hackmyagent 0.3.8 → 0.3.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +53 -10
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -223,7 +223,7 @@ Only `id` and `payload` are required. See `--help` for all defaults.
|
|
|
223
223
|
|
|
224
224
|
### `hackmyagent secure --benchmark`
|
|
225
225
|
|
|
226
|
-
Run the OASB-1 (Open Agent Security Benchmark)
|
|
226
|
+
Run the [OASB-1](https://oasb.ai/oasb-1) (Open Agent Security Benchmark) — 46 controls across 10 categories that measure how secure your AI agent setup is.
|
|
227
227
|
|
|
228
228
|
```bash
|
|
229
229
|
# Run benchmark (L1 by default)
|
|
@@ -233,9 +233,15 @@ hackmyagent secure --benchmark oasb-1
|
|
|
233
233
|
hackmyagent secure ./my-project --benchmark oasb-1
|
|
234
234
|
|
|
235
235
|
# Different maturity levels
|
|
236
|
-
hackmyagent secure -b oasb-1 -l L1 # Essential (
|
|
237
|
-
hackmyagent secure -b oasb-1 -l L2 # Standard
|
|
238
|
-
hackmyagent secure -b oasb-1 -l L3 # Hardened
|
|
236
|
+
hackmyagent secure -b oasb-1 -l L1 # Essential (26 controls)
|
|
237
|
+
hackmyagent secure -b oasb-1 -l L2 # Standard (44 controls)
|
|
238
|
+
hackmyagent secure -b oasb-1 -l L3 # Hardened (46 controls)
|
|
239
|
+
|
|
240
|
+
# Verbose — see every control with pass/fail/unverified status
|
|
241
|
+
hackmyagent secure -b oasb-1 -v
|
|
242
|
+
|
|
243
|
+
# Filter by category
|
|
244
|
+
hackmyagent secure -b oasb-1 --category "Credential Protection"
|
|
239
245
|
|
|
240
246
|
# Output formats
|
|
241
247
|
hackmyagent secure -b oasb-1 -f json
|
|
@@ -243,16 +249,53 @@ hackmyagent secure -b oasb-1 -f sarif -o results.sarif
|
|
|
243
249
|
hackmyagent secure -b oasb-1 -f html -o report.html
|
|
244
250
|
hackmyagent secure -b oasb-1 -f asp -o profile.asp.json
|
|
245
251
|
|
|
246
|
-
# CI/CD
|
|
252
|
+
# CI/CD gate — exit 1 if compliance is below threshold
|
|
247
253
|
hackmyagent secure -b oasb-1 --fail-below 70
|
|
248
254
|
```
|
|
249
255
|
|
|
256
|
+
**OASB-1 Categories (46 controls):**
|
|
257
|
+
|
|
258
|
+
| # | Category | Controls | What it checks |
|
|
259
|
+
|---|----------|----------|----------------|
|
|
260
|
+
| 1 | Identity & Provenance | 4 | Cryptographic identity, ownership, provenance chain |
|
|
261
|
+
| 2 | Capability & Authorization | 5 | Least privilege, capability boundaries, human-in-the-loop |
|
|
262
|
+
| 3 | Input Security | 5 | Prompt injection, input validation, URL/SSRF protection |
|
|
263
|
+
| 4 | Output Security | 4 | Output validation, destructive op confirmation, exfiltration prevention |
|
|
264
|
+
| 5 | Credential Protection | 5 | Hardcoded secrets, context window isolation, log redaction |
|
|
265
|
+
| 6 | Supply Chain Integrity | 5 | Dependency scanning, lockfiles, rug pull protection, SBOM |
|
|
266
|
+
| 7 | Agent-to-Agent Security | 4 | Mutual auth, message integrity, trust boundaries |
|
|
267
|
+
| 8 | Memory & Context Integrity | 4 | Context injection, memory isolation, summarization security |
|
|
268
|
+
| 9 | Operational Security | 5 | Non-root execution, sandboxing, network isolation, resource limits |
|
|
269
|
+
| 10 | Monitoring & Response | 5 | Security logging, anomaly detection, kill switch, incident response |
|
|
270
|
+
|
|
271
|
+
**Maturity Levels:**
|
|
272
|
+
|
|
273
|
+
| Level | Controls | Purpose |
|
|
274
|
+
|-------|----------|---------|
|
|
275
|
+
| L1 - Essential | 26 | Baseline security every agent should meet |
|
|
276
|
+
| L2 - Standard | 44 (L1 + 18) | Production-grade agent security |
|
|
277
|
+
| L3 - Hardened | 46 (L2 + 2) | High-security environments, multi-modal threats |
|
|
278
|
+
|
|
279
|
+
**Rating System:**
|
|
280
|
+
|
|
281
|
+
| Rating | L1 Criteria | L2 Criteria | L3 Criteria |
|
|
282
|
+
|--------|-------------|-------------|-------------|
|
|
283
|
+
| Certified | 100% | L1=100% + L2=100% | All 100% |
|
|
284
|
+
| Compliant | — | L1=100% + L2≥90% | L1=100% + L2≥90% |
|
|
285
|
+
| Passing | ≥90% | L1≥90% | L1≥90% |
|
|
286
|
+
| Needs Improvement | ≥70% | L1≥70% | L1≥70% |
|
|
287
|
+
| Failing | <70% | L1<70% | L1<70% |
|
|
288
|
+
|
|
250
289
|
**Output Formats:**
|
|
251
|
-
- `text`
|
|
252
|
-
- `json`
|
|
253
|
-
- `sarif`
|
|
254
|
-
- `html`
|
|
255
|
-
- `asp`
|
|
290
|
+
- `text` — Terminal report with category breakdown (default)
|
|
291
|
+
- `json` — Machine-readable JSON with full control details
|
|
292
|
+
- `sarif` — SARIF 2.1.0 for GitHub Security tab and IDE integration
|
|
293
|
+
- `html` — Standalone HTML report with donut chart, radar chart, and grades
|
|
294
|
+
- `asp` — Agent Security Profile (portable security posture document)
|
|
295
|
+
|
|
296
|
+
**Exit Codes:**
|
|
297
|
+
- `0` — Rating is Passing or better (or compliance above `--fail-below` threshold)
|
|
298
|
+
- `1` — Rating is Failing or Needs Improvement (or compliance below threshold)
|
|
256
299
|
|
|
257
300
|
### `hackmyagent secure-openclaw`
|
|
258
301
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "hackmyagent",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.9",
|
|
4
4
|
"description": "Security toolkit for AI agents - verify skills, harden setups, scan for exposures",
|
|
5
5
|
"bin": {
|
|
6
6
|
"hackmyagent": "dist/index.js"
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
},
|
|
19
19
|
"dependencies": {
|
|
20
20
|
"commander": "^12.0.0",
|
|
21
|
-
"hackmyagent-core": "^0.3.
|
|
21
|
+
"hackmyagent-core": "^0.3.9"
|
|
22
22
|
},
|
|
23
23
|
"devDependencies": {
|
|
24
24
|
"typescript": "^5.3.3"
|