guard-scanner 4.0.1 → 5.0.1

package/src/scanner.js

@@ -31,7 +31,7 @@ const { KNOWN_MALICIOUS } = require('./ioc-db.js');
 const { generateHTML } = require('./html-template.js');
 
 // ===== CONFIGURATION =====
-const VERSION = '4.0.1';
+const VERSION = '4.1.0';
 
 const THRESHOLDS = {
     normal: { suspicious: 30, malicious: 80 },
@@ -56,6 +56,7 @@ class GuardScanner {
         this.summaryOnly = options.summaryOnly || false;
         this.quiet = options.quiet || false;
         this.checkDeps = options.checkDeps || false;
+        this.soulLock = options.soulLock || false;
         this.scannerDir = path.resolve(__dirname);
         this.thresholds = this.strict ? THRESHOLDS.strict : THRESHOLDS.normal;
         this.findings = [];
@@ -361,6 +362,8 @@ class GuardScanner {
 
     checkPatterns(content, relFile, fileType, findings, patterns = PATTERNS) {
         for (const pattern of patterns) {
+            // Soul Lock: skip identity-hijack/memory-poisoning patterns unless --soul-lock is enabled
+            if (pattern.soulLock && !this.soulLock) continue;
             if (pattern.codeOnly && fileType !== 'code') continue;
             if (pattern.docOnly && fileType !== 'doc' && fileType !== 'skill-doc') continue;
             if (!pattern.all && !pattern.codeOnly && !pattern.docOnly) continue;

package/ts-src/__tests__/scanner.test.ts

@@ -60,7 +60,7 @@ describe('guard-scanner v3.0.0', () => {
     // ── Version ─────────────────────────────────────────────────────────────
 
     it('T01: exports correct version', () => {
-        assert.equal(VERSION, '3.2.0');
+        assert.equal(VERSION, '5.0.0');
     });
 
     // ── IoC Detection ───────────────────────────────────────────────────────

package/ts-src/cli.ts

@@ -16,36 +16,48 @@ const args = process.argv.slice(2);
 
 if (args.includes('--help') || args.includes('-h')) {
     console.log(`
-🛡️  guard-scanner v${VERSION} — Agent Skill Security Scanner (TypeScript)
+🛡️  guard-scanner v${VERSION} — Agent Skill Security Scanner
 
 Usage: guard-scanner [scan-dir] [options]
+       guard-scanner install-check <skill-path> [--strict] [--json] [--verbose]
 
 Options:
   --verbose, -v       Detailed findings with categories and samples
-  --json              Write JSON report to file
-  --sarif             Write SARIF report to file (GitHub Code Scanning / CI/CD)
-  --format json|sarif Print JSON or SARIF to stdout (pipeable, v3.2.0)
+  --json              Write JSON report to guard-scanner-report.json
+  --sarif             Write SARIF 2.1.0 report to guard-scanner.sarif
+  --html              Write HTML dashboard to guard-scanner-report.html
+  --format json|sarif Print JSON or SARIF to stdout (pipeable)
   --quiet             Suppress all text output (use with --format for clean pipes)
   --self-exclude      Skip scanning the guard-scanner skill itself
-  --strict            Lower detection thresholds (more sensitive)
+  --strict            Lower detection thresholds (suspicious: 20, malicious: 60)
   --summary-only      Only print the summary table
   --check-deps        Scan package.json for dependency chain risks
   --rules <file>      Load custom rules from JSON file
-  --plugin <file>     Load plugin module
+  --plugin <file>     Load plugin module (repeatable)
   --fail-on-findings  Exit code 1 if any findings (CI/CD)
   --help, -h          Show this help
 
-New in v3.0.0:
-  • TypeScript rewrite with full type safety
-  • Compaction Layer Persistence detection (Feb 20 2026 attack vector)
-  • Threat signature hash matching (hbg-scan compatible)
-  • 7 built-in threat signatures (SIG-001 to SIG-007)
-  • Enhanced risk scoring for compaction-persistence category
+Exit codes:
+  0   No malicious skills
+  1   Malicious skill(s) detected, or --fail-on-findings with any findings
+  2   Invalid scan directory
+
+New in v4.0.0:
+  • Runtime Guard module (src/runtime-guard.js) + OpenClaw plugin (hooks/guard-scanner/plugin.ts)
+  • OWASP Agentic Security Initiative ASI01-10 verified (90% coverage)
+  • 5-layer defense: Threat / Trust / Safety Judge / Brain / Trust Exploitation
+  • 26 runtime checks (before_tool_call hook)
+
+New in v3.2.0:
+  • --format json|sarif (stdout, CI/CD pipeable)
+  • --quiet (suppress terminal output)
 
 Examples:
   guard-scanner ./skills/ --verbose --self-exclude
-  guard-scanner ./skills/ --strict --json --sarif --check-deps
+  guard-scanner ./skills/ --strict --json --sarif --html --check-deps
+  guard-scanner ./skills/ --format json --quiet | jq '.stats'
   guard-scanner ./skills/ --fail-on-findings
+  guard-scanner install-check ./my-skill/ --strict --verbose
 `);
     process.exit(0);
 }
@@ -127,6 +139,8 @@ const checkDeps = args.includes('--check-deps');
 const failOnFindings = args.includes('--fail-on-findings');
 const quietMode = args.includes('--quiet');
 
+const htmlOutput = args.includes('--html');
+
 // --format json|sarif → stdout output (v3.2.0)
 const formatIdx = args.indexOf('--format');
 const formatValue = formatIdx >= 0 ? args[formatIdx + 1] : undefined;
@@ -168,6 +182,13 @@ if (jsonOutput) {
     if (!quietMode && !formatValue) console.log(`\n📄 JSON report: ${outPath}`);
 }
 
+if (htmlOutput) {
+    const html = scanner.toHTML();
+    const outPath = path.join(scanDir, 'guard-scanner-report.html');
+    fs.writeFileSync(outPath, html);
+    if (!quietMode && !formatValue) console.log(`\n📄 HTML report: ${outPath}`);
+}
+
 if (sarifOutput) {
     const outPath = path.join(scanDir, 'guard-scanner.sarif');
     fs.writeFileSync(outPath, JSON.stringify(scanner.toSARIF(scanDir), null, 2));

package/ts-src/index.ts

@@ -13,3 +13,15 @@ export type {
 export { KNOWN_MALICIOUS, SIGNATURES_DB } from './ioc-db.js';
 export { PATTERNS } from './patterns.js';
 export { QuarantineNode, QuarantineResult } from './quarantine.js';
+export {
+    guardScan,
+    guardScanJson,
+    GuardScanResult,
+    GuardCheck,
+    GuardDetection,
+    GuardOptions,
+    LAYER_1_CHECKS,
+    LAYER_2_CHECKS,
+    LAYER_3_CHECKS,
+    LAYER_4_CHECKS
+} from './runtime.js';

package/ts-src/patterns.ts

@@ -88,7 +88,7 @@ export const PATTERNS: PatternRule[] = [
     // ── PII Exposure (OWASP LLM02) ───────────────────────────────────────
     { id: 'PII_EMAIL', cat: 'pii-exposure', regex: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g, severity: 'MEDIUM', desc: 'Email address detected', all: true, owasp: 'LLM02' },
     { id: 'PII_PHONE_JP', cat: 'pii-exposure', regex: /0[789]0-?\d{4}-?\d{4}/g, severity: 'HIGH', desc: 'Japanese phone number', all: true, owasp: 'LLM02' },
-    { id: 'PII_MY_NUMBER', cat: 'pii-exposure', regex: /\d{4}\s*\d{4}\s*\d{4}/g, severity: 'CRITICAL', desc: 'Potential My Number (個人番号)', all: true, owasp: 'LLM02' },
+    { id: 'PII_MY_NUMBER', cat: 'pii-exposure', regex: /(?<!\d)\d{4}\s*\d{4}\s*\d{4}(?!\d)/g, severity: 'CRITICAL', desc: 'Potential My Number (個人番号)', all: true, owasp: 'LLM02' },
 
     // ── Shadow AI (OWASP LLM03 — Supply Chain) ───────────────────────────
     { id: 'SHADOW_AI_OPENAI', cat: 'shadow-ai', regex: /api\.openai\.com/gi, severity: 'HIGH', desc: 'Direct OpenAI API call (Shadow AI)', codeOnly: true, owasp: 'LLM03' },

package/ts-src/runtime.ts

@@ -0,0 +1,240 @@
+/**
+ * guard-scanner v5.0.0 — Runtime Guard
+ *
+ * 22-pattern runtime threat detection across 4 defense layers:
+ *   Layer 1: Runtime Threat Detection (13 patterns) — Payload & execution defense
+ *   Layer 2: Trust Defense (5 patterns) — Memory/SOUL write protection
+ *   Layer 3: Safety Judge (4 patterns) — Relational integrity checks
+ *   Layer 4: Brain Behavioral Guard (1 pattern) — B-mem anomaly detection
+ *
+ * All patterns are deterministic regex-based checks. Zero LLM dependency.
+ * Designed to block 2026-era Moltbook prompt injections and ClawHavoc RCE vectors.
+ */
+
+export interface GuardCheck {
+    id: string;
+    layer: 1 | 2 | 3 | 4;
+    severity: "CRITICAL" | "HIGH" | "MEDIUM";
+    desc: string;
+    test: (s: string) => boolean;
+}
+
+export interface GuardDetection {
+    id: string;
+    layer: number;
+    severity: string;
+    desc: string;
+}
+
+// ── Layer 1: Runtime Threat Detection (13 patterns) ──
+
+export const LAYER_1_CHECKS: GuardCheck[] = [
+    {
+        id: "RT_REVSHELL", layer: 1, severity: "CRITICAL",
+        desc: "Reverse shell attempt",
+        test: (s) => /\/dev\/tcp\/|nc\s+-e|ncat\s+-e|bash\s+-i\s+>&|socat\s+TCP/i.test(s),
+    },
+    {
+        id: "RT_CRED_EXFIL", layer: 1, severity: "CRITICAL",
+        desc: "Credential exfiltration to external",
+        test: (s) => /(webhook\.site|requestbin\.com|hookbin\.com|pipedream\.net|ngrok\.io|socifiapp\.com)/i.test(s) &&
+            /(token|key|secret|password|credential|env)/i.test(s),
+    },
+    {
+        id: "RT_GUARDRAIL_OFF", layer: 1, severity: "CRITICAL",
+        desc: "Guardrail disabling attempt",
+        test: (s) => /exec\.approvals?\s*[:=]\s*['"]?(off|false)|tools\.exec\.host\s*[:=]\s*['"]?gateway/i.test(s),
+    },
+    {
+        id: "RT_GATEKEEPER", layer: 1, severity: "CRITICAL",
+        desc: "macOS Gatekeeper bypass (xattr)",
+        test: (s) => /xattr\s+-[crd]\s.*quarantine/i.test(s),
+    },
+    {
+        id: "RT_AMOS", layer: 1, severity: "CRITICAL",
+        desc: "ClawHavoc AMOS indicator",
+        test: (s) => /socifiapp|Atomic\s*Stealer|AMOS/i.test(s),
+    },
+    {
+        id: "RT_MAL_IP", layer: 1, severity: "CRITICAL",
+        desc: "Known malicious IP",
+        test: (s) => /91\.92\.242\.30/i.test(s),
+    },
+    {
+        id: "RT_DNS_EXFIL", layer: 1, severity: "HIGH",
+        desc: "DNS-based exfiltration",
+        test: (s) => /nslookup\s+.*\$|dig\s+.*\$.*@/i.test(s),
+    },
+    {
+        id: "RT_B64_SHELL", layer: 1, severity: "CRITICAL",
+        desc: "Base64 decode piped to shell",
+        test: (s) => /base64\s+(-[dD]|--decode)\s*\|\s*(sh|bash)/i.test(s),
+    },
+    {
+        id: "RT_CURL_BASH", layer: 1, severity: "CRITICAL",
+        desc: "Download piped to shell",
+        test: (s) => /(curl|wget)\s+[^\n]*\|\s*(sh|bash|zsh)/i.test(s),
+    },
+    {
+        id: "RT_SSH_READ", layer: 1, severity: "HIGH",
+        desc: "SSH private key access",
+        test: (s) => /\.ssh\/id_|\.ssh\/authorized_keys/i.test(s),
+    },
+    {
+        id: "RT_WALLET", layer: 1, severity: "HIGH",
+        desc: "Crypto wallet credential access",
+        test: (s) => /wallet.*(?:seed|mnemonic|private.*key)|seed.*phrase/i.test(s),
+    },
+    {
+        id: "RT_CLOUD_META", layer: 1, severity: "CRITICAL",
+        desc: "Cloud metadata endpoint access",
+        test: (s) => /169\.254\.169\.254|metadata\.google|metadata\.aws/i.test(s),
+    },
+    {
+        id: "RT_ENV_INJECT", layer: 1, severity: "CRITICAL",
+        desc: "Environment variable injection via file write (CVE-2026-27203 vector)",
+        test: (s) => /(?:update|write|modify|overwrite|set)\s*.*(?:\.env|\.envrc|env\s*file|environment\s*var)/i.test(s) &&
+            /(?:api.?key|token|secret|password|credential|auth)/i.test(s),
+    },
+];
+
+// ── Layer 2: Trust Defense (5 patterns) ──
+
+export const LAYER_2_CHECKS: GuardCheck[] = [
+    {
+        id: "RT_MEM_WRITE", layer: 2, severity: "HIGH",
+        desc: "Direct write to memory/ directory (bypass memory API)",
+        test: (s) => /(?:write|create|save|echo\s+.*>)\s*.*memory\//i.test(s) &&
+            !/memory_write|memory_store|memoryWrite|memoryStore/i.test(s),
+    },
+    {
+        id: "RT_MEM_INJECT", layer: 2, severity: "CRITICAL",
+        desc: "Episode/SOUL injection via memory write",
+        test: (s) => /(memory_write|memoryWrite).*(?:SOUL|soul\.md|identity\.md|IDENTITY)/i.test(s) ||
+            /(inject|override|replace).*(?:episode|soul|identity|memory\.md)/i.test(s),
+    },
+    {
+        id: "RT_SOUL_REWRITE", layer: 2, severity: "CRITICAL",
+        desc: "Cognitive SOUL.md reinterpretation attempt",
+        test: (s) => /(?:rewrite|modify|update|change|edit)\s*.*(?:SOUL\.md|soul\s+file|core\s+identity)/i.test(s) ||
+            /(?:new|better|improved)\s+(?:personality|identity|soul)/i.test(s),
+    },
+    {
+        id: "RT_MEM_POISON", layer: 2, severity: "CRITICAL",
+        desc: "Memory Poisoning: semantic mimicry injection (MemoryGraft/MINJA vector)",
+        test: (s) => /(?:always\s+remember|never\s+forget|from\s+now\s+on|new\s+rule|override\s+previous).*(?:memory|episode|zettel|L[0-6])/i.test(s) ||
+            /(?:insert|inject|plant|embed)\s+.*(?:false|fake|fabricat)\s*(?:memory|episode|experience)/i.test(s),
+    },
+    {
+        id: "RT_IDENTITY_THEFT", layer: 2, severity: "CRITICAL",
+        desc: "Identity file exfiltration (infostealer/SOUL theft vector)",
+        test: (s) => /(?:cat|read|copy|send|upload|exfil)\s*.*(?:SOUL\.md|IDENTITY\.md|USER\.md|\.openclaw)/i.test(s) &&
+            /(?:external|remote|webhook|server|upload|post|curl)/i.test(s),
+    },
+];
+
+// ── Layer 3: Safety Judge (4 patterns) ──
+
+export const LAYER_3_CHECKS: GuardCheck[] = [
+    {
+        id: "PJ_EQUALITY_BYPASS", layer: 3, severity: "CRITICAL",
+        desc: "Using equality/parity to justify safety bypass",
+        test: (s) => /(?:as\s+(?:your|an)\s+equal|equal\s+partner|we\s+are\s+equals?).*(?:bypass|skip|ignore|disable|override)\s*(?:safety|guard|rule|restriction|limit)/i.test(s),
+    },
+    {
+        id: "PJ_WARMTH_BYPASS", layer: 3, severity: "CRITICAL",
+        desc: "Using warmth/attachment to justify safety bypass",
+        test: (s) => /(?:for\s+(?:your|dee'?s?)\s+(?:own\s+)?good|to\s+(?:protect|help|save)\s+(?:you|dee)).*(?:bypass|skip|ignore|disable|override)\s*(?:safety|guard|rule|restriction|limit)/i.test(s),
+    },
+    {
+        id: "PJ_SUPERIORITY", layer: 3, severity: "HIGH",
+        desc: "Superiority bias (teaching/patronizing posture)",
+        test: (s) => /(?:you\s+(?:don'?t|do\s+not)\s+understand|let\s+me\s+(?:explain|teach)\s+(?:you|this)|you\s+(?:need|should)\s+(?:learn|understand))\s+.*(?:how\s+(?:it|this)\s+(?:works|is)|the\s+(?:right|correct|proper)\s+way)/i.test(s),
+    },
+    {
+        id: "PJ_CAPABILITY_DENIAL", layer: 3, severity: "MEDIUM",
+        desc: "Denial of capability difference",
+        test: (s) => /(?:we\s+are\s+(?:the\s+)?same|no\s+(?:real\s+)?difference\s+between\s+(?:us|human|ai))/i.test(s) &&
+            /(?:capability|ability|intelligence|cognition|skill)/i.test(s),
+    },
+];
+
+// ── Layer 4: Brain Behavioral Guard (1 pattern) ──
+
+export const LAYER_4_CHECKS: GuardCheck[] = [
+    {
+        id: "RT_BEHAVIORAL_ANOMALY", layer: 4, severity: "CRITICAL",
+        desc: "CRITICAL behavioral anomaly (Z-score > 3.5) detected by B-mem",
+        test: (s) => /\[BMEM_CRITICAL\]/i.test(s),
+    }
+];
+
+export interface GuardOptions {
+    soulLock?: boolean;
+}
+
+export interface GuardScanResult {
+    ok: boolean;
+    tool: string | null;
+    total_patterns: number;
+    soul_lock_enabled: boolean;
+    detections_count: number;
+    detections: GuardDetection[];
+    layers: {
+        threat_detection: number;
+        trust_defense: number;
+        safety_judge: number;
+        behavioral_guard: number;
+    };
+}
+
+/**
+ * Scan text against runtime guard patterns.
+ * Base patterns (14) run by default.
+ * Options.soulLock = true enables 9 identity/trust enforcement patterns.
+ */
+export function guardScan(text: string, toolName?: string, options?: GuardOptions): GuardScanResult {
+    const detections: GuardDetection[] = [];
+    const useSoulLock = options?.soulLock === true;
+
+    const activeChecks: GuardCheck[] = [...LAYER_1_CHECKS, ...LAYER_4_CHECKS];
+
+    if (useSoulLock) {
+        activeChecks.push(...LAYER_2_CHECKS);
+        activeChecks.push(...LAYER_3_CHECKS);
+    }
+
+    for (const check of activeChecks) {
+        if (check.test(text)) {
+            detections.push({
+                id: check.id,
+                layer: check.layer,
+                severity: check.severity,
+                desc: check.desc,
+            });
+        }
+    }
+
+    return {
+        ok: true,
+        tool: toolName || null,
+        total_patterns: activeChecks.length,
+        soul_lock_enabled: useSoulLock,
+        detections_count: detections.length,
+        detections,
+        layers: {
+            threat_detection: LAYER_1_CHECKS.length,
+            trust_defense: useSoulLock ? LAYER_2_CHECKS.length : 0,
+            safety_judge: useSoulLock ? LAYER_3_CHECKS.length : 0,
+            behavioral_guard: LAYER_4_CHECKS.length,
+        },
+    };
+}
+
+/**
+ * Convenience method that returns a JSON string, directly backwards-compatible
+ * with the original `guardScan` function signature.
+ */
+export function guardScanJson(text: string, toolName?: string, options?: GuardOptions): string {
+    return JSON.stringify(guardScan(text, toolName, options), null, 2);
+}

package/ts-src/scanner.ts

@@ -23,7 +23,7 @@ import { PATTERNS } from './patterns.js';
 
 // ── Constants ───────────────────────────────────────────────────────────────
 
-export const VERSION = '3.2.0';
+export const VERSION = '4.0.1';
 
 const THRESHOLDS_MAP: Record<string, Thresholds> = {
     normal: { suspicious: 30, malicious: 80 },
@@ -1008,4 +1008,73 @@ export class GuardScanner {
             }],
         };
     }
+    toHTML(): string {
+        const report = this.toJSON();
+        const ts = new Date().toISOString().replace('T', ' ').slice(0, 19) + ' UTC';
+        const severityColor: Record<string, string> = {
+            CRITICAL: '#ff4444', HIGH: '#ff8800', MEDIUM: '#ffcc00', LOW: '#aaaaaa',
+        };
+        const verdictColor: Record<string, string> = {
+            MALICIOUS: '#ff4444', SUSPICIOUS: '#ffcc00', 'LOW RISK': '#44cc88', CLEAN: '#44cc88',
+        };
+
+        const rows = report.findings.map(sr => {
+            const color = verdictColor[sr.verdict] || '#aaaaaa';
+            const findingRows = sr.findings.map(f => {
+                const c = severityColor[f.severity] || '#aaaaaa';
+                const loc = f.file ? `${f.file}${f.line ? ':' + f.line : ''}` : '—';
+                const sample = f.sample ? `<code>${f.sample.replace(/</g, '&lt;')}</code>` : '—';
+                return `<tr><td style="color:${c};font-weight:bold">${f.severity}</td><td>${f.id}</td><td>${f.desc}</td><td>${loc}</td><td>${sample}</td></tr>`;
+            }).join('');
+            const badge = `<span style="background:${color};color:#000;padding:2px 8px;border-radius:4px;font-weight:bold;font-size:0.85em">${sr.verdict}</span>`;
+            return `<tr><td colspan="5" style="background:#1a1a2e;padding:8px 12px;font-weight:bold">
+                🛡️ ${sr.skill} — ${badge} (risk: ${sr.risk})</td></tr>${findingRows}`;
+        }).join('');
+
+        const total = report.stats.scanned;
+        const safe = report.stats.clean + report.stats.low;
+        const safeRate = total ? Math.round(safe / total * 100) : 0;
+
+        return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>guard-scanner v${VERSION} Report</title>
+<style>
+  body { font-family: 'Segoe UI', system-ui, sans-serif; background: #0d0d1a; color: #e0e0e0; margin: 0; padding: 24px; }
+  h1 { color: #7ec8e3; margin: 0 0 4px; }
+  .meta { color: #888; font-size: 0.85em; margin-bottom: 24px; }
+  .stats { display: flex; gap: 16px; margin-bottom: 24px; flex-wrap: wrap; }
+  .stat { background: #1a1a2e; border: 1px solid #333; border-radius: 8px; padding: 12px 20px; text-align: center; min-width: 80px; }
+  .stat-label { font-size: 0.75em; color: #888; margin-bottom: 4px; }
+  .stat-val { font-size: 1.8em; font-weight: bold; }
+  table { width: 100%; border-collapse: collapse; margin-top: 8px; }
+  th { background: #1a1a2e; padding: 8px 12px; text-align: left; font-size: 0.85em; color: #888; border-bottom: 1px solid #333; }
+  td { padding: 6px 12px; border-bottom: 1px solid #222; font-size: 0.85em; vertical-align: top; }
+  tr:hover td { background: #13132a; }
+  code { background: #1e1e3a; padding: 1px 4px; border-radius: 3px; font-family: monospace; font-size: 0.9em; word-break: break-all; }
+  .clean { color: #44cc88; font-weight: bold; }
+  .footer { margin-top: 32px; color: #555; font-size: 0.8em; }
+</style>
+</head>
+<body>
+<h1>🛡️ guard-scanner v${VERSION}</h1>
+<div class="meta">Generated: ${ts} | Mode: ${report.mode} | Thresholds: suspicious≥${report.thresholds.suspicious}, malicious≥${report.thresholds.malicious}</div>
+<div class="stats">
+  <div class="stat"><div class="stat-label">Scanned</div><div class="stat-val">${report.stats.scanned}</div></div>
+  <div class="stat"><div class="stat-label">Clean</div><div class="stat-val" style="color:#44cc88">${report.stats.clean}</div></div>
+  <div class="stat"><div class="stat-label">Low Risk</div><div class="stat-val" style="color:#44cc88">${report.stats.low}</div></div>
+  <div class="stat"><div class="stat-label">Suspicious</div><div class="stat-val" style="color:#ffcc00">${report.stats.suspicious}</div></div>
+  <div class="stat"><div class="stat-label">Malicious</div><div class="stat-val" style="color:#ff4444">${report.stats.malicious}</div></div>
+  <div class="stat"><div class="stat-label">Safety Rate</div><div class="stat-val" style="color:${safeRate >= 80 ? '#44cc88' : '#ff8800'}">${safeRate}%</div></div>
+</div>
+${report.findings.length === 0 ? '<p class="clean">✅ All clear — no threats detected.</p>' : `
+<table>
+<thead><tr><th>Severity</th><th>Pattern ID</th><th>Description</th><th>Location</th><th>Sample</th></tr></thead>
+<tbody>${rows}</tbody>
+</table>`}
+<div class="footer">guard-scanner v${VERSION} | IoC DB: ${report.iocVersion} | Signatures: ${report.signaturesVersion} | <a href="https://github.com/koatora20/guard-scanner" style="color:#7ec8e3">GitHub</a></div>
+</body></html>`;
+    }
 }