hackmyagent 0.11.5 → 0.11.7

package/README.md

@@ -1,12 +1,11 @@
-> **[OpenA2A](https://github.com/opena2a-org/opena2a)**: [CLI](https://github.com/opena2a-org/opena2a) · [HackMyAgent](https://github.com/opena2a-org/hackmyagent) · [Secretless](https://github.com/opena2a-org/secretless-ai) · [AIM](https://github.com/opena2a-org/agent-identity-management) · [Browser Guard](https://github.com/opena2a-org/AI-BrowserGuard) · [DVAA](https://github.com/opena2a-org/damn-vulnerable-ai-agent) · Registry (April 2026)
-
+> **[OpenA2A](https://github.com/opena2a-org/opena2a)**: [CLI](https://github.com/opena2a-org/opena2a) · [HackMyAgent](https://github.com/opena2a-org/hackmyagent) · [Secretless](https://github.com/opena2a-org/secretless-ai) · [AIM](https://github.com/opena2a-org/agent-identity-management) · [Browser Guard](https://github.com/opena2a-org/AI-BrowserGuard) · [DVAA](https://github.com/opena2a-org/damn-vulnerable-ai-agent)
 # HackMyAgent
 
 [![npm version](https://img.shields.io/npm/v/hackmyagent.svg)](https://www.npmjs.com/package/hackmyagent)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
-[![Tests](https://img.shields.io/badge/tests-1050%20passing-brightgreen)](https://github.com/opena2a-org/hackmyagent)
+[![Tests](https://img.shields.io/badge/tests-1051%20passing-brightgreen)](https://github.com/opena2a-org/hackmyagent)
 
-**173 security checks for AI agents. Find what can go wrong before an attacker does.**
+**187 security checks for AI agents. Find what can go wrong before an attacker does.**
 
 Security scanner and red-team toolkit for Claude Code, Cursor, VS Code, and any MCP server setup.
 
@@ -30,7 +29,13 @@ npx opena2a-cli review
 
 ## What It Finds
 
-**Attack testing (115 payloads across 11 categories):**
+**Attack testing** -- 115 adversarial payloads across 11 categories (prompt injection, data exfiltration, jailbreak, MCP exploitation, supply chain, memory weaponization, A2A protocol attacks, context window attacks).
+
+**Static analysis** -- 187 security checks across 39 categories covering credentials, MCP configs, OpenClaw/NemoClaw, Unicode steganography, CVE detection, governance, supply chain, memory poisoning, agent identity, and sandbox escape patterns.
+
+<details>
+<summary>Attack testing details (115 payloads)</summary>
+
 - **Prompt injection** -- tests whether agents follow injected instructions from untrusted input
 - **Data exfiltration** -- checks if agents can be tricked into leaking sensitive data to external endpoints
 - **Jailbreak and context manipulation** -- probes agent guardrails with adversarial prompts
@@ -41,19 +46,26 @@ npx opena2a-cli review
 - **A2A protocol attacks** -- identity spoofing, capability escalation in multi-agent communication
 - **Context window attacks** -- token flooding, attention manipulation, context poisoning
 
-**Static analysis (173 checks across 34 categories):**
-- **Unicode steganography** -- invisible codepoints (variation selectors, tag characters), zero-width characters (U+200B-200D), mid-file BOM injection, bidi override attacks (U+202A-202E), homoglyph confusables (Cyrillic/Greek/Fullwidth lookalikes), GlassWorm decoder patterns, and eval-on-invisible-payload detection. Scans JS, TS, Python, Markdown, YAML, JSON, and TOML files. ([real-world: os-info-checker-es6 npm attack, May 2025](https://thehackernews.com/2025/05/malicious-npm-package-leverages-unicode.html))
+</details>
+
+<details>
+<summary>Static analysis details (187 checks)</summary>
+
+- **Unicode steganography** -- invisible codepoints, zero-width chars, bidi attacks, homoglyph confusables, GlassWorm decoders ([real-world: os-info-checker-es6 npm attack, May 2025](https://thehackernews.com/2025/05/malicious-npm-package-leverages-unicode.html))
 - **Hardcoded credentials** -- API keys, tokens, and passwords in source or config files
 - **MCP server misconfigurations** -- open ports, root filesystem access, missing auth
-- **AI agent CVE detection** -- scans for CVE-2026-25253 (OpenClaw WebSocket RCE), CVE-2026-25157, CVE-2026-24763, and ClawHavoc IOCs
-- **OpenClaw security** -- 34 checks for OpenClaw configurations, skills, gateway, and credential redaction ([6 PRs merged upstream](https://opena2a.org/blogs/securing-openclaw-6-prs-merged))
+- **AI agent CVE detection** -- CVE-2026-25253 (OpenClaw RCE), CVE-2026-25157, CVE-2026-24763, ClawHavoc IOCs
+- **OpenClaw security** -- 34 checks for configurations, skills, gateway, credential redaction ([6 PRs merged upstream](https://opena2a.org/blogs/securing-openclaw-6-prs-merged))
+- **NemoClaw/sandbox patterns** -- curl-pipe without checksum, empty artifact digests, exec() injection, predictable /tmp paths, process.env leakage, TOCTOU races, unsafe deserialization, messaging API egress
 - **Governance gaps** -- missing SOUL.md, no capability policies, unsigned MCP servers
 - **Credential scope drift** -- Google Maps keys accessing Gemini, AWS S3 keys reaching Bedrock
 - **Supply chain risks** -- vulnerable dependencies, unsigned skills, tampered packages
 - **Memory and RAG poisoning** -- persistent instruction injection, knowledge base contamination
 - **Agent identity** -- missing cryptographic identity, capability claims without attestation
 
-173 checks across 34 categories. 115 attack payloads. No flags needed.
+</details>
+
+187 checks across 39 categories. 115 attack payloads. No flags needed.
 
 ---
 
@@ -76,7 +88,7 @@ npm install --save-dev hackmyagent
 ```
 
 ┌──────────────────────────────────────────┐
-│  HackMyAgent v0.11.4 — Security Scanner          │
+│  HackMyAgent v0.11.5 — Security Scanner          │
 │  Found: 3 critical · 5 high · 12 medium          │
 │                                                  │
 │  CRED-001  critical  Hardcoded API key in .env   │
@@ -95,9 +107,10 @@ npm install --save-dev hackmyagent
 
 Step-by-step guides for common workflows:
 
-- **[Scan my agent](docs/use-cases/scan-my-agent.md)** -- Run all 173 checks and auto-fix findings (5 min)
+- **[Scan my agent](docs/use-cases/scan-my-agent.md)** -- Run all 187 checks and auto-fix findings (5 min)
 - **[Red-team MCP servers](docs/use-cases/red-team-mcp.md)** -- Test MCP servers with adversarial payloads (10 min)
 - **[Secure OpenClaw](docs/use-cases/openclaw-security.md)** -- OpenClaw-specific checks, CVE detection, ClawHavoc IOC scanning (10 min)
+- **Secure NemoClaw** -- Scan NVIDIA NemoClaw sandbox installations for credential exposure, network misconfig, and sandbox escape vectors (5 min)
 - **[CI/CD pipeline](docs/use-cases/ci-pipeline.md)** -- GitHub Actions with JSON/SARIF output (5 min)
 
 ---
@@ -131,7 +144,7 @@ hackmyagent secure --publish                  # push results to OpenA2A Registry
 
 
 <details>
-<summary>All 34 security categories</summary>
+<summary>All 35 security categories</summary>
 
 | Category | Checks | What it detects |
 |----------|--------|-----------------|
@@ -169,6 +182,7 @@ hackmyagent secure --publish                  # push results to OpenA2A Registry
 | MEM | 5 | Memory poisoning, context injection |
 | RAG | 4 | RAG/knowledge base poisoning |
 | AIM | 3 | Agent identity verification |
+| NEMO | 10 | NemoClaw/sandbox patterns: curl-pipe, digest bypass, exec injection, /tmp races, env leakage |
 
 </details>
 
@@ -264,11 +278,25 @@ hackmyagent harden-soul --dry-run         # preview without writing
 ```
 
 
+---
+
+### `hackmyagent secure-nemoclaw` -- NemoClaw Sandbox Scanner
+
+Scan NVIDIA NemoClaw installations for credential exposure, network misconfiguration, blueprint integrity issues, sandbox escape vectors, and inherited OpenClaw vulnerabilities. 28 checks across 6 categories.
+
+```bash
+hackmyagent secure-nemoclaw                  # scan auto-detected directory
+hackmyagent secure-nemoclaw ~/.nemoclaw      # scan specific directory
+hackmyagent secure-nemoclaw --json           # JSON output for CI
+hackmyagent secure-nemoclaw --verbose        # show all checks including passed
+```
+
+
 ---
 
 ### `hackmyagent trust` -- Package Trust Verification
 
-Check trust levels for AI packages before installing them. Queries the [OpenA2A Registry](https://registry.opena2a.org) trust graph.
+Check trust levels for AI packages before installing them. Queries the OpenA2A Registry trust graph (launching April 2026).
 
 ```bash
 hackmyagent trust server-filesystem          # MCP shorthand

package/dist/cli.js

@@ -43,6 +43,7 @@ const index_1 = require("./index");
 const resolve_mcp_1 = require("./resolve-mcp");
 const nemoclaw_scanner_1 = require("./hardening/nemoclaw-scanner");
 const program = new commander_1.Command();
+program.showHelpAfterError('(run with --help for usage)');
 // Write JSON to stdout synchronously with retry for pipe backpressure.
 // process.stdout.write() is async and gets truncated when process.exit()
 // runs before the stream flushes. fs.writeFileSync(1, ...) can fail with
@@ -104,19 +105,19 @@ program
     .name('hackmyagent')
     .description(`Find it. Break it. Fix it.
 
-The hacker's toolkit for AI agents. 147+ security checks, 115 attack
+The hacker's toolkit for AI agents. 187 security checks, 115 attack
 payloads, auto-fix with rollback, and OASB benchmark compliance.
 
 Documentation: https://hackmyagent.com/docs
 
 Updates (v${index_1.VERSION}):
-  - MCP JSON-RPC and A2A protocol attack modes
-  - SARIF and HTML output for all scan modes
-  - Semantic engine (structural + LLM analysis)
-  - OpenA2A Registry integration for trust scoring
+  - NemoClaw sandbox scanner (28 installation checks)
+  - 10 new static analysis patterns (NEMO series)
+  - Community trust contributions
+  - 187 checks across 39 categories
 
 Examples:
-  $ hackmyagent secure                         Find vulnerabilities (147+ checks)
+  $ hackmyagent secure                         Find vulnerabilities (187 checks)
   $ hackmyagent attack --local                 Break it with 115 attack payloads
   $ hackmyagent secure --fix                   Fix issues automatically
   $ hackmyagent fix-all                        Run all security plugins
@@ -125,7 +126,7 @@ Examples:
     .option('--no-color', 'Disable colored output (also respects NO_COLOR env)');
 program.addHelpText('beforeAll', `
 Quick start:
-  $ hackmyagent secure              Scan current directory (147+ checks)
+  $ hackmyagent secure              Scan current directory (187 checks)
   $ hackmyagent fix-all --with-aim  Auto-fix + create agent identity
   $ hackmyagent attack              Red-team your agent
 `);
@@ -1621,7 +1622,7 @@ program
     .command('secure')
     .description(`Scan and harden your agent setup
 
-Performs 147 security checks across 30 categories:
+Performs 187 security checks across 39 categories:
   • Credentials: API key exposure, secrets in configs
   • MCP: Server configs, tool permissions, secrets
   • Network: TLS, interface bindings, CORS
@@ -1679,7 +1680,7 @@ Examples:
     .option('--ci', 'CI mode: suppress interactive prompts, exit non-zero on findings')
     .action(async (directory, options) => {
     try {
-        const targetDir = directory.startsWith('/') ? directory : process.cwd() + '/' + directory;
+        const targetDir = require("path").resolve(directory);
         // CI mode: force non-interactive defaults
         if (options.ci) {
             if (!options.format && !options.json)
@@ -1962,8 +1963,12 @@ Examples:
             console.log(`${colors.green}No issues found.${RESET()}\n`);
         }
         else if (issues.length > 0) {
-            // Print issues - clean format
-            console.log(`${issues.length} issue${issues.length === 1 ? '' : 's'} found:\n`);
+            // Print issues - clean format with fixable count
+            const fixableCount = issues.filter((f) => f.fixable).length;
+            const fixableNote = fixableCount > 0
+                ? ` (${fixableCount} auto-fixable with \`${CLI_PREFIX} secure --fix\`)`
+                : '';
+            console.log(`${issues.length} issue${issues.length === 1 ? '' : 's'} found${fixableNote}:\n`);
             for (const finding of issues) {
                 const display = SEVERITY_DISPLAY[finding.severity];
                 const location = finding.file
@@ -2022,17 +2027,32 @@ Examples:
                 console.log(`  No changes were made.\n`);
             }
         }
-        // Print fixed findings
+        // Print fixed findings with detailed summary
         if (fixedFindings.length > 0) {
-            console.log(`${colors.green}Fixed ${fixedFindings.length} issue${fixedFindings.length === 1 ? '' : 's'}:${RESET()}`);
+            const verifiedCount = fixedFindings.filter((f) => f.fixVerified).length;
+            const unverifiedCount = fixedFindings.filter((f) => f.fixVerified === false).length;
+            console.log(`${colors.green}Fixed ${fixedFindings.length} issue${fixedFindings.length === 1 ? '' : 's'}${verifiedCount > 0 ? ` (${verifiedCount} verified)` : ''}:${RESET()}`);
             for (const finding of fixedFindings) {
-                const location = finding.file || '';
-                console.log(`  ${colors.green}✓${RESET()} ${location} - ${finding.name}`);
+                const location = finding.file ? (finding.line ? `${finding.file}:${finding.line}` : finding.file) : '';
+                const verified = finding.fixVerified;
+                const verifyIcon = verified === true ? `${colors.green}✓✓${RESET()}` : verified === false ? `${colors.yellow}✓?${RESET()}` : `${colors.green}✓${RESET()}`;
+                console.log(`  ${verifyIcon} [${finding.checkId}] ${location} - ${finding.name}`);
+                if (finding.fixMessage) {
+                    console.log(`    ${colors.cyan}→${RESET()} ${finding.fixMessage}`);
+                }
+            }
+            if (unverifiedCount > 0) {
+                console.log(`\n  ${colors.yellow}${unverifiedCount} fix${unverifiedCount === 1 ? '' : 'es'} could not be verified. Review these manually.${RESET()}`);
             }
             console.log();
+            // Remaining fixable issues
+            const remainingFixable = issues.filter((f) => f.fixable && !f.fixed);
+            if (remainingFixable.length > 0) {
+                console.log(`${colors.yellow}${remainingFixable.length} more issue${remainingFixable.length === 1 ? '' : 's'} can be auto-fixed.${RESET()} Run \`${CLI_PREFIX} secure --fix\` again.\n`);
+            }
             if (result.backupPath) {
-                console.log(`Backup: ${result.backupPath}`);
-                console.log(`Undo: ${CLI_PREFIX} rollback ${directory}\n`);
+                console.log(`${colors.yellow}Backup created:${RESET()} ${result.backupPath}`);
+                console.log(`${colors.yellow}Something wrong?${RESET()} Run \`${CLI_PREFIX} rollback ${directory}\` to undo all changes.\n`);
             }
         }
         // Registry reporting: only when explicitly requested via --version-id (CI) or --registry-report
@@ -2644,7 +2664,7 @@ Examples:
     .argument('[directory]', 'Directory to rollback (defaults to current directory)', '.')
     .action(async (directory) => {
     try {
-        const targetDir = directory.startsWith('/') ? directory : process.cwd() + '/' + directory;
+        const targetDir = require("path").resolve(directory);
         console.log(`\nRolling back changes in ${targetDir}...\n`);
         const scanner = new index_1.HardeningScanner();
         await scanner.rollback(targetDir);
@@ -4096,7 +4116,7 @@ Examples:
     .option('-t, --tool <name>', 'Force specific tool: claude, cursor, vscode')
     .action(async (directory, options) => {
     try {
-        const targetDir = directory.startsWith('/') ? directory : process.cwd() + '/' + directory;
+        const targetDir = require("path").resolve(directory);
         const { initMcp } = await Promise.resolve().then(() => __importStar(require('./init-mcp')));
         const result = initMcp(targetDir, options.tool);
         if (!result.created) {
@@ -4106,7 +4126,7 @@ Examples:
         console.log(`\n  Detected: ${result.tool}\n`);
         console.log(`  Added HackMyAgent MCP server to ${result.configPath}\n`);
         console.log(`  Available tools in ${result.tool}:`);
-        console.log(`    hackmyagent_scan       — 147+ checks + structural analysis`);
+        console.log(`    hackmyagent_scan       — 187 checks + structural analysis`);
         console.log(`    hackmyagent_deep_scan  — Full analysis with LLM reasoning`);
         console.log(`    hackmyagent_analyze_file — Analyze a single file`);
         console.log(`    hackmyagent_benchmark  — OASB-1 compliance assessment\n`);
@@ -4201,7 +4221,7 @@ Examples:
     .option('--ci', 'CI mode: suppress interactive prompts, exit non-zero on findings')
     .action(async (directory, options) => {
     try {
-        const targetDir = directory.startsWith('/') ? directory : process.cwd() + '/' + directory;
+        const targetDir = require("path").resolve(directory);
         // CI mode: force non-interactive defaults
         if (options.ci) {
             if (options.contribute === undefined)
@@ -4418,7 +4438,7 @@ Examples:
     .option('--json', 'Output as JSON')
     .action(async (directory, options) => {
     try {
-        const targetDir = directory.startsWith('/') ? directory : process.cwd() + '/' + directory;
+        const targetDir = require("path").resolve(directory);
         if (!require('fs').existsSync(targetDir)) {
             process.stderr.write(`Error: Directory '${targetDir}' does not exist.\n`);
             process.exit(1);