brightgreen?style=flat-square" alt="Tests Passing">
     <img src="https://img.shields.io/badge/OWASP_Agentic-90%25-green?style=flat-square" alt="OWASP Agentic 90%">
-    <img src="https://img.shields.io/badge/patterns-190%2B-blueviolet?style=flat-square" alt="190+ Patterns">
+    <img src="https://img.shields.io/badge/patterns-210%2B-blueviolet?style=flat-square" alt="210+ Patterns">
   </p>
   <p align="center">
     <a href="#quick-start">Quick Start</a> •
@@ -50,8 +50,8 @@ The AI agent skill ecosystem has the same supply-chain security problem that npm
 | Feature | Description |
 |---|---|
 | **22 Threat Categories** | Snyk ToxicSkills + OWASP Agentic Top 10 + Identity Hijack + PII + Trust Exploitation |
-| **190+ Static Patterns** | Regex-based static analysis covering code, docs, and data files |
-| **26 Runtime Checks** | Real-time `before_tool_call` hook — 5-layer defense (v3.4.0) |
+| **210+ Static Patterns** | Regex-based static analysis covering code, docs, and data files |
+| **26 Runtime Checks** | Real-time `before_tool_call` hook — 5-layer defense (v4.0.0) |
 | **IoC Database** | Known malicious IPs, domains, URLs, usernames, and typosquat names |
 | **Data Flow Analysis** | Lightweight JS analysis: secret reads → network calls → exec chains |
 | **Cross-File Analysis** | Phantom references, base64 fragment assembly, multi-file exfil detection |
@@ -92,7 +92,7 @@ npx guard-scanner ./skills/ --verbose --check-deps --json --sarif --html
 **Output looks like this:**
 ```
-🛡️  guard-scanner v3.4.0
+🛡️  guard-scanner v4.0.0
 ══════════════════════════════════════════════════════
 📂 Scanning: ./skills/
 📦 Skills found: 5
@@ -131,7 +131,7 @@ Layer 4: Brain / Behavioral    — 3 checks  (research skip, blind trust, chain
 Layer 5: Trust Exploitation    — 4 checks  (OWASP ASI09: authority/trust/audit abuse)
 ```
-> **v3.4.0** — Runtime Guard now available as standalone JS module (`src/runtime-guard.js`) + OpenClaw plugin (`hooks/guard-scanner/plugin.ts`).
+> **v4.0.0** — Runtime Guard now available as standalone JS module (`src/runtime-guard.js`) + OpenClaw plugin (`hooks/guard-scanner/plugin.ts`).
 ### Quick Start
@@ -608,7 +608,7 @@ OpenClaw's official [`THREAT-MODEL-ATLAS.md`](https://github.com/openclaw/opencl
 | Gap (from ATLAS / Source Code) | OpenClaw Status | guard-scanner |
 |---|---|---|
-| _"Simple regex easily bypassed"_ — ClawHub moderation | ⚠️ Basic `FLAG_RULES` | ✅ 129 patterns, 21 categories |
+| _"Simple regex easily bypassed"_ — ClawHub moderation | ⚠️ Basic `FLAG_RULES` | ✅ 129 patterns, 22 categories |
 | _"Does not analyze actual skill code content"_ | ❌ Not implemented | ✅ Full code + doc + data flow analysis |
 | No SOUL.md / IDENTITY.md integrity verification | ❌ Not implemented | ✅ Identity hijacking detection (Cat 17) |
 | `skill:before_install` hook | ❌ Not implemented | 🔜 Proposed ([Issue #18677](https://github.com/openclaw/openclaw/issues/18677)) |
@@ -719,7 +719,7 @@ clawhub install guava-suite
 | | guard-scanner (Free) | GuavaSuite ($GUAVA) |
 |---|---|---|
-| Static scan (129 patterns, 21 categories) | ✅ | ✅ |
+| Static scan (129 patterns, 22 categories) | ✅ | ✅ |
 | Runtime Guard — `enforce` (block CRITICAL) | ✅ | ✅ |
 | **Runtime Guard — `strict` (block HIGH + CRITICAL)** | ❌ | ✅ |
 | **Soul Lock** (SOUL.md integrity + auto-rollback) | ❌ | ✅ |
@@ -739,7 +739,7 @@ guard-scanner is and always will be **free, open-source, and zero-dependency**.
 | v2.0.0 ✅ | **Plugin Hook Runtime Guard** | `block`/`blockReason` API, 3 modes, 91 tests |
 | v2.1.0 ✅ | **PII Exposure + Shadow AI** | 13 PII patterns, OWASP LLM02/06, 99 tests |
 | v3.0.0 ✅ | **TypeScript Rewrite** | Full TS, OWASP LLM Top 10 mapping |
-| v3.4.0 ✅ | **Runtime Guard Module + OWASP ASI** | 26 runtime checks (5 layers), ASI01-10 verified, 133 tests |
+| v4.0.0 ✅ | **Runtime Guard Module + OWASP ASI** | 26 runtime checks (5 layers), ASI01-10 verified, 133 tests |
 | **v4.0** 🔜 | **LLM + OS + Multi-tool** | See below |
 ### v4.0 Vision (feedback welcome!)
@@ -748,7 +748,7 @@ guard-scanner is and always will be **free, open-source, and zero-dependency**.
 |-----------|------|-----|
 | 🧠 **LLM-assisted detection** | Pass suspicious (not certain) cases to a lightweight LLM (Haiku/Flash) for intent analysis | Regex can be evaded; LLMs understand intent |
 | 🔒 **OS-level enforcement** | File watcher (auto-rollback SOUL.md/.env), process monitor (kill netcat/socat), daemon mode | Works regardless of which AI tool you use |
-| 🔌 **Multi-tool support** | Adapters for Claude Code, Cursor, Antigravity, Windsurf, MCP servers | Same 190+ patterns, different skill discovery per tool |
+| 🔌 **Multi-tool support** | Adapters for Claude Code, Cursor, Antigravity, Windsurf, MCP servers | Same 210+ patterns, different skill discovery per tool |
 > **Which matters most to you?** Open an issue or join the discussion! We're building this for the community.

package/SKILL.md CHANGED Viewed

@@ -5,7 +5,7 @@ description: >
   from ClawHub or external sources. Detects prompt injection, credential theft,
   exfiltration, identity hijacking, sandbox violations, code complexity, config impact,
   and 17 more threat categories.
-  Includes a Runtime Guard hook (22 patterns, 4 layers) that blocks dangerous tool calls in real-time.
+  Includes a Runtime Guard hook (26 patterns, 5 layers, 0.016ms/scan) that blocks dangerous tool calls in real-time.
 homepage: https://github.com/koatora20/guard-scanner
 metadata:
   clawdbot:
@@ -29,7 +29,7 @@ metadata:
 # guard-scanner 🛡️
 Static + runtime security scanner for AI agent skills.
-**186+ threat patterns (static) + 22 runtime patterns (4 layers)** across **20 categories** — zero dependencies.
+**210+ threat patterns (static) + 26 runtime patterns (5 layers)** across **22 categories** — zero dependencies. **0.016ms/scan.**
 ## When To Use This Skill
@@ -54,9 +54,9 @@ Scan a specific skill:
 node skills/guard-scanner/src/cli.js /path/to/new-skill/ --strict --verbose
 ```
-### 2. Runtime Guard (OpenClaw) — ⚠️ warn-only currently
+### 2. Runtime Guard (OpenClaw Plugin Hook)
-> **Note:** OpenClaw `InternalHookEvent` does not yet expose cancel/veto. Runtime hook detections are warning + audit log until [Issue #18677](https://github.com/openclaw/openclaw/issues/18677) is adopted.
+Blocks dangerous tool calls in real-time via `before_tool_call` hook. 26 patterns, 5 layers, 3 enforcement modes.
 ```bash
 openclaw hooks install skills/guard-scanner/hooks/guard-scanner
@@ -82,10 +82,8 @@ Set in `openclaw.json` → `hooks.internal.entries.guard-scanner.mode`:
 | Mode | Intended Behavior | Current Status |
 |------|-------------------|----------------|
 | `monitor` | Log all, never block | ✅ Fully working |
-| `enforce` (default) | Block CRITICAL threats | ⚠️ Warn only (cancel API pending) |
-| `strict` | Block HIGH + CRITICAL | ⚠️ Warn only (cancel API pending) |
-> **Note:** OpenClaw's `InternalHookEvent` does not yet expose a `cancel`/`veto` mechanism. All detections are currently logged and warned via `event.messages`, but tool execution cannot be blocked. Blocking will be enabled when the cancel API is added.
+| `enforce` (default) | Block CRITICAL threats | ✅ Fully working |
+| `strict` | Block HIGH + CRITICAL | ✅ Fully working |
 ## Threat Categories
@@ -141,7 +139,7 @@ an AI agent's SOUL.md personality file, and no existing tool could detect it.
 - **Open source**: Full source code available at https://github.com/koatora20/guard-scanner
 - **Zero dependencies**: Nothing to audit, no transitive risks
-- **Test suite**: 55 tests across 13 sections, 100% pass rate
+- **Test suite**: 133 tests across 24 suites, 100% pass rate
 - **Taxonomy**: Based on Snyk ToxicSkills (Feb 2026), OWASP MCP Top 10, and original research
 - **Complementary to VirusTotal**: Detects prompt injection and LLM-specific attacks
   that VirusTotal's signature-based scanning cannot catch

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
     "name": "guard-scanner",
-    "version": "4.0.0",
-    "description": "Agent security scanner + runtime guard — 190+ static patterns, 26 runtime checks (5 layers), 0.016ms/scan, before_tool_call hook, CLI, SARIF. OpenClaw-compatible plugin.",
+    "version": "4.0.1",
+    "description": "Agent security scanner + runtime guard — 210+ static patterns (22 categories), 26 runtime checks (5 layers), 0.016ms/scan, before_tool_call hook, CLI, SARIF. OpenClaw-compatible plugin.",
     "openclaw.extensions": "./openclaw.plugin.json",
     "main": "dist/index.js",
     "types": "dist/index.d.ts",

package/src/scanner.js CHANGED Viewed

@@ -31,7 +31,7 @@ const { KNOWN_MALICIOUS } = require('./ioc-db.js');
 const { generateHTML } = require('./html-template.js');
 // ===== CONFIGURATION =====
-const VERSION = '4.0.0';
+const VERSION = '4.0.1';
 const THRESHOLDS = {
     normal: { suspicious: 30, malicious: 80 },