hackmyagent 0.4.2 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +11 -9
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -7,16 +7,18 @@
7
7
 
8
8
  **Website:** [hackmyagent.com](https://hackmyagent.com) — Scan external infrastructure for exposed MCP endpoints, configs, and credentials
9
9
 
10
- ## What's New — v0.4.0
10
+ ## What's New — v0.4.3
11
11
 
12
12
  **First scanner for [CVE-2026-25253](https://hackmyagent.com/blog/cve-2026-25253-detection)** (CVSS 8.8) — the OpenClaw WebSocket hijacking RCE.
13
13
 
14
14
  - **CVE-001:** Detect vulnerable OpenClaw versions (before v2026.1.29)
15
15
  - **CVE-002:** Control UI origin restrictions (defense-in-depth hardening)
16
+ - **CVE-003:** CVE-2026-25157 — OS command injection via SSH path (CVSS 7.8)
17
+ - **CVE-004:** CVE-2026-24763 — Docker PATH command injection (CVSS 8.8)
16
18
  - **SUPPLY-005–008:** ClawHavoc campaign IOCs (C2 IPs, malware filenames, ClickFix patterns)
17
19
  - **GATEWAY-007–008, CONFIG-007–009:** Config hardening (open DM wildcards, disabled sandbox, weak tokens)
18
20
 
19
- 11 new checks. 145+ total.
21
+ 13 new checks. 147+ total.
20
22
 
21
23
  ## Disclaimer
22
24
 
@@ -24,7 +26,7 @@ HackMyAgent performs passive reconnaissance only (port checks and HTTP requests)
24
26
 
25
27
  ```bash
26
28
  npx hackmyagent check @publisher/skill # verify a skill before installing
27
- npx hackmyagent secure # harden your agent setup (145+ checks)
29
+ npx hackmyagent secure # harden your agent setup (147+ checks)
28
30
  npx hackmyagent secure --fix # auto-fix security issues
29
31
  npx hackmyagent scan example.com # scan for exposed infrastructure
30
32
  npx hackmyagent attack --local # red team with 55 attack payloads
@@ -43,7 +45,7 @@ npx hackmyagent secure --benchmark oasb-1 # run OASB-1 security benchmark
43
45
  CVE-2026-25253 turned every OpenClaw installation into a remote code execution target. 341 malicious skills were distributed through ClawHub. AI agent security is no longer theoretical — HackMyAgent helps you:
44
46
 
45
47
  - **Check** skills before installing (publisher verification, permission analysis)
46
- - **Secure** your agent setup (145+ security checks with auto-remediation)
48
+ - **Secure** your agent setup (147+ security checks with auto-remediation)
47
49
  - **Scan** external infrastructure (exposed MCP endpoints, leaked configs)
48
50
 
49
51
  ## Installation
@@ -63,7 +65,7 @@ npm install --save-dev hackmyagent
63
65
 
64
66
  ### `hackmyagent secure`
65
67
 
66
- Scan and harden your local agent setup with 145+ security checks across 31 categories.
68
+ Scan and harden your local agent setup with 147+ security checks across 31 categories.
67
69
 
68
70
  ```bash
69
71
  # Basic scan
@@ -116,7 +118,7 @@ hackmyagent secure --verbose
116
118
  | API | 4 | API security |
117
119
  | VSCODE | 4 | VS Code configuration |
118
120
  | CURSOR | 4 | Cursor IDE configuration |
119
- | CVE | 2 | CVE-2026-25253 detection |
121
+ | CVE | 4 | OpenClaw CVE detection |
120
122
  | GATEWAY | 8 | Gateway misconfigurations |
121
123
  | CONFIG | 9 | Insecure settings |
122
124
  | SUPPLY | 8 | Supply chain attacks |
@@ -329,7 +331,7 @@ hackmyagent secure -b oasb-1 --fail-below 70
329
331
 
330
332
  ### `hackmyagent secure-openclaw`
331
333
 
332
- Scan OpenClaw/Moltbot installations with 45 specialized security checks and auto-remediation.
334
+ Scan OpenClaw/Moltbot installations with 47 specialized security checks and auto-remediation.
333
335
 
334
336
  ```bash
335
337
  hackmyagent secure-openclaw # scan default location
@@ -367,7 +369,7 @@ hackmyagent secure-openclaw --json # JSON output for CI/CD
367
369
  | GATEWAY | 8 | Gateway misconfigurations (4 auto-fixable) |
368
370
  | CONFIG | 9 | Insecure settings |
369
371
  | SUPPLY | 8 | Supply chain attacks |
370
- | CVE | 2 | CVE-2026-25253 detection |
372
+ | CVE | 4 | OpenClaw CVE detection |
371
373
 
372
374
  See [SECURITY_CHECKS.md](docs/SECURITY_CHECKS.md#openclaw-security-checks) for full documentation.
373
375
 
@@ -462,7 +464,7 @@ hackmyagent secure --json | jq '.findings[] | select(.severity == "critical")'
462
464
 
463
465
  ## Security Check Reference
464
466
 
465
- For the complete list of 145+ security checks with descriptions and remediation guidance, see [SECURITY_CHECKS.md](docs/SECURITY_CHECKS.md).
467
+ For the complete list of 147+ security checks with descriptions and remediation guidance, see [SECURITY_CHECKS.md](docs/SECURITY_CHECKS.md).
466
468
 
467
469
  ## Auto-Fix Capabilities
468
470
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "hackmyagent",
3
- "version": "0.4.2",
3
+ "version": "0.4.3",
4
4
  "description": "Security toolkit for AI agents - verify skills, harden setups, scan for exposures",
5
5
  "bin": {
6
6
  "hackmyagent": "dist/index.js"