hackmyagent-core 0.4.2 → 0.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/README.md +374 -353
  2. package/dist/hardening/scanner.d.ts +1 -1
  3. package/dist/hardening/scanner.d.ts.map +1 -1
  4. package/dist/hardening/scanner.js +60 -2
  5. package/dist/hardening/scanner.js.map +1 -1
  6. package/dist/hardening/scanner.test.js +48 -0
  7. package/dist/hardening/scanner.test.js.map +1 -1
  8. package/dist/index.d.ts +3 -1
  9. package/dist/index.d.ts.map +1 -1
  10. package/dist/index.js +7 -2
  11. package/dist/index.js.map +1 -1
  12. package/dist/registry/client.d.ts +74 -0
  13. package/dist/registry/client.d.ts.map +1 -0
  14. package/dist/registry/client.js +159 -0
  15. package/dist/registry/client.js.map +1 -0
  16. package/dist/registry/index.d.ts +3 -0
  17. package/dist/registry/index.d.ts.map +1 -0
  18. package/dist/registry/index.js +8 -0
  19. package/dist/registry/index.js.map +1 -0
  20. package/package.json +1 -1
package/dist/hardening/scanner.d.ts CHANGED
@@ -136,7 +136,7 @@ export declare class HardeningScanner {
136
136
  */
137
137
  private checkOpenclawSupplyChain;
138
138
  /**
139
- * OpenClaw CVE-specific checks (CVE-001, CVE-002)
139
+ * OpenClaw CVE-specific checks (CVE-001, CVE-002, CVE-003, CVE-004)
140
140
  */
141
141
  private checkOpenclawCVE;
142
142
  }
package/dist/hardening/scanner.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/hardening/scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAE,UAAU,EAA0C,MAAM,kBAAkB,CAAC;AAyD3F,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,0CAA0C;IAC1C,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,0DAA0D;IAC1D,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AA8HD,qBAAa,gBAAgB;IAE3B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAelC;IAEF;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAMvB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;YA8NvC,cAAc;IAsE5B;;OAEG;YACW,iBAAiB;IA+F/B;;OAEG;IACH,OAAO,CAAC,gBAAgB;YAeV,uBAAuB;YAmGvB,aAAa;YAgDb,cAAc;YA+Fd,oBAAoB;YAwDpB,gBAAgB;YA0IhB,oBAAoB;YAgFpB,gBAAgB;YA2IhB,mBAAmB;YA4EnB,iBAAiB;YAyCjB,iBAAiB;YA+DjB,wBAAwB;YA0FxB,wBAAwB;YAmExB,wBAAwB;YAqHxB,oBAAoB;YA+GpB,uBAAuB;YA8HvB,iBAAiB;YA8GjB,oBAAoB;YAuGpB,mBAAmB;YAiGnB,gBAAgB;YAmIhB,oBAAoB;YAoIpB,gBAAgB;YAyHhB,qBAAqB;YA+GrB,eAAe;IAiI7B;;OAEG;YACW,mBAAmB;IA8GjC;;OAEG;YACW,oBAAoB;IAiKlC;;OAEG;YACW,iBAAiB;IA4I/B;;OAEG;YACW,oBAAoB;IAwIlC;;OAEG;YACW,eAAe;IAqJ7B;;OAEG;YACW,eAAe;IAuI7B;;OAEG;YACW,eAAe;IAyG7B;;OAEG;YACW,mBAAmB;IAmHjC,OAAO,CAAC,cAAc;IAsBtB;;OAEG;YACW,YAAY;IAkD1B;;OAEG;IACG,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA6DhD;;;OAGG;YACW,cAAc;IAgD5B;;OAEG;YACW,mBAAmB;IAoUjC;;;OAGG;YACW,kBAAkB;IAgDhC;;OAEG;YACW,sBAAsB;IA2LpC;;OAEG;YACW,sBAAsB;IA+BpC;;OAEG;YACW,oBAAoB;IAqVlC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA4B3B;;OAEG;YACW,iBAAiB;IA8D/B;;OAEG;YACW,mBAAmB;IA6VjC;;OAEG;YACW,wBAAwB;IA4OtC;;OAEG;YACW,gBAAgB;CAmG/B"}
1
+ {"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/hardening/scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAE,UAAU,EAA0C,MAAM,kBAAkB,CAAC;AAyD3F,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,0CAA0C;IAC1C,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,0DAA0D;IAC1D,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AA8HD,qBAAa,gBAAgB;IAE3B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAelC;IAEF;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAMvB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;YA8NvC,cAAc;IAsE5B;;OAEG;YACW,iBAAiB;IA+F/B;;OAEG;IACH,OAAO,CAAC,gBAAgB;YAeV,uBAAuB;YAmGvB,aAAa;YAgDb,cAAc;YA+Fd,oBAAoB;YAwDpB,gBAAgB;YA0IhB,oBAAoB;YAgFpB,gBAAgB;YA2IhB,mBAAmB;YA4EnB,iBAAiB;YAyCjB,iBAAiB;YA+DjB,wBAAwB;YA0FxB,wBAAwB;YAmExB,wBAAwB;YAqHxB,oBAAoB;YA+GpB,uBAAuB;YA8HvB,iBAAiB;YA8GjB,oBAAoB;YAuGpB,mBAAmB;YAiGnB,gBAAgB;YAmIhB,oBAAoB;YAoIpB,gBAAgB;YAyHhB,qBAAqB;YA+GrB,eAAe;IAiI7B;;OAEG;YACW,mBAAmB;IA8GjC;;OAEG;YACW,oBAAoB;IAiKlC;;OAEG;YACW,iBAAiB;IA4I/B;;OAEG;YACW,oBAAoB;IAwIlC;;OAEG;YACW,eAAe;IAqJ7B;;OAEG;YACW,eAAe;IAuI7B;;OAEG;YACW,eAAe;IAyG7B;;OAEG;YACW,mBAAmB;IAmHjC,OAAO,CAAC,cAAc;IAsBtB;;OAEG;YACW,YAAY;IAkD1B;;OAEG;IACG,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA6DhD;;;OAGG;YACW,cAAc;IAgD5B;;OAEG;YACW,mBAAmB;IAoUjC;;;OAGG;YACW,kBAAkB;IAgDhC;;OAEG;YACW,sBAAsB;IA2LpC;;OAEG;YACW,sBAAsB;IA+BpC;;OAEG;YACW,oBAAoB;IAqVlC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA4B3B;;OAEG;YACW,iBAAiB;IA8D/B;;OAEG;YACW,mBAAmB;IA6VjC;;OAEG;YACW,wBAAwB;IA4OtC;;OAEG;YACW,gBAAgB;CA4J/B"}
package/dist/hardening/scanner.js CHANGED
@@ -5227,7 +5227,7 @@ dist/
5227
5227
  return findings;
5228
5228
  }
5229
5229
  /**
5230
- * OpenClaw CVE-specific checks (CVE-001, CVE-002)
5230
+ * OpenClaw CVE-specific checks (CVE-001, CVE-002, CVE-003, CVE-004)
5231
5231
  */
5232
5232
  async checkOpenclawCVE(targetDir, _autoFix) {
5233
5233
  const findings = [];
@@ -5263,11 +5263,69 @@ dist/
5263
5263
  fixable: false,
5264
5264
  fix: 'Upgrade openclaw to v2026.1.29 or later: npm install openclaw@latest',
5265
5265
  });
5266
+ // CVE-003: OS Command Injection via SSH Path (same fix version)
5267
+ if (isVulnerable) {
5268
+ findings.push({
5269
+ checkId: 'CVE-003',
5270
+ name: 'CVE-2026-25157: OS Command Injection via SSH Path',
5271
+ description: 'OpenClaw version vulnerable to CVE-2026-25157 (CVSS 7.8) - unescaped project path enables command injection on SSH hosts',
5272
+ category: 'cve',
5273
+ severity: 'high',
5274
+ passed: false,
5275
+ message: `OpenClaw ${openclawVersion} is vulnerable to CVE-2026-25157 - upgrade to v2026.1.29+`,
5276
+ file: 'package.json',
5277
+ fixable: false,
5278
+ fix: 'Upgrade openclaw to v2026.1.29 or later: npm install openclaw@latest',
5279
+ });
5280
+ }
5281
+ else {
5282
+ findings.push({
5283
+ checkId: 'CVE-003',
5284
+ name: 'CVE-2026-25157: OS Command Injection via SSH Path',
5285
+ description: 'OpenClaw version includes CVE-2026-25157 fix',
5286
+ category: 'cve',
5287
+ severity: 'high',
5288
+ passed: true,
5289
+ message: `OpenClaw ${openclawVersion} includes CVE-2026-25157 fix`,
5290
+ file: 'package.json',
5291
+ fixable: false,
5292
+ fix: 'No action needed',
5293
+ });
5294
+ }
5295
+ // CVE-004: Docker PATH Command Injection (same fix version)
5296
+ if (isVulnerable) {
5297
+ findings.push({
5298
+ checkId: 'CVE-004',
5299
+ name: 'CVE-2026-24763: Docker PATH Command Injection',
5300
+ description: 'OpenClaw version vulnerable to CVE-2026-24763 (CVSS 8.8) - unsafe PATH handling enables command injection in Docker sandbox',
5301
+ category: 'cve',
5302
+ severity: 'critical',
5303
+ passed: false,
5304
+ message: `OpenClaw ${openclawVersion} is vulnerable to CVE-2026-24763 - upgrade to v2026.1.29+`,
5305
+ file: 'package.json',
5306
+ fixable: false,
5307
+ fix: 'Upgrade openclaw to v2026.1.29 or later: npm install openclaw@latest',
5308
+ });
5309
+ }
5310
+ else {
5311
+ findings.push({
5312
+ checkId: 'CVE-004',
5313
+ name: 'CVE-2026-24763: Docker PATH Command Injection',
5314
+ description: 'OpenClaw version includes CVE-2026-24763 fix',
5315
+ category: 'cve',
5316
+ severity: 'critical',
5317
+ passed: true,
5318
+ message: `OpenClaw ${openclawVersion} includes CVE-2026-24763 fix`,
5319
+ file: 'package.json',
5320
+ fixable: false,
5321
+ fix: 'No action needed',
5322
+ });
5323
+ }
5266
5324
  }
5267
5325
  }
5268
5326
  }
5269
5327
  catch {
5270
- // No package.json or parse error - skip CVE-001
5328
+ // No package.json or parse error - skip CVE checks
5271
5329
  }
5272
5330
  // CVE-002: Control UI Origin Restrictions (defense-in-depth)
5273
5331
  const configFiles = await this.findGatewayConfigFiles(targetDir);