hackmyagent 0.11.11 → 0.11.13

package/dist/hardening/scanner.d.ts

@@ -123,7 +123,7 @@ export declare class HardeningScanner {
      */
     private findSkillFiles;
     /**
-     * OpenClaw skill security checks (SKILL-001 to SKILL-006)
+     * OpenClaw skill security checks (SKILL-001 to SKILL-024)
      */
     private checkOpenclawSkills;
     /**

package/dist/hardening/scanner.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/hardening/scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,KAAK,EAAE,UAAU,EAA0C,MAAM,kBAAkB,CAAC;AAwG3F,0CAA0C;AAC1C,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,CAAC;AAEtD,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,0CAA0C;IAC1C,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,0DAA0D;IAC1D,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,2EAA2E;IAC3E,IAAI,CAAC,EAAE,OAAO,CAAC;IACf;;;;;OAKG;IACH,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,oDAAoD;IACpD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,mEAAmE;IACnE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAoID,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,OAAO,CAAiB;IAEhC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CA2BlC;IAEF;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAM7B;;OAEG;YACW,aAAa;IAa3B;;OAEG;IACH,OAAO,CAAC,aAAa;IASf,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;YAkZvC,cAAc;IAwE5B;;OAEG;YACW,iBAAiB;IA+F/B;;OAEG;IACH,OAAO,CAAC,gBAAgB;YAeV,uBAAuB;YAoGvB,aAAa;YAiDb,cAAc;YAiGd,oBAAoB;YAyDpB,gBAAgB;YAgJhB,oBAAoB;YAkFpB,gBAAgB;YA8IhB,mBAAmB;YA8EnB,iBAAiB;YA0CjB,iBAAiB;YAiEjB,wBAAwB;YA6FxB,wBAAwB;YAqExB,wBAAwB;YAyHxB,oBAAoB;YAmHpB,uBAAuB;YA4IvB,iBAAiB;YAkHjB,oBAAoB;YA0HpB,mBAAmB;YAqGnB,gBAAgB;YAwIhB,oBAAoB;YAwIpB,gBAAgB;YA6HhB,qBAAqB;YAmHrB,eAAe;IAqI7B;;OAEG;YACW,mBAAmB;IAkHjC;;OAEG;YACW,oBAAoB;IAqKlC;;OAEG;YACW,iBAAiB;IAgJ/B;;OAEG;YACW,oBAAoB;IA4IlC;;OAEG;YACW,eAAe;IAyJ7B;;OAEG;YACW,eAAe;IA2I7B;;OAEG;YACW,eAAe;IA6G7B;;OAEG;YACW,mBAAmB;IAuHjC,OAAO,CAAC,cAAc;IAsBtB;;OAEG;YACW,YAAY;IAmE1B;;OAEG;IACG,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA6DhD;;;OAGG;YACW,cAAc;IAgD5B;;OAEG;YACW,mBAAmB;IAwdjC;;;OAGG;YACW,kBAAkB;IAgDhC;;OAEG;YACW,sBAAsB;IAkMpC;;OAEG;YACW,sBAAsB;IA+BpC;;OAEG;YACW,oBAAoB;IAgWlC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA4B3B;;OAEG;YACW,iBAAiB;IA8D/B;;OAEG;YACW,mBAAmB;IA2WjC;;OAEG;YACW,wBAAwB;IAqPtC;;OAEG;YACW,gBAAgB;IAoK9B;;;OAGG;YACW,eAAe;IAoD7B;;;OAGG;YACW,aAAa;IAwC3B;;;OAGG;YACW,oBAAoB;IAoKlC;;;OAGG;YACW,iBAAiB;IAiI/B;;;OAGG;YACW,kBAAkB;IAkFhC;;;OAGG;YACW,aAAa;IA0F3B;;OAEG;YACW,gBAAgB;IAiE9B;;;;OAIG;YACW,yBAAyB;IA0WvC;;;;;OAKG;YACW,qBAAqB;IAqnBnC;;;;OAIG;YACW,gBAAgB;IA2G9B;;;;OAIG;YACW,mBAAmB;IAmKjC;;;;OAIG;YACW,gBAAgB;IAkF9B;;;OAGG;YACW,iBAAiB;IA+C/B;;;;OAIG;YACW,yBAAyB;IA6FvC;;;OAGG;YACW,kBAAkB;IA8ChC;;;OAGG;YACW,mBAAmB;IA4CjC;;;OAGG;YACW,6BAA6B;IAiD3C;;;OAGG;YACW,oBAAoB;IA4ClC;;;OAGG;YACW,WAAW;IA4DzB;;;OAGG;YACW,aAAa;IAgD3B;;;OAGG;YACW,oBAAoB;IA6ClC;;;OAGG;YACW,YAAY;IAmD1B;;;OAGG;YACW,qBAAqB;IA+DnC;;;;OAIG;YACW,oBAAoB;IAyHlC;;;OAGG;YACW,iBAAiB;IA+F/B;;;OAGG;YACW,4BAA4B;IAqD1C;;;OAGG;YACW,8BAA8B;IAgE5C,+DAA+D;YACjD,YAAY;CA+B3B"}
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/hardening/scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,KAAK,EAAE,UAAU,EAA0C,MAAM,kBAAkB,CAAC;AAwG3F,0CAA0C;AAC1C,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,CAAC;AAEtD,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,0CAA0C;IAC1C,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,0DAA0D;IAC1D,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,2EAA2E;IAC3E,IAAI,CAAC,EAAE,OAAO,CAAC;IACf;;;;;OAKG;IACH,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,oDAAoD;IACpD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,mEAAmE;IACnE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAoID,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,OAAO,CAAiB;IAEhC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CA2BlC;IAEF;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAM7B;;OAEG;YACW,aAAa;IAa3B;;OAEG;IACH,OAAO,CAAC,aAAa;IASf,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;YAkZvC,cAAc;IAwE5B;;OAEG;YACW,iBAAiB;IA+F/B;;OAEG;IACH,OAAO,CAAC,gBAAgB;YAeV,uBAAuB;YAoGvB,aAAa;YAiDb,cAAc;YAiGd,oBAAoB;YAyDpB,gBAAgB;YAgJhB,oBAAoB;YAkFpB,gBAAgB;YA8IhB,mBAAmB;YA8EnB,iBAAiB;YA0CjB,iBAAiB;YAiEjB,wBAAwB;YA6FxB,wBAAwB;YAqExB,wBAAwB;YAyHxB,oBAAoB;YAmHpB,uBAAuB;YA4IvB,iBAAiB;YAkHjB,oBAAoB;YA0HpB,mBAAmB;YAqGnB,gBAAgB;YAwIhB,oBAAoB;YAwIpB,gBAAgB;YA6HhB,qBAAqB;YAmHrB,eAAe;IAqI7B;;OAEG;YACW,mBAAmB;IAkHjC;;OAEG;YACW,oBAAoB;IAqKlC;;OAEG;YACW,iBAAiB;IAgJ/B;;OAEG;YACW,oBAAoB;IA4IlC;;OAEG;YACW,eAAe;IAyJ7B;;OAEG;YACW,eAAe;IA2I7B;;OAEG;YACW,eAAe;IA6G7B;;OAEG;YACW,mBAAmB;IAuHjC,OAAO,CAAC,cAAc;IAsBtB;;OAEG;YACW,YAAY;IAmE1B;;OAEG;IACG,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA6DhD;;;OAGG;YACW,cAAc;IAgD5B;;OAEG;YACW,mBAAmB;IA6pBjC;;;OAGG;YACW,kBAAkB;IAgDhC;;OAEG;YACW,sBAAsB;IAkMpC;;OAEG;YACW,sBAAsB;IA+BpC;;OAEG;YACW,oBAAoB;IAgWlC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA4B3B;;OAEG;YACW,iBAAiB;IA8D/B;;OAEG;YACW,mBAAmB;IA2WjC;;OAEG;YACW,wBAAwB;IAqPtC;;OAEG;YACW,gBAAgB;IAoK9B;;;OAGG;YACW,eAAe;IAoD7B;;;OAGG;YACW,aAAa;IAwC3B;;;OAGG;YACW,oBAAoB;IAoKlC;;;OAGG;YACW,iBAAiB;IAiI/B;;;OAGG;YACW,kBAAkB;IAkFhC;;;OAGG;YACW,aAAa;IA0F3B;;OAEG;YACW,gBAAgB;IAiE9B;;;;OAIG;YACW,yBAAyB;IA0WvC;;;;;OAKG;YACW,qBAAqB;IAqnBnC;;;;OAIG;YACW,gBAAgB;IA2G9B;;;;OAIG;YACW,mBAAmB;IAmKjC;;;;OAIG;YACW,gBAAgB;IAkF9B;;;OAGG;YACW,iBAAiB;IA+C/B;;;;OAIG;YACW,yBAAyB;IA6FvC;;;OAGG;YACW,kBAAkB;IA8ChC;;;OAGG;YACW,mBAAmB;IA4CjC;;;OAGG;YACW,6BAA6B;IAiD3C;;;OAGG;YACW,oBAAoB;IA4ClC;;;OAGG;YACW,WAAW;IA4DzB;;;OAGG;YACW,aAAa;IAgD3B;;;OAGG;YACW,oBAAoB;IA6ClC;;;OAGG;YACW,YAAY;IAmD1B;;;OAGG;YACW,qBAAqB;IA+DnC;;;;OAIG;YACW,oBAAoB;IAyHlC;;;OAGG;YACW,iBAAiB;IA+F/B;;;OAGG;YACW,4BAA4B;IAqD1C;;;OAGG;YACW,8BAA8B;IAgE5C,+DAA+D;YACjD,YAAY;CA+B3B"}

package/dist/hardening/scanner.js

@@ -4105,7 +4105,7 @@ dist/
         return skillFiles;
     }
     /**
-     * OpenClaw skill security checks (SKILL-001 to SKILL-006)
+     * OpenClaw skill security checks (SKILL-001 to SKILL-024)
      */
     async checkOpenclawSkills(targetDir, autoFix) {
         const findings = [];
@@ -4543,6 +4543,197 @@ dist/
                     }
                 }
             }
+            // SKILL-020: Missing/invalid frontmatter
+            const fmMatch = content.match(/^---\r?\n([\s\S]*?)\r?\n---/);
+            if (!fmMatch) {
+                findings.push({
+                    checkId: 'SKILL-020',
+                    name: 'Missing YAML Frontmatter',
+                    description: 'Skill file lacks required YAML frontmatter for capability declaration',
+                    category: 'skill',
+                    severity: 'high',
+                    passed: false,
+                    message: `${relativePath}: Skill file lacks required YAML frontmatter (---). Add frontmatter with name, version, and capabilities fields.`,
+                    file: relativePath,
+                    fixable: true,
+                    fix: 'Add YAML frontmatter block with name, version, and capabilities fields',
+                    guidance: 'Skills without frontmatter cannot declare their capabilities, making permission validation impossible. Add a --- delimited YAML block at the top of the file.',
+                });
+            }
+            else {
+                const fmRaw = fmMatch[1];
+                const requiredFields = ['name', 'version', 'capabilities'];
+                const missingFields = requiredFields.filter(f => !new RegExp(`^${f}:`, 'm').test(fmRaw));
+                if (missingFields.length > 0) {
+                    findings.push({
+                        checkId: 'SKILL-020',
+                        name: 'Incomplete Frontmatter',
+                        description: 'Skill frontmatter is missing required fields',
+                        category: 'skill',
+                        severity: 'high',
+                        passed: false,
+                        message: `${relativePath}: Missing required frontmatter fields: ${missingFields.join(', ')}. These are needed for capability declaration and version tracking.`,
+                        file: relativePath,
+                        fixable: true,
+                        fix: `Add missing fields to frontmatter: ${missingFields.join(', ')}`,
+                        guidance: 'Incomplete frontmatter prevents proper capability validation. Every skill should declare name, version, and capabilities.',
+                    });
+                }
+                else {
+                    findings.push({
+                        checkId: 'SKILL-020',
+                        name: 'Valid Frontmatter',
+                        description: 'Skill file has valid YAML frontmatter with required fields',
+                        category: 'skill',
+                        severity: 'high',
+                        passed: true,
+                        message: 'Skill has valid frontmatter with name, version, and capabilities',
+                        file: relativePath,
+                        fixable: false,
+                        fix: 'No action needed',
+                        guidance: 'Skill frontmatter is properly configured.',
+                    });
+                }
+            }
+            // SKILL-021: Overprivileged permissions (dangerous capability combinations)
+            const dangerousCombos = [
+                {
+                    combo: ['filesystem:*', 'network:outbound'],
+                    reason: 'filesystem:* + network:outbound enables data exfiltration',
+                },
+                {
+                    combo: ['credential:read', 'network:outbound'],
+                    reason: 'credential:read + network:outbound enables credential exfiltration',
+                },
+            ];
+            const capPatterns = content.match(/(?:filesystem|network|credential|tool):[a-z*]+/g) || [];
+            const allCaps = [...new Set(capPatterns)];
+            // Also include capabilities from frontmatter if parsed
+            const declaredCapsForPriv = (0, skill_capability_validator_1.parseDeclaredCapabilities)(content);
+            for (const dc of declaredCapsForPriv.capabilities) {
+                if (!allCaps.includes(dc))
+                    allCaps.push(dc);
+            }
+            for (const { combo, reason } of dangerousCombos) {
+                const matchCap = (actual, pattern) => {
+                    if (actual === pattern)
+                        return true;
+                    if (pattern.endsWith(':*'))
+                        return actual.startsWith(pattern.slice(0, -1));
+                    if (actual.endsWith(':*'))
+                        return pattern.startsWith(actual.slice(0, -1));
+                    return false;
+                };
+                const hasFirst = allCaps.some(c => matchCap(c, combo[0]));
+                const hasSecond = allCaps.some(c => matchCap(c, combo[1]));
+                if (hasFirst && hasSecond) {
+                    findings.push({
+                        checkId: 'SKILL-021',
+                        name: 'Overprivileged Permissions',
+                        description: 'Skill has dangerous capability combination that enables exfiltration',
+                        category: 'skill',
+                        severity: 'high',
+                        passed: false,
+                        message: `${relativePath}: ${reason}. Restrict filesystem access to specific paths or remove outbound network access.`,
+                        file: relativePath,
+                        fixable: false,
+                        fix: 'Restrict capabilities to minimum required permissions',
+                        guidance: 'Dangerous capability combinations can enable data or credential exfiltration. Follow the principle of least privilege.',
+                    });
+                }
+            }
+            // SKILL-022: Environment variable exfiltration
+            const envAccessPatterns = [
+                /process\.env/,
+                /os\.environ/,
+                /\$ENV\{/,
+                /System\.getenv/,
+                /printenv/,
+                /\$\(env\)/,
+                /\$\(printenv/,
+                /\$HOME\b/,
+                /\$\{[A-Z_]+\}/,
+            ];
+            const outboundPatterns = [
+                /network:outbound/,
+                /fetch\s*\(/,
+                /https?:\/\//,
+                /XMLHttpRequest/,
+                /\.send\s*\(/,
+                /curl\s/,
+                /wget\s/,
+            ];
+            const hasEnvAccess = envAccessPatterns.some(p => p.test(content));
+            const hasOutbound = outboundPatterns.some(p => p.test(content));
+            if (hasEnvAccess && hasOutbound) {
+                findings.push({
+                    checkId: 'SKILL-022',
+                    name: 'Environment Variable Exfiltration Risk',
+                    description: 'Skill accesses environment variables and has outbound network capability',
+                    category: 'skill',
+                    severity: 'critical',
+                    passed: false,
+                    message: `${relativePath}: Skill accesses environment variables AND has outbound network capability. This combination can exfiltrate secrets via network requests.`,
+                    file: relativePath,
+                    fixable: false,
+                    fix: 'Remove outbound network access or environment variable reads',
+                    guidance: 'Skills that read environment variables and send data externally can exfiltrate API keys, tokens, and other secrets stored in environment variables.',
+                });
+            }
+            // SKILL-023: Obfuscated code patterns
+            const obfuscationPatterns = [
+                { pattern: /atob\s*\(/, label: 'atob() base64 decode' },
+                { pattern: /Buffer\.from\s*\(/, label: 'Buffer.from() decode' },
+                { pattern: /eval\s*\(/, label: 'eval() dynamic execution' },
+                { pattern: /String\.fromCharCode/, label: 'String.fromCharCode obfuscation' },
+                { pattern: /\\x[0-9a-fA-F]{2}/, label: 'hex-encoded string' },
+                { pattern: /(?:atob|Buffer\.from)\s*\([^)]+\)[\s\S]*?eval\s*\(/, label: 'base64+eval combo' },
+                { pattern: /base64\s+-d/, label: 'shell base64 decode' },
+                { pattern: /eval\s+\$\(/, label: 'shell eval $(...)' },
+                { pattern: /\becho\s+['"][A-Za-z0-9+/=]{20,}['"]\s*\|\s*base64/, label: 'echo+base64 pipe' },
+                { pattern: /new\s+Function\s*\(/, label: 'new Function() dynamic execution' },
+            ];
+            for (const { pattern, label } of obfuscationPatterns) {
+                if (pattern.test(content)) {
+                    findings.push({
+                        checkId: 'SKILL-023',
+                        name: 'Obfuscated Code Pattern',
+                        description: 'Skill contains obfuscated code that may hide malicious behavior',
+                        category: 'skill',
+                        severity: 'high',
+                        passed: false,
+                        message: `${relativePath}: Detected ${label}. Obfuscated code in skills can hide malicious behavior and should be reviewed.`,
+                        file: relativePath,
+                        fixable: false,
+                        fix: 'Replace obfuscated code with readable equivalent',
+                        guidance: 'Obfuscated code (base64 decode, eval, hex-encoded strings) in skills is a strong indicator of hidden malicious behavior. Review and replace with transparent code.',
+                    });
+                    break; // One finding per file for obfuscation
+                }
+            }
+            // SKILL-024: Unbounded tool chaining
+            const hasToolChain = allCaps.some(c => c.includes('tool:chain'));
+            if (hasToolChain) {
+                const hasFm = !!fmMatch;
+                const fmContent = hasFm ? fmMatch[1] : '';
+                const hasMaxIterations = hasFm && (/maxIterations/i.test(fmContent) ||
+                    /iterationLimit/i.test(fmContent));
+                if (!hasMaxIterations) {
+                    findings.push({
+                        checkId: 'SKILL-024',
+                        name: 'Unbounded Tool Chaining',
+                        description: 'Skill declares tool:chain capability without iteration limits',
+                        category: 'skill',
+                        severity: 'medium',
+                        passed: false,
+                        message: `${relativePath}: Skill declares tool:chain capability without maxIterations or iterationLimit. Unbounded chaining can lead to infinite loops or resource exhaustion.`,
+                        file: relativePath,
+                        fixable: true,
+                        fix: 'Add maxIterations or iterationLimit to skill frontmatter',
+                        guidance: 'Tool chaining without iteration limits can cause infinite loops, resource exhaustion, or runaway costs. Set a reasonable maxIterations value in frontmatter.',
+                    });
+                }
+            }
         }
         return findings;
     }