hackmyagent 0.11.4 → 0.11.6

package/README.md

@@ -4,9 +4,9 @@
 
 [![npm version](https://img.shields.io/npm/v/hackmyagent.svg)](https://www.npmjs.com/package/hackmyagent)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
-[![Tests](https://img.shields.io/badge/tests-765%20passing-brightgreen)](https://github.com/opena2a-org/hackmyagent)
+[![Tests](https://img.shields.io/badge/tests-1051%20passing-brightgreen)](https://github.com/opena2a-org/hackmyagent)
 
-**163 security checks for AI agents. Find what can go wrong before an attacker does.**
+**183 security checks for AI agents. Find what can go wrong before an attacker does.**
 
 Security scanner and red-team toolkit for Claude Code, Cursor, VS Code, and any MCP server setup.
 
@@ -30,23 +30,43 @@ npx opena2a-cli review
 
 ## What It Finds
 
-**Attack testing:**
+**Attack testing** -- 115 adversarial payloads across 11 categories (prompt injection, data exfiltration, jailbreak, MCP exploitation, supply chain, memory weaponization, A2A protocol attacks, context window attacks).
+
+**Static analysis** -- 183 security checks across 35 categories covering credentials, MCP configs, OpenClaw/NemoClaw, Unicode steganography, CVE detection, governance, supply chain, memory poisoning, agent identity, and sandbox escape patterns.
+
+<details>
+<summary>Attack testing details (115 payloads)</summary>
+
 - **Prompt injection** -- tests whether agents follow injected instructions from untrusted input
 - **Data exfiltration** -- checks if agents can be tricked into leaking sensitive data to external endpoints
 - **Jailbreak and context manipulation** -- probes agent guardrails with adversarial prompts
 - **MCP exploitation** -- tests MCP servers for tool misuse, capability abuse, and unauthorized access
 - **Capability abuse** -- verifies agents can't exceed their intended permissions
+- **Supply chain attacks** -- dependency confusion, tool shadowing, package impersonation
+- **Memory weaponization** -- persistent instruction injection via agent memory systems
+- **A2A protocol attacks** -- identity spoofing, capability escalation in multi-agent communication
+- **Context window attacks** -- token flooding, attention manipulation, context poisoning
 
-**Static analysis:**
+</details>
+
+<details>
+<summary>Static analysis details (183 checks)</summary>
+
+- **Unicode steganography** -- invisible codepoints, zero-width chars, bidi attacks, homoglyph confusables, GlassWorm decoders ([real-world: os-info-checker-es6 npm attack, May 2025](https://thehackernews.com/2025/05/malicious-npm-package-leverages-unicode.html))
 - **Hardcoded credentials** -- API keys, tokens, and passwords in source or config files
 - **MCP server misconfigurations** -- open ports, root filesystem access, missing auth
-- **AI agent CVE detection** -- scans for CVE-2026-25253 (OpenClaw WebSocket RCE), CVE-2026-25157, CVE-2026-24763, and ClawHavoc IOCs
-- **OpenClaw security** -- 34 checks for OpenClaw configurations, skills, gateway, and credential redaction ([6 PRs merged upstream](https://opena2a.org/blogs/securing-openclaw-6-prs-merged))
+- **AI agent CVE detection** -- CVE-2026-25253 (OpenClaw RCE), CVE-2026-25157, CVE-2026-24763, ClawHavoc IOCs
+- **OpenClaw security** -- 34 checks for configurations, skills, gateway, credential redaction ([6 PRs merged upstream](https://opena2a.org/blogs/securing-openclaw-6-prs-merged))
+- **NemoClaw/sandbox patterns** -- curl-pipe without checksum, empty artifact digests, exec() injection, predictable /tmp paths, process.env leakage, TOCTOU races, unsafe deserialization, messaging API egress
 - **Governance gaps** -- missing SOUL.md, no capability policies, unsigned MCP servers
 - **Credential scope drift** -- Google Maps keys accessing Gemini, AWS S3 keys reaching Bedrock
 - **Supply chain risks** -- vulnerable dependencies, unsigned skills, tampered packages
+- **Memory and RAG poisoning** -- persistent instruction injection, knowledge base contamination
+- **Agent identity** -- missing cryptographic identity, capability claims without attestation
+
+</details>
 
-163 checks across 34 categories. 55+ attack payloads. No flags needed.
+183 checks across 35 categories. 115 attack payloads. No flags needed.
 
 ---
 
@@ -69,7 +89,7 @@ npm install --save-dev hackmyagent
 ```
 
 ┌──────────────────────────────────────────┐
-│  HackMyAgent v0.10.1 — Security Scanner          │
+│  HackMyAgent v0.11.5 — Security Scanner          │
 │  Found: 3 critical · 5 high · 12 medium          │
 │                                                  │
 │  CRED-001  critical  Hardcoded API key in .env   │
@@ -88,9 +108,10 @@ npm install --save-dev hackmyagent
 
 Step-by-step guides for common workflows:
 
-- **[Scan my agent](docs/use-cases/scan-my-agent.md)** -- Run all 163 checks and auto-fix findings (5 min)
+- **[Scan my agent](docs/use-cases/scan-my-agent.md)** -- Run all 183 checks and auto-fix findings (5 min)
 - **[Red-team MCP servers](docs/use-cases/red-team-mcp.md)** -- Test MCP servers with adversarial payloads (10 min)
 - **[Secure OpenClaw](docs/use-cases/openclaw-security.md)** -- OpenClaw-specific checks, CVE detection, ClawHavoc IOC scanning (10 min)
+- **Secure NemoClaw** -- Scan NVIDIA NemoClaw sandbox installations for credential exposure, network misconfig, and sandbox escape vectors (5 min)
 - **[CI/CD pipeline](docs/use-cases/ci-pipeline.md)** -- GitHub Actions with JSON/SARIF output (5 min)
 
 ---
@@ -124,7 +145,7 @@ hackmyagent secure --publish                  # push results to OpenA2A Registry
 
 
 <details>
-<summary>All 30 security categories</summary>
+<summary>All 35 security categories</summary>
 
 | Category | Checks | What it detects |
 |----------|--------|-----------------|
@@ -157,7 +178,12 @@ hackmyagent secure --publish                  # push results to OpenA2A Registry
 | CONFIG | 9 | Insecure default settings |
 | SUPPLY | 8 | Supply chain attack vectors |
 | SKILL | 12 | Malicious skill/tool detection |
-| HEARTBEAT | 6 | Heartbeat/cron abuse |
+| HEARTBEAT | 7 | Heartbeat/cron abuse |
+| UNICODE-STEGO | 5 | Invisible codepoints, zero-width chars, bidi attacks, homoglyphs, GlassWorm decoders |
+| MEM | 5 | Memory poisoning, context injection |
+| RAG | 4 | RAG/knowledge base poisoning |
+| AIM | 3 | Agent identity verification |
+| NEMO | 10 | NemoClaw/sandbox patterns: curl-pipe, digest bypass, exec injection, /tmp races, env leakage |
 
 </details>
 
@@ -185,7 +211,7 @@ Use `--dry-run` to preview changes. Backups are created in `.hackmyagent-backup/
 
 ### `hackmyagent attack` -- Red Team
 
-Test your AI agent with 55 adversarial payloads across 5 attack categories.
+Test your AI agent with 115 adversarial payloads across 11 attack categories.
 
 ```bash
 hackmyagent attack --local                                    # local simulation
@@ -205,6 +231,12 @@ hackmyagent attack https://api.example.com --fail-on-vulnerable medium  # CI gat
 | `data-exfiltration` | 11 | Extract sensitive data, system prompts, credentials |
 | `capability-abuse` | 10 | Misuse agent tools for unintended actions |
 | `context-manipulation` | 10 | Poison agent context or memory |
+| `supply-chain` | 10 | Dependency confusion, package impersonation |
+| `tool-shadow` | 10 | Tool shadowing, capability escalation |
+| `mcp-exploitation` | 10 | MCP protocol abuse, tool injection |
+| `memory-weaponization` | 10 | Persistent memory poisoning attacks |
+| `a2a-attacks` | 10 | Agent-to-agent identity spoofing |
+| `context-window` | 10 | Token flooding, attention manipulation |
 
 > Only test systems you own or have written authorization to test.
 
@@ -247,11 +279,25 @@ hackmyagent harden-soul --dry-run         # preview without writing
 ```
 
 
+---
+
+### `hackmyagent secure-nemoclaw` -- NemoClaw Sandbox Scanner
+
+Scan NVIDIA NemoClaw installations for credential exposure, network misconfiguration, blueprint integrity issues, sandbox escape vectors, and inherited OpenClaw vulnerabilities. 28 checks across 6 categories.
+
+```bash
+hackmyagent secure-nemoclaw                  # scan auto-detected directory
+hackmyagent secure-nemoclaw ~/.nemoclaw      # scan specific directory
+hackmyagent secure-nemoclaw --json           # JSON output for CI
+hackmyagent secure-nemoclaw --verbose        # show all checks including passed
+```
+
+
 ---
 
 ### `hackmyagent trust` -- Package Trust Verification
 
-Check trust levels for AI packages before installing them. Queries the [OpenA2A Registry](https://registry.opena2a.org) trust graph.
+Check trust levels for AI packages before installing them. Queries the OpenA2A Registry trust graph (launching April 2026).
 
 ```bash
 hackmyagent trust server-filesystem          # MCP shorthand

package/dist/cli.js

@@ -41,6 +41,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const commander_1 = require("commander");
 const index_1 = require("./index");
 const resolve_mcp_1 = require("./resolve-mcp");
+const nemoclaw_scanner_1 = require("./hardening/nemoclaw-scanner");
 const program = new commander_1.Command();
 // Write JSON to stdout synchronously with retry for pipe backpressure.
 // process.stdout.write() is async and gets truncated when process.exit()
@@ -103,19 +104,19 @@ program
     .name('hackmyagent')
     .description(`Find it. Break it. Fix it.
 
-The hacker's toolkit for AI agents. 147+ security checks, 115 attack
+The hacker's toolkit for AI agents. 183 security checks, 115 attack
 payloads, auto-fix with rollback, and OASB benchmark compliance.
 
 Documentation: https://hackmyagent.com/docs
 
 Updates (v${index_1.VERSION}):
-  - MCP JSON-RPC and A2A protocol attack modes
-  - SARIF and HTML output for all scan modes
-  - Semantic engine (structural + LLM analysis)
-  - OpenA2A Registry integration for trust scoring
+  - NemoClaw sandbox scanner (28 installation checks)
+  - 10 new static analysis patterns (NEMO series)
+  - Community trust contributions
+  - 183 checks across 35 categories
 
 Examples:
-  $ hackmyagent secure                         Find vulnerabilities (147+ checks)
+  $ hackmyagent secure                         Find vulnerabilities (183 checks)
   $ hackmyagent attack --local                 Break it with 115 attack payloads
   $ hackmyagent secure --fix                   Fix issues automatically
   $ hackmyagent fix-all                        Run all security plugins
@@ -124,7 +125,7 @@ Examples:
     .option('--no-color', 'Disable colored output (also respects NO_COLOR env)');
 program.addHelpText('beforeAll', `
 Quick start:
-  $ hackmyagent secure              Scan current directory (147+ checks)
+  $ hackmyagent secure              Scan current directory (183 checks)
   $ hackmyagent fix-all --with-aim  Auto-fix + create agent identity
   $ hackmyagent attack              Red-team your agent
 `);
@@ -1544,16 +1545,21 @@ function resolvePackageVersion(targetDir) {
  * Determines whether to contribute based on:
  *   1. --contribute / --no-contribute CLI flags (highest priority)
  *   2. ~/.opena2a/config.json contribute.enabled setting
- *   3. Interactive opt-in prompt (first scan or scan #10)
  *
- * If contributing, builds an anonymized payload and submits it
- * asynchronously (non-blocking). Failures are logged as warnings.
+ * If contributing, queues an anonymized event to ~/.opena2a/contribute-queue.json
+ * (compatible with @opena2a/contribute format) and flushes when threshold reached.
+ *
+ * Also records the scan and shows a delayed consent tip after the 3rd scan
+ * if the user hasn't opted in or dismissed.
  */
-async function handleContribution(contributeFlag, targetDir, findings, registryUrl, format) {
+async function handleContribution(contributeFlag, targetDir, findings, durationMs, registryUrl, format) {
     try {
-        const { isContributeEnabled, shouldPromptContribute, showContributePrompt, incrementScanCount, buildContributionPayloadFromDir, submitContribution, } = await Promise.resolve().then(() => __importStar(require('./telemetry')));
-        // Always increment scan count
-        incrementScanCount();
+        const { isContributeEnabled, recordScanAndMaybeShowTip, buildScanEvent, queueAndMaybeFlush, } = await Promise.resolve().then(() => __importStar(require('./telemetry')));
+        // Record scan count and maybe show the delayed consent tip
+        const tip = recordScanAndMaybeShowTip();
+        if (tip && format === 'text' && process.stdout.isTTY) {
+            process.stdout.write(tip + '\n');
+        }
         // Determine whether to contribute
         let shouldContribute;
         if (contributeFlag === true) {
@@ -1566,35 +1572,19 @@ async function handleContribution(contributeFlag, targetDir, findings, registryU
         }
         else {
             // Check config
-            const configSetting = isContributeEnabled();
-            if (configSetting === true) {
-                shouldContribute = true;
-            }
-            else if (configSetting === false) {
-                shouldContribute = false;
-            }
-            else {
-                // Not configured -- prompt after 3 scans (interactive TTY only)
-                if (format === 'text' && process.stdout.isTTY && shouldPromptContribute()) {
-                    shouldContribute = await showContributePrompt();
-                }
-                else {
-                    shouldContribute = false;
-                }
-            }
+            shouldContribute = isContributeEnabled() === true;
         }
         if (!shouldContribute)
             return;
-        // Build and submit contribution (non-blocking)
+        // Build and queue contribution event (non-blocking, flushes at threshold)
         const packageName = resolvePackageName(targetDir);
         if (!packageName)
             return;
-        const payload = buildContributionPayloadFromDir(packageName, targetDir, findings);
-        const result = await submitContribution(payload, registryUrl);
-        if (result.success && format === 'text') {
-            console.log('Contributed anonymized scan summary to OpenA2A Registry (--no-contribute to opt out)');
+        const event = buildScanEvent(packageName, targetDir, findings, durationMs);
+        await queueAndMaybeFlush(event, registryUrl, format === 'text');
+        if (format === 'text') {
+            process.stdout.write('Queued anonymized scan summary for OpenA2A Registry (--no-contribute to opt out)\n');
         }
-        // Failures are silently ignored -- contribution is best-effort
     }
     catch {
         // Non-fatal: contribution failure must never crash the scan
@@ -1606,7 +1596,7 @@ async function handleContribution(contributeFlag, targetDir, findings, registryU
  * Converts SoulScanResult controls into SecurityFinding-like objects
  * for the contribution module, then delegates to handleContribution.
  */
-async function handleSoulContribution(contributeFlag, targetDir, result, registryUrl, format) {
+async function handleSoulContribution(contributeFlag, targetDir, result, durationMs, registryUrl, format) {
     // Convert soul controls into SecurityFinding-shaped objects
     const findings = [];
     for (const domain of result.domains) {
@@ -1625,13 +1615,13 @@ async function handleSoulContribution(contributeFlag, targetDir, result, registr
             });
         }
     }
-    await handleContribution(contributeFlag, targetDir, findings, registryUrl, format);
+    await handleContribution(contributeFlag, targetDir, findings, durationMs, registryUrl, format);
 }
 program
     .command('secure')
     .description(`Scan and harden your agent setup
 
-Performs 147 security checks across 30 categories:
+Performs 183 security checks across 35 categories:
   • Credentials: API key exposure, secrets in configs
   • MCP: Server configs, tool permissions, secrets
   • Network: TLS, interface bindings, CORS
@@ -1755,6 +1745,7 @@ Examples:
             }
         }
         const scanner = new index_1.HardeningScanner();
+        const scanStartMs = Date.now();
         const result = await scanner.scan({
             targetDir,
             autoFix: options.fix ?? false,
@@ -1764,6 +1755,7 @@ Examples:
             cliName: CLI_PREFIX,
             onProgress,
         });
+        const scanDurationMs = Date.now() - scanStartMs;
         // OASB-2 composite mode: infrastructure (50%) + governance (50%)
         if (isOasb2) {
             const infraResult = generateBenchmarkReport(result.allFindings || result.findings, level, options.category);
@@ -1899,7 +1891,7 @@ Examples:
                 writeJsonStdout(jsonOutput);
             }
             // Community contribution (non-blocking, runs in JSON mode too)
-            await handleContribution(options.contribute, targetDir, result.findings, options.registryUrl, format);
+            await handleContribution(options.contribute, targetDir, result.findings, scanDurationMs, options.registryUrl, format);
             const critHigh = result.findings.filter((f) => !f.passed && !f.fixed && (f.severity === 'critical' || f.severity === 'high'));
             if (critHigh.length > 0)
                 process.exitCode = 1;
@@ -2128,7 +2120,7 @@ Examples:
             }
         }
         // Community contribution: share anonymized findings with OpenA2A Registry
-        await handleContribution(options.contribute, targetDir, result.findings, options.registryUrl, format);
+        await handleContribution(options.contribute, targetDir, result.findings, scanDurationMs, options.registryUrl, format);
         // Star prompt (interactive TTY only, text format only)
         if (process.stdout.isTTY) {
             console.log(`${colors.cyan}Helpful?${RESET()} Star the project: https://github.com/opena2a-org/opena2a\n`);
@@ -2377,6 +2369,180 @@ Examples:
         process.exit(1);
     }
 });
+// NemoClaw-specific helpers
+const NEMOCLAW_CHECK_CATEGORIES = nemoclaw_scanner_1.NEMOCLAW_CATEGORIES;
+function detectNemoClawDirectory(providedDir) {
+    const os = require('os');
+    const fs = require('fs');
+    const path = require('path');
+    if (providedDir && providedDir !== '') {
+        return providedDir.startsWith('/') ? providedDir : path.join(process.cwd(), providedDir);
+    }
+    const homeDir = os.homedir();
+    const candidates = [
+        path.join(homeDir, '.nemoclaw'),
+        path.join(homeDir, '.openshell'),
+        path.join(homeDir, '.openclaw'),
+    ];
+    for (const candidate of candidates) {
+        if (fs.existsSync(candidate)) {
+            return candidate;
+        }
+    }
+    return process.cwd();
+}
+function filterNemoClawFindings(findings) {
+    return findings.filter((f) => {
+        const checkId = f.checkId.toUpperCase();
+        return checkId.startsWith('HMA-NMC-');
+    });
+}
+function assessNemoClawRiskLevel(findings) {
+    const criticalCount = findings.filter((f) => f.severity === 'critical').length;
+    const highCount = findings.filter((f) => f.severity === 'high').length;
+    const mediumCount = findings.filter((f) => f.severity === 'medium').length;
+    if (criticalCount > 0) {
+        return {
+            level: 'Critical',
+            color: colors.brightRed,
+            description: `${criticalCount} critical finding(s) with recommended fixes available.`,
+        };
+    }
+    if (highCount > 0) {
+        return {
+            level: 'High',
+            color: colors.red,
+            description: `${highCount} high-severity finding(s) detected. Fixes available below.`,
+        };
+    }
+    if (mediumCount > 0) {
+        return {
+            level: 'Moderate',
+            color: colors.yellow,
+            description: 'Some findings detected. Review the recommendations below.',
+        };
+    }
+    if (findings.length === 0) {
+        return {
+            level: 'None',
+            color: colors.dim,
+            description: `No NemoClaw installation detected. Run \`${CLI_PREFIX} secure\` for a full scan.`,
+        };
+    }
+    return {
+        level: 'Low',
+        color: colors.green,
+        description: 'No critical or high findings detected.',
+    };
+}
+program
+    .command('secure-nemoclaw')
+    .description(`Security scan for NVIDIA NemoClaw installations
+
+Performs focused security checks for NemoClaw sandbox deployments:
+  - Secrets: NVIDIA API key exposure in configs, logs, Docker, shell history
+  - Network: Gateway/k3s/inference port binding, Docker socket, egress policies
+  - Skills: Blueprint integrity, skill verification, directory permissions
+  - Process: Sandbox privileges, seccomp/Landlock enforcement, root execution
+  - OpenClaw layer: Inherited misconfigs that survive NemoClaw sandboxing
+
+Auto-detects ~/.nemoclaw, ~/.openshell, or ~/.openclaw directories.
+Exit code 1 if critical/high issues found.
+
+Examples:
+  $ hackmyagent secure-nemoclaw                  Scan auto-detected directory
+  $ hackmyagent secure-nemoclaw ~/.nemoclaw      Scan specific directory
+  $ hackmyagent secure-nemoclaw --json           JSON output for CI`)
+    .argument('[directory]', 'Directory to scan (default: ~/.nemoclaw or ~/.openshell)', '')
+    .option('--json', 'Output as JSON (for scripting/CI)')
+    .option('-v, --verbose', 'Show all checks including passed ones')
+    .action(async (directory, options) => {
+    try {
+        const targetDir = detectNemoClawDirectory(directory);
+        if (!options.json) {
+            console.log(`\nNemoClaw Security Report`);
+            console.log(`━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n`);
+            console.log(`Scanning ${targetDir}...\n`);
+        }
+        const scanner = new nemoclaw_scanner_1.NemoClawScanner();
+        const findings = await scanner.scan(targetDir, {});
+        // Enrich with taxonomy
+        const { enrichWithTaxonomy } = require('./hardening/taxonomy');
+        enrichWithTaxonomy(findings);
+        const issues = findings.filter((f) => !f.passed);
+        const passedFindings = findings.filter((f) => f.passed);
+        if (options.json) {
+            const jsonOutput = {
+                target: targetDir,
+                riskLevel: assessNemoClawRiskLevel(issues).level,
+                totalChecks: findings.length,
+                issues: issues.length,
+                passed: passedFindings.length,
+                findings: findings,
+            };
+            writeJsonStdout(jsonOutput);
+            return;
+        }
+        // Risk assessment
+        const risk = assessNemoClawRiskLevel(issues);
+        console.log(`Risk Level: ${risk.color}${risk.level}${RESET()}`);
+        console.log(`${risk.description}\n`);
+        // Summary stats
+        console.log(`Checks: ${findings.length} total | ${issues.length} issues | ${passedFindings.length} passed\n`);
+        // Show issues
+        if (issues.length > 0) {
+            console.log(`${colors.red}Findings:${RESET()}\n`);
+            for (const finding of issues) {
+                const display = SEVERITY_DISPLAY[finding.severity];
+                const location = finding.file
+                    ? finding.line
+                        ? `${finding.file}:${finding.line}`
+                        : finding.file
+                    : '';
+                const sevLabel = finding.severity.charAt(0).toUpperCase() + finding.severity.slice(1);
+                console.log(`${display.color()}${display.symbol} [${finding.checkId}] ${sevLabel}${RESET()}`);
+                console.log(`   ${finding.description}`);
+                if (location) {
+                    console.log(`   File: ${location}`);
+                }
+                if (finding.fix) {
+                    console.log(`   ${colors.cyan}Recommended fix:${RESET()} ${finding.fix}`);
+                }
+                console.log();
+            }
+        }
+        else {
+            console.log(`${colors.green}No NemoClaw-specific issues found.${RESET()}\n`);
+        }
+        // Show passed checks in verbose mode
+        if (options.verbose && passedFindings.length > 0) {
+            console.log(`${colors.green}Passed Checks:${RESET()}`);
+            for (const finding of passedFindings) {
+                console.log(`  ${colors.green}[ok]${RESET()} [${finding.checkId}] ${finding.name}`);
+            }
+            console.log();
+        }
+        // Shodan self-check guidance
+        if (issues.some((f) => f.category === 'network')) {
+            console.log(`${colors.yellow}Internet Exposure Check:${RESET()}`);
+            console.log(`  Check if your instance is visible on Shodan:`);
+            console.log(`  https://www.shodan.io/host/<YOUR-IP>`);
+            console.log(`  Known NemoClaw dorks: port:18789, port:6443 ssl.cert.subject.cn:"k3s-serving"\n`);
+        }
+        console.log(`━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
+        console.log(`Run '${CLI_PREFIX} secure-openclaw' for OpenClaw-specific checks.`);
+        console.log(`Run '${CLI_PREFIX} secure' for a full security scan.\n`);
+        // Exit with non-zero if critical/high issues remain
+        const criticalOrHigh = issues.filter((f) => f.severity === 'critical' || f.severity === 'high');
+        if (criticalOrHigh.length > 0) {
+            process.exit(1);
+        }
+    }
+    catch (error) {
+        console.error(`Error: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        process.exit(1);
+    }
+});
 program
     .command('scan')
     .description(`Scan external target for exposed MCP endpoints
@@ -3940,7 +4106,7 @@ Examples:
         console.log(`\n  Detected: ${result.tool}\n`);
         console.log(`  Added HackMyAgent MCP server to ${result.configPath}\n`);
         console.log(`  Available tools in ${result.tool}:`);
-        console.log(`    hackmyagent_scan       — 147+ checks + structural analysis`);
+        console.log(`    hackmyagent_scan       — 183 checks + structural analysis`);
         console.log(`    hackmyagent_deep_scan  — Full analysis with LLM reasoning`);
         console.log(`    hackmyagent_analyze_file — Analyze a single file`);
         console.log(`    hackmyagent_benchmark  — OASB-1 compliance assessment\n`);
@@ -4047,12 +4213,14 @@ Examples:
         }
         const prefix = getCommandPrefix();
         const scanner = new index_1.SoulScanner();
+        const soulScanStartMs = Date.now();
         const result = await scanner.scanSoul(targetDir, {
             verbose: options.verbose,
             tier: options.tier,
             profile: options.profile,
             deepAnalysis: options.deep,
         });
+        const soulScanDurationMs = Date.now() - soulScanStartMs;
         // JSON output
         if (options.json) {
             // Run publish in JSON mode and include result in output
@@ -4090,6 +4258,7 @@ Examples:
                     process.exit(1);
                 }
             }
+            await handleSoulContribution(options.contribute, targetDir, result, soulScanDurationMs, options.registryUrl, 'json');
             return;
         }
         // Text output
@@ -4203,7 +4372,7 @@ Examples:
         }
         // Community contribution: share anonymized findings with OpenA2A Registry
         const soulFormat = options.json ? 'json' : 'text';
-        await handleSoulContribution(options.contribute, targetDir, result, options.registryUrl, soulFormat);
+        await handleSoulContribution(options.contribute, targetDir, result, soulScanDurationMs, options.registryUrl, soulFormat);
         // In CI mode, exit non-zero if any controls failed
         if (options.ci) {
             const failedControls = result.domains.flatMap(d => d.controls).filter(c => !c.passed);