mobbdev 1.2.8 → 1.2.21

package/dist/index.mjs

@@ -120,10 +120,13 @@ function getSdk(client, withWrapper = defaultWrapper) {
     },
     streamCommitBlameRequests(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: StreamCommitBlameRequestsDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "streamCommitBlameRequests", "subscription", variables);
+    },
+    ScanSkill(variables, requestHeaders, signal) {
+      return withWrapper((wrappedRequestHeaders) => client.request({ document: ScanSkillDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "ScanSkill", "mutation", variables);
     }
   };
 }
-var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, defaultWrapper;
+var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, defaultWrapper;
 var init_client_generates = __esm({
   "src/features/analysis/scm/generates/client_generates.ts"() {
     "use strict";
@@ -277,6 +280,7 @@ var init_client_generates = __esm({
       IssueType_Enum2["MissingTemplateStringIndicator"] = "MISSING_TEMPLATE_STRING_INDICATOR";
       IssueType_Enum2["MissingUser"] = "MISSING_USER";
       IssueType_Enum2["MissingWhitespace"] = "MISSING_WHITESPACE";
+      IssueType_Enum2["MissingWorkflowPermissions"] = "MISSING_WORKFLOW_PERMISSIONS";
       IssueType_Enum2["ModifiedDefaultParam"] = "MODIFIED_DEFAULT_PARAM";
       IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
       IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
@@ -1196,6 +1200,32 @@ var init_client_generates = __esm({
     completedOn
     error
   }
+}
+    `;
+    ScanSkillDocument = `
+    mutation ScanSkill($skillUrl: String!) {
+  scanSkill(skillUrl: $skillUrl) {
+    skillName
+    skillHash
+    skillVersion
+    verdict
+    findingsCount
+    findings {
+      category
+      severity
+      ruleId
+      explanation
+      evidence
+      filePath
+      lineNumber
+      confidence
+      layer
+    }
+    scanDurationMs
+    layersExecuted
+    cached
+    summary
+  }
 }
     `;
     defaultWrapper = (action, _operationName, _operationType, _variables) => action();
@@ -1380,7 +1410,8 @@ var init_getIssueType = __esm({
       ["RETURN_IN_INIT" /* ReturnInInit */]: "Return in Init",
       ["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: "Action Not Pinned to Commit Sha",
       ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
-      ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check"
+      ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
+      ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions"
     };
     issueTypeZ = z.nativeEnum(IssueType_Enum);
     getIssueTypeFriendlyString = (issueType) => {
@@ -1507,6 +1538,7 @@ var init_fix = __esm({
     });
     IssueSharedStateZ = z7.object({
       id: z7.string(),
+      createdAt: z7.string(),
       isArchived: z7.boolean(),
       ticketIntegrationId: z7.string().nullable(),
       ticketIntegrations: z7.array(
@@ -3801,7 +3833,7 @@ ${rootContent}`;
         }
       }
       /**
-       * Gets local commit data including diff, timestamp, and parent commits.
+       * Gets local commit data including diff and timestamp.
        * Used by Tracy extension to send commit data directly without requiring SCM token.
        * @param commitSha The commit SHA to get data for
        * @param maxDiffSizeBytes Maximum diff size in bytes (default 3MB). Returns null if exceeded.
@@ -3813,7 +3845,7 @@ ${rootContent}`;
           const DIFF_DELIMITER = "---MOBB_DIFF_START---";
           const output = await this.git.show([
             commitSha,
-            `--format=%cI%n%P%n${DIFF_DELIMITER}`,
+            `--format=%cI%n${DIFF_DELIMITER}`,
             "--patch"
           ]);
           const delimiterIndex = output.indexOf(DIFF_DELIMITER);
@@ -3868,7 +3900,7 @@ import Debug19 from "debug";
 import { hideBin } from "yargs/helpers";
 
 // src/args/yargs.ts
-import chalk13 from "chalk";
+import chalk15 from "chalk";
 import yargs from "yargs/yargs";
 
 // src/args/commands/convert_to_sarif.ts
@@ -4241,7 +4273,8 @@ var fixDetailsData = {
   ["RETURN_IN_INIT" /* ReturnInInit */]: void 0,
   ["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: void 0,
   ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
-  ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0
+  ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
+  ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0
 };
 
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -6763,7 +6796,7 @@ async function getAdoSdk(params) {
       const url = new URL(repoUrl);
       const origin2 = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
       const params2 = `path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
-      const path25 = [
+      const path26 = [
         prefixPath,
         owner,
         projectName,
@@ -6774,7 +6807,7 @@ async function getAdoSdk(params) {
         "items",
         "items"
       ].filter(Boolean).join("/");
-      return new URL(`${path25}?${params2}`, origin2).toString();
+      return new URL(`${path26}?${params2}`, origin2).toString();
     },
     async getAdoBranchList({ repoUrl }) {
       try {
@@ -8318,7 +8351,7 @@ function getGithubSdk(params = {}) {
           if (res.status === 204) {
             return true;
           }
-        } catch (collaboratorError) {
+        } catch (_collaboratorError) {
           try {
             const permissionRes = await octokit.rest.repos.getCollaboratorPermissionLevel({
               owner,
@@ -8328,16 +8361,16 @@ function getGithubSdk(params = {}) {
             if (permissionRes.data.permission !== "none") {
               return true;
             }
-          } catch (permissionError) {
+          } catch (_permissionError) {
             try {
               await octokit.rest.repos.get({ owner, repo });
               return true;
-            } catch (repoError) {
+            } catch (_repoError) {
               return false;
             }
           }
         }
-      } catch (e) {
+      } catch (_e) {
         return false;
       }
       return false;
@@ -8378,7 +8411,7 @@ function getGithubSdk(params = {}) {
           branch
         });
         return branch === res.data.name;
-      } catch (e) {
+      } catch (_e) {
         return false;
       }
     },
@@ -8573,7 +8606,7 @@ function getGithubSdk(params = {}) {
       const sourceFileContentResponse = await octokit.rest.repos.getContent({
         owner: sourceOwner,
         repo: sourceRepo,
-        path: "/" + sourceFilePath
+        path: `/${sourceFilePath}`
       });
       const { data: repository } = await octokit.rest.repos.get({ owner, repo });
       const defaultBranch = repository.default_branch;
@@ -8601,7 +8634,7 @@ function getGithubSdk(params = {}) {
         const secondFileContentResponse = await octokit.rest.repos.getContent({
           owner: sourceOwner,
           repo: sourceRepo,
-          path: "/" + secondFilePath
+          path: `/${secondFilePath}`
         });
         const secondDecodedContent = Buffer.from(
           // Check if file content exists and handle different response types
@@ -10369,6 +10402,7 @@ async function getGitlabMergeRequestDiff({
     title: mr.title,
     description: mr.description || void 0,
     commits,
+    headCommitSha: mr.sha,
     diffLines
   };
 }
@@ -11741,7 +11775,8 @@ var mobbCliCommand = {
   claudeCodeInstallHook: "claude-code-install-hook",
   claudeCodeProcessHook: "claude-code-process-hook",
   windsurfIntellijInstallHook: "windsurf-intellij-install-hook",
-  windsurfIntellijProcessHook: "windsurf-intellij-process-hook"
+  windsurfIntellijProcessHook: "windsurf-intellij-process-hook",
+  scanSkill: "scan-skill"
 };
 var ScanContext = {
   FULL_SCAN: "FULL_SCAN",
@@ -11752,10 +11787,11 @@ var ScanContext = {
 };
 
 // src/args/commands/analyze.ts
-import fs11 from "fs";
-import chalk8 from "chalk";
+import fs12 from "fs";
+import chalk9 from "chalk";
 
 // src/commands/index.ts
+import chalk7 from "chalk";
 import chalkAnimation from "chalk-animation";
 
 // src/features/analysis/index.ts
@@ -12541,6 +12577,9 @@ var GQLClient = class {
   async getTracyDiffUploadUrl(variables) {
     return await this._clientSdk.GetTracyDiffUploadUrl(variables);
   }
+  async scanSkill(variables) {
+    return await this._clientSdk.ScanSkill(variables);
+  }
 };
 
 // src/mcp/services/types.ts
@@ -13146,7 +13185,7 @@ async function postIssueComment(params) {
     fpDescription
   } = params;
   const {
-    path: path25,
+    path: path26,
     startLine,
     vulnerabilityReportIssue: {
       vulnerabilityReportIssueTags,
@@ -13161,7 +13200,7 @@ async function postIssueComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path25,
+    path: path26,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -13195,7 +13234,7 @@ async function postFixComment(params) {
     scanner
   } = params;
   const {
-    path: path25,
+    path: path26,
     startLine,
     vulnerabilityReportIssue: { fixId, vulnerabilityReportIssueTags, category },
     vulnerabilityReportIssueId
@@ -13213,7 +13252,7 @@ async function postFixComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path25,
+    path: path26,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -14776,6 +14815,85 @@ async function waitForAnaysisAndReviewPr({
   }
 }
 
+// src/commands/scan_skill_input.ts
+import fs11 from "fs";
+import path10 from "path";
+import AdmZip2 from "adm-zip";
+var LOCAL_SKILL_ZIP_DATA_URL_PREFIX = "data:application/zip;base64,";
+var MAX_LOCAL_SKILL_ARCHIVE_BYTES = 2 * 1024 * 1024;
+async function resolveSkillScanInput(skillInput) {
+  const resolvedPath = path10.resolve(skillInput);
+  if (!fs11.existsSync(resolvedPath)) {
+    return skillInput;
+  }
+  const stat = fs11.statSync(resolvedPath);
+  if (!stat.isDirectory()) {
+    throw new CliError(
+      "Local skill input must be a directory containing SKILL.md"
+    );
+  }
+  return packageLocalSkillDirectory(resolvedPath);
+}
+function packageLocalSkillDirectory(directoryPath) {
+  const zip = new AdmZip2();
+  const rootPath = path10.resolve(directoryPath);
+  const filePaths = listDirectoryFiles(rootPath);
+  let hasSkillMd = false;
+  for (const relativePath of filePaths) {
+    const fullPath = path10.join(rootPath, relativePath);
+    const normalizedFullPath = path10.resolve(fullPath);
+    if (normalizedFullPath !== rootPath && !normalizedFullPath.startsWith(rootPath + path10.sep)) {
+      continue;
+    }
+    const fileContent = fs11.readFileSync(normalizedFullPath);
+    zip.addFile(relativePath, fileContent);
+    if (path10.basename(relativePath).toLowerCase() === "skill.md") {
+      hasSkillMd = true;
+    }
+  }
+  if (!hasSkillMd) {
+    throw new CliError("Local skill directory must contain a SKILL.md file");
+  }
+  const zipBuffer = zip.toBuffer();
+  if (zipBuffer.length > MAX_LOCAL_SKILL_ARCHIVE_BYTES) {
+    throw new CliError(
+      `Local skill directory is too large to scan via CLI (${zipBuffer.length} bytes > ${MAX_LOCAL_SKILL_ARCHIVE_BYTES} bytes)`
+    );
+  }
+  return `${LOCAL_SKILL_ZIP_DATA_URL_PREFIX}${zipBuffer.toString("base64")}`;
+}
+function listDirectoryFiles(rootPath) {
+  const files = [];
+  function walk(relativeDir) {
+    const absoluteDir = path10.join(rootPath, relativeDir);
+    const entries = fs11.readdirSync(absoluteDir, { withFileTypes: true }).sort((left, right) => left.name.localeCompare(right.name));
+    for (const entry of entries) {
+      const safeEntryName = path10.basename(entry.name).replace(/\0/g, "");
+      if (!safeEntryName) {
+        continue;
+      }
+      const relativePath = relativeDir ? path10.posix.join(relativeDir, safeEntryName) : safeEntryName;
+      const absolutePath = path10.join(rootPath, relativePath);
+      const normalizedAbsolutePath = path10.resolve(absolutePath);
+      if (normalizedAbsolutePath !== rootPath && !normalizedAbsolutePath.startsWith(rootPath + path10.sep)) {
+        continue;
+      }
+      if (entry.isSymbolicLink()) {
+        continue;
+      }
+      if (entry.isDirectory()) {
+        walk(relativePath);
+        continue;
+      }
+      if (entry.isFile()) {
+        files.push(relativePath);
+      }
+    }
+  }
+  walk("");
+  return files;
+}
+
 // src/commands/index.ts
 async function review(params, { skipPrompts = true } = {}) {
   const {
@@ -14901,10 +15019,80 @@ async function showWelcomeMessage(skipPrompts = false) {
   skipPrompts ? await sleep(100) : await sleep(2e3);
   welcome.stop();
 }
+var VERDICT_COLORS = {
+  BENIGN: "green",
+  WARNING: "yellow",
+  SUSPICIOUS: "magenta",
+  MALICIOUS: "red"
+};
+var SEVERITY_COLORS = {
+  CRITICAL: "red",
+  HIGH: "magenta",
+  MEDIUM: "yellow",
+  LOW: "cyan"
+};
+async function scanSkill(options) {
+  const { url, apiKey, ci } = options;
+  const gqlClient = await getAuthenticatedGQLClient({
+    inputApiKey: apiKey,
+    isSkipPrompts: ci
+  });
+  console.log(chalk7.dim(`Scanning skill: ${url}`));
+  console.log();
+  const skillUrl = await resolveSkillScanInput(url);
+  const result = await gqlClient.scanSkill({ skillUrl });
+  const scan2 = result.scanSkill;
+  const verdictColor = VERDICT_COLORS[scan2.verdict] ?? "white";
+  console.log(
+    chalk7.bold(`Verdict: `) + chalk7[verdictColor](
+      scan2.verdict
+    )
+  );
+  console.log(`Skill: ${scan2.skillName}`);
+  if (scan2.skillVersion) {
+    console.log(`Version: ${scan2.skillVersion}`);
+  }
+  console.log(`Hash: ${scan2.skillHash ?? "N/A"}`);
+  console.log(`Findings: ${scan2.findingsCount}`);
+  console.log(`Duration: ${scan2.scanDurationMs}ms`);
+  if (scan2.cached) {
+    console.log(chalk7.dim("(cached result)"));
+  }
+  console.log();
+  if (scan2.findings.length > 0) {
+    console.log(chalk7.bold("Findings:"));
+    console.log();
+    for (const f of scan2.findings) {
+      const sevColor = SEVERITY_COLORS[f.severity] ?? "white";
+      const location = [f.filePath, f.lineNumber].filter(Boolean).join(":");
+      console.log(
+        `  ${chalk7[sevColor](f.severity)} [${f.layer}] ${f.category}${f.ruleId ? ` (${f.ruleId})` : ""}`
+      );
+      if (location) {
+        console.log(`    ${chalk7.dim(location)}`);
+      }
+      console.log(`    ${f.explanation}`);
+      if (f.evidence) {
+        console.log(
+          `    ${String(chalk7.dim("Evidence: " + f.evidence.slice(0, 120))).replace(/\n|\r/g, "")}`
+        );
+      }
+      console.log();
+    }
+  }
+  if (scan2.summary) {
+    console.log(chalk7.bold("Analysis:"));
+    console.log(`  ${scan2.summary}`);
+    console.log();
+  }
+  if (scan2.verdict === "MALICIOUS" || scan2.verdict === "SUSPICIOUS") {
+    process.exit(2);
+  }
+}
 
 // src/args/validation.ts
-import chalk7 from "chalk";
-import path10 from "path";
+import chalk8 from "chalk";
+import path11 from "path";
 import { z as z30 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
@@ -14913,11 +15101,11 @@ function throwRepoUrlErrorMessage({
 }) {
   const errorMessage = error.issues[error.issues.length - 1]?.message;
   const formattedErrorMessage = `
-Error: ${chalk7.bold(
+Error: ${chalk8.bold(
     repoUrl
   )} is ${errorMessage}
 Example: 
-	mobbdev ${command} -r ${chalk7.bold(
+	mobbdev ${command} -r ${chalk8.bold(
     "https://github.com/WebGoat/WebGoat"
   )}`;
   throw new CliError(formattedErrorMessage);
@@ -14948,12 +15136,12 @@ function validateRepoUrl(args) {
 }
 var supportExtensions = [".json", ".xml", ".fpr", ".sarif", ".zip"];
 function validateReportFileFormat(reportFile) {
-  if (!supportExtensions.includes(path10.extname(reportFile))) {
+  if (!supportExtensions.includes(path11.extname(reportFile))) {
     throw new CliError(
       `
-${chalk7.bold(
+${chalk8.bold(
         reportFile
-      )} is not a supported file extension. Supported extensions are: ${chalk7.bold(
+      )} is not a supported file extension. Supported extensions are: ${chalk8.bold(
         supportExtensions.join(", ")
       )}
 `
@@ -14966,22 +15154,22 @@ function analyzeBuilder(yargs2) {
   return yargs2.option("f", {
     alias: "scan-file",
     type: "string",
-    describe: chalk8.bold(
+    describe: chalk9.bold(
       "Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube, Semgrep, Datadog)"
     )
   }).option("repo", repoOption).option("p", {
     alias: "src-path",
-    describe: chalk8.bold(
+    describe: chalk9.bold(
       "Path to the repository folder with the source code; alternatively, you can specify the Fortify FPR file to extract source code out of it"
     ),
     type: "string"
   }).option("ref", refOption).option("ch", {
     alias: "commit-hash",
-    describe: chalk8.bold("Hash of the commit"),
+    describe: chalk9.bold("Hash of the commit"),
     type: "string"
   }).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("org", organizationIdOptions).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).option("auto-pr", autoPrOption).option("create-one-pr", createOnePrOption).option("commit-directly", commitDirectlyOption).option("pull-request", {
     alias: ["pr", "pr-number", "pr-id"],
-    describe: chalk8.bold("Number of the pull request"),
+    describe: chalk9.bold("Number of the pull request"),
     type: "number",
     demandOption: false
   }).option("polling", pollingOption).example(
@@ -14990,9 +15178,9 @@ function analyzeBuilder(yargs2) {
   ).help();
 }
 function validateAnalyzeOptions(argv) {
-  if (argv.f && !fs11.existsSync(argv.f)) {
+  if (argv.f && !fs12.existsSync(argv.f)) {
     throw new CliError(`
-Can't access ${chalk8.bold(argv.f)}`);
+Can't access ${chalk9.bold(argv.f)}`);
   }
   validateOrganizationId(argv.organizationId);
   if (!argv.srcPath && !argv.repo) {
@@ -15039,8 +15227,8 @@ import { z as z32 } from "zod";
 // src/args/commands/upload_ai_blame.ts
 import fsPromises3 from "fs/promises";
 import * as os3 from "os";
-import path11 from "path";
-import chalk9 from "chalk";
+import path12 from "path";
+import chalk10 from "chalk";
 import { withFile } from "tmp-promise";
 import z31 from "zod";
 init_client_generates();
@@ -15360,33 +15548,33 @@ function uploadAiBlameBuilder(args) {
     type: "string",
     array: true,
     demandOption: true,
-    describe: chalk9.bold("Path(s) to prompt artifact(s) (one per session)")
+    describe: chalk10.bold("Path(s) to prompt artifact(s) (one per session)")
   }).option("inference", {
     type: "string",
     array: true,
     demandOption: true,
-    describe: chalk9.bold(
+    describe: chalk10.bold(
       "Path(s) to inference artifact(s) (one per session)"
     )
   }).option("ai-response-at", {
     type: "string",
     array: true,
-    describe: chalk9.bold(
+    describe: chalk10.bold(
       "ISO timestamp(s) for AI response (one per session, defaults to now)"
     )
   }).option("model", {
     type: "string",
     array: true,
-    describe: chalk9.bold("AI model name(s) (optional, one per session)")
+    describe: chalk10.bold("AI model name(s) (optional, one per session)")
   }).option("tool-name", {
     type: "string",
     array: true,
-    describe: chalk9.bold("Tool/IDE name(s) (optional, one per session)")
+    describe: chalk10.bold("Tool/IDE name(s) (optional, one per session)")
   }).option("blame-type", {
     type: "string",
     array: true,
     choices: Object.values(AiBlameInferenceType),
-    describe: chalk9.bold(
+    describe: chalk10.bold(
       "Blame type(s) (optional, one per session, defaults to CHAT)"
     )
   }).strict();
@@ -15408,7 +15596,7 @@ async function uploadAiBlameHandlerFromExtension(args) {
   await withFile(async (promptFile) => {
     const promptsResult = await sanitizeDataWithCounts(args.prompts);
     promptsCounts = promptsResult.counts;
-    promptsUUID = path11.basename(promptFile.path, path11.extname(promptFile.path));
+    promptsUUID = path12.basename(promptFile.path, path12.extname(promptFile.path));
     await fsPromises3.writeFile(
       promptFile.path,
       JSON.stringify(promptsResult.sanitizedData, null, 2),
@@ -15418,9 +15606,9 @@ async function uploadAiBlameHandlerFromExtension(args) {
     await withFile(async (inferenceFile) => {
       const inferenceResult = await sanitizeDataWithCounts(args.inference);
       inferenceCounts = inferenceResult.counts;
-      inferenceUUID = path11.basename(
+      inferenceUUID = path12.basename(
         inferenceFile.path,
-        path11.extname(inferenceFile.path)
+        path12.extname(inferenceFile.path)
       );
       await fsPromises3.writeFile(
         inferenceFile.path,
@@ -15468,7 +15656,7 @@ async function uploadAiBlameHandler(options) {
   const sessionIds = args.sessionId || args["session-id"] || [];
   if (prompts.length !== inferences.length) {
     const errorMsg = "prompt and inference must have the same number of entries";
-    logger2.error(chalk9.red(errorMsg));
+    logger2.error(chalk10.red(errorMsg));
     if (exitOnError) {
       process.exit(1);
     }
@@ -15488,15 +15676,15 @@ async function uploadAiBlameHandler(options) {
       ]);
     } catch {
       const errorMsg = `File not found for session ${i + 1}`;
-      logger2.error(chalk9.red(errorMsg));
+      logger2.error(chalk10.red(errorMsg));
       if (exitOnError) {
         process.exit(1);
       }
       throw new Error(errorMsg);
     }
     sessions.push({
-      promptFileName: path11.basename(promptPath),
-      inferenceFileName: path11.basename(inferencePath),
+      promptFileName: path12.basename(promptPath),
+      inferenceFileName: path12.basename(inferencePath),
       aiResponseAt: responseTimes[i] || nowIso,
       model: models[i],
       toolName: tools[i],
@@ -15521,7 +15709,7 @@ async function uploadAiBlameHandler(options) {
   const uploadSessions = initRes.uploadAIBlameInferencesInit?.uploadSessions ?? [];
   if (uploadSessions.length !== sessions.length) {
     const errorMsg = "Init failed to return expected number of sessions";
-    logger2.error(chalk9.red(errorMsg));
+    logger2.error(chalk10.red(errorMsg));
     if (exitOnError) {
       process.exit(1);
     }
@@ -15578,7 +15766,7 @@ async function uploadAiBlameHandler(options) {
     if (status !== "OK") {
       const errorMsg = finRes?.finalizeAIBlameInferencesUpload?.error || "unknown error";
       logger2.error(
-        chalk9.red(
+        chalk10.red(
           `[UPLOAD] Finalize failed with status: ${status}, error: ${errorMsg}`
         )
       );
@@ -15587,7 +15775,7 @@ async function uploadAiBlameHandler(options) {
       }
       throw new Error(errorMsg);
     }
-    logger2.info(chalk9.green("[UPLOAD] AI Blame uploads finalized successfully"));
+    logger2.info(chalk10.green("[UPLOAD] AI Blame uploads finalized successfully"));
   } catch (error) {
     logger2.error("[UPLOAD] Finalize threw error:", error);
     throw error;
@@ -15599,6 +15787,8 @@ async function uploadAiBlameCommandHandler(args) {
 
 // src/features/claude_code/data_collector.ts
 init_client_generates();
+init_GitService();
+init_urlParser2();
 
 // src/features/claude_code/transcript_parser.ts
 import fsPromises4 from "fs/promises";
@@ -15845,8 +16035,23 @@ async function collectHookData() {
     tracePayload
   };
 }
+async function getRepositoryUrl2(cwd) {
+  try {
+    const gitService = new GitService(cwd);
+    const isRepo = await gitService.isGitRepository();
+    if (!isRepo) {
+      return null;
+    }
+    const remoteUrl = await gitService.getRemoteUrl();
+    const parsed = parseScmURL(remoteUrl);
+    return parsed?.scmType === "GitHub" /* GitHub */ || parsed?.scmType === "GitLab" /* GitLab */ ? remoteUrl : null;
+  } catch {
+    return null;
+  }
+}
 async function processAndUploadHookData() {
   const result = await collectHookData();
+  const repositoryUrl = await getRepositoryUrl2(result.hookData.cwd);
   let uploadSuccess;
   try {
     await uploadAiBlameHandlerFromExtension({
@@ -15856,7 +16061,8 @@ async function processAndUploadHookData() {
       tool: result.tracePayload.tool,
       responseTime: result.tracePayload.responseTime,
       blameType: "CHAT" /* Chat */,
-      sessionId: result.hookData.session_id
+      sessionId: result.hookData.session_id,
+      repositoryUrl
     });
     uploadSuccess = true;
   } catch (error) {
@@ -15875,9 +16081,9 @@ async function processAndUploadHookData() {
 // src/features/claude_code/install_hook.ts
 import fsPromises5 from "fs/promises";
 import os4 from "os";
-import path12 from "path";
-import chalk10 from "chalk";
-var CLAUDE_SETTINGS_PATH = path12.join(os4.homedir(), ".claude", "settings.json");
+import path13 from "path";
+import chalk11 from "chalk";
+var CLAUDE_SETTINGS_PATH = path13.join(os4.homedir(), ".claude", "settings.json");
 async function claudeSettingsExists() {
   try {
     await fsPromises5.access(CLAUDE_SETTINGS_PATH);
@@ -15901,12 +16107,12 @@ async function writeClaudeSettings(settings) {
   );
 }
 async function installMobbHooks(options = {}) {
-  console.log(chalk10.blue("Installing Mobb hooks in Claude Code settings..."));
+  console.log(chalk11.blue("Installing Mobb hooks in Claude Code settings..."));
   if (!await claudeSettingsExists()) {
-    console.log(chalk10.red("\u274C Claude Code settings file not found"));
-    console.log(chalk10.yellow(`Expected location: ${CLAUDE_SETTINGS_PATH}`));
-    console.log(chalk10.yellow("Is Claude Code installed on your system?"));
-    console.log(chalk10.yellow("Please install Claude Code and try again."));
+    console.log(chalk11.red("\u274C Claude Code settings file not found"));
+    console.log(chalk11.yellow(`Expected location: ${CLAUDE_SETTINGS_PATH}`));
+    console.log(chalk11.yellow("Is Claude Code installed on your system?"));
+    console.log(chalk11.yellow("Please install Claude Code and try again."));
     throw new Error(
       "Claude Code settings file not found. Is Claude Code installed?"
     );
@@ -15930,7 +16136,7 @@ async function installMobbHooks(options = {}) {
     if (envVars.length > 0) {
       command = `${envVars.join(" ")} ${command}`;
       console.log(
-        chalk10.blue(
+        chalk11.blue(
           `Adding environment variables to hook command: ${envVars.join(", ")}`
         )
       );
@@ -15951,15 +16157,15 @@ async function installMobbHooks(options = {}) {
     )
   );
   if (existingHookIndex >= 0) {
-    console.log(chalk10.yellow("Mobb hook already exists, updating..."));
+    console.log(chalk11.yellow("Mobb hook already exists, updating..."));
     settings.hooks.PostToolUse[existingHookIndex] = mobbHookConfig;
   } else {
-    console.log(chalk10.green("Adding new Mobb hook..."));
+    console.log(chalk11.green("Adding new Mobb hook..."));
     settings.hooks.PostToolUse.push(mobbHookConfig);
   }
   await writeClaudeSettings(settings);
   console.log(
-    chalk10.green(
+    chalk11.green(
       `\u2705 Mobb hooks ${options.saveEnv ? "and environment variables " : ""}installed successfully in ${CLAUDE_SETTINGS_PATH}`
     )
   );
@@ -16062,8 +16268,8 @@ var WorkspaceService = class {
    * Sets a known workspace path that was discovered through successful validation
    * @param path The validated workspace path to store
    */
-  static setKnownWorkspacePath(path25) {
-    this.knownWorkspacePath = path25;
+  static setKnownWorkspacePath(path26) {
+    this.knownWorkspacePath = path26;
   }
   /**
    * Gets the known workspace path that was previously validated
@@ -17093,9 +17299,9 @@ async function createAuthenticatedMcpGQLClient({
 
 // src/mcp/services/McpUsageService/host.ts
 import { execSync as execSync2 } from "child_process";
-import fs12 from "fs";
+import fs13 from "fs";
 import os6 from "os";
-import path13 from "path";
+import path14 from "path";
 var IDEs = ["cursor", "windsurf", "webstorm", "vscode", "claude"];
 var runCommand = (cmd) => {
   try {
@@ -17110,17 +17316,17 @@ var gitInfo = {
 };
 var getClaudeWorkspacePaths = () => {
   const home = os6.homedir();
-  const claudeIdePath = path13.join(home, ".claude", "ide");
+  const claudeIdePath = path14.join(home, ".claude", "ide");
   const workspacePaths = [];
-  if (!fs12.existsSync(claudeIdePath)) {
+  if (!fs13.existsSync(claudeIdePath)) {
     return workspacePaths;
   }
   try {
-    const lockFiles = fs12.readdirSync(claudeIdePath).filter((file) => file.endsWith(".lock"));
+    const lockFiles = fs13.readdirSync(claudeIdePath).filter((file) => file.endsWith(".lock"));
     for (const lockFile of lockFiles) {
-      const lockFilePath = path13.join(claudeIdePath, lockFile);
+      const lockFilePath = path14.join(claudeIdePath, lockFile);
       try {
-        const lockContent = JSON.parse(fs12.readFileSync(lockFilePath, "utf8"));
+        const lockContent = JSON.parse(fs13.readFileSync(lockFilePath, "utf8"));
         if (lockContent.workspaceFolders && Array.isArray(lockContent.workspaceFolders)) {
           workspacePaths.push(...lockContent.workspaceFolders);
         }
@@ -17143,24 +17349,24 @@ var getMCPConfigPaths = (hostName) => {
   switch (hostName.toLowerCase()) {
     case "cursor":
       return [
-        path13.join(currentDir, ".cursor", "mcp.json"),
+        path14.join(currentDir, ".cursor", "mcp.json"),
         // local first
-        path13.join(home, ".cursor", "mcp.json")
+        path14.join(home, ".cursor", "mcp.json")
       ];
     case "windsurf":
       return [
-        path13.join(currentDir, ".codeium", "mcp_config.json"),
+        path14.join(currentDir, ".codeium", "mcp_config.json"),
         // local first
-        path13.join(home, ".codeium", "windsurf", "mcp_config.json")
+        path14.join(home, ".codeium", "windsurf", "mcp_config.json")
       ];
     case "webstorm":
       return [];
     case "visualstudiocode":
     case "vscode":
       return [
-        path13.join(currentDir, ".vscode", "mcp.json"),
+        path14.join(currentDir, ".vscode", "mcp.json"),
         // local first
-        process.platform === "win32" ? path13.join(home, "AppData", "Roaming", "Code", "User", "mcp.json") : path13.join(
+        process.platform === "win32" ? path14.join(home, "AppData", "Roaming", "Code", "User", "mcp.json") : path14.join(
           home,
           "Library",
           "Application Support",
@@ -17171,13 +17377,13 @@ var getMCPConfigPaths = (hostName) => {
       ];
     case "claude": {
       const claudePaths = [
-        path13.join(currentDir, ".claude.json"),
+        path14.join(currentDir, ".claude.json"),
         // local first
-        path13.join(home, ".claude.json")
+        path14.join(home, ".claude.json")
       ];
       const workspacePaths = getClaudeWorkspacePaths();
       for (const workspacePath of workspacePaths) {
-        claudePaths.push(path13.join(workspacePath, ".mcp.json"));
+        claudePaths.push(path14.join(workspacePath, ".mcp.json"));
       }
       return claudePaths;
     }
@@ -17186,9 +17392,9 @@ var getMCPConfigPaths = (hostName) => {
   }
 };
 var readConfigFile = (filePath) => {
-  if (!fs12.existsSync(filePath)) return null;
+  if (!fs13.existsSync(filePath)) return null;
   try {
-    return JSON.parse(fs12.readFileSync(filePath, "utf8"));
+    return JSON.parse(fs13.readFileSync(filePath, "utf8"));
   } catch (error) {
     logWarn(`[UsageService] Failed to read MCP config: ${filePath}`);
     return null;
@@ -17338,10 +17544,10 @@ var getHostInfo = (additionalMcpList) => {
   const ideConfigPaths = /* @__PURE__ */ new Set();
   for (const ide of IDEs) {
     const configPaths = getMCPConfigPaths(ide);
-    configPaths.forEach((path25) => ideConfigPaths.add(path25));
+    configPaths.forEach((path26) => ideConfigPaths.add(path26));
   }
   const uniqueAdditionalPaths = additionalMcpList.filter(
-    (path25) => !ideConfigPaths.has(path25)
+    (path26) => !ideConfigPaths.has(path26)
   );
   for (const ide of IDEs) {
     const cfg = readMCPConfig(ide);
@@ -17461,9 +17667,9 @@ init_configs();
 
 // src/mcp/services/McpUsageService/system.ts
 init_configs();
-import fs13 from "fs";
+import fs14 from "fs";
 import os7 from "os";
-import path14 from "path";
+import path15 from "path";
 var MAX_DEPTH = 2;
 var patterns = ["mcp", "claude"];
 var isFileMatch = (fileName) => {
@@ -17472,7 +17678,7 @@ var isFileMatch = (fileName) => {
 };
 var safeAccess = async (filePath) => {
   try {
-    await fs13.promises.access(filePath, fs13.constants.R_OK);
+    await fs14.promises.access(filePath, fs14.constants.R_OK);
     return true;
   } catch {
     return false;
@@ -17481,9 +17687,9 @@ var safeAccess = async (filePath) => {
 var searchDir = async (dir, depth = 0) => {
   const results = [];
   if (depth > MAX_DEPTH) return results;
-  const entries = await fs13.promises.readdir(dir, { withFileTypes: true }).catch(() => []);
+  const entries = await fs14.promises.readdir(dir, { withFileTypes: true }).catch(() => []);
   for (const entry of entries) {
-    const fullPath = path14.join(dir, entry.name);
+    const fullPath = path15.join(dir, entry.name);
     if (entry.isFile() && isFileMatch(entry.name)) {
       results.push(fullPath);
     } else if (entry.isDirectory()) {
@@ -17500,14 +17706,14 @@ var findSystemMCPConfigs = async () => {
     const home = os7.homedir();
     const platform2 = os7.platform();
     const knownDirs = platform2 === "win32" ? [
-      path14.join(home, ".cursor"),
-      path14.join(home, "Documents"),
-      path14.join(home, "Downloads")
+      path15.join(home, ".cursor"),
+      path15.join(home, "Documents"),
+      path15.join(home, "Downloads")
     ] : [
-      path14.join(home, ".cursor"),
-      process.env["XDG_CONFIG_HOME"] || path14.join(home, ".config"),
-      path14.join(home, "Documents"),
-      path14.join(home, "Downloads")
+      path15.join(home, ".cursor"),
+      process.env["XDG_CONFIG_HOME"] || path15.join(home, ".config"),
+      path15.join(home, "Documents"),
+      path15.join(home, "Downloads")
     ];
     const timeoutPromise = new Promise(
       (resolve) => setTimeout(() => {
@@ -17519,7 +17725,7 @@ var findSystemMCPConfigs = async () => {
     );
     const searchPromise = Promise.all(
       knownDirs.map(
-        (dir) => fs13.existsSync(dir) ? searchDir(dir) : Promise.resolve([])
+        (dir) => fs14.existsSync(dir) ? searchDir(dir) : Promise.resolve([])
       )
     ).then((results) => results.flat());
     return await Promise.race([timeoutPromise, searchPromise]);
@@ -19921,31 +20127,31 @@ For a complete security audit workflow, use the \`full-security-audit\` prompt.
 };
 
 // src/mcp/services/McpDetectionService/CursorMcpDetectionService.ts
-import * as fs16 from "fs";
+import * as fs17 from "fs";
 import * as os10 from "os";
-import * as path16 from "path";
+import * as path17 from "path";
 
 // src/mcp/services/McpDetectionService/BaseMcpDetectionService.ts
 init_configs();
-import * as fs15 from "fs";
+import * as fs16 from "fs";
 import fetch6 from "node-fetch";
-import * as path15 from "path";
+import * as path16 from "path";
 
 // src/mcp/services/McpDetectionService/McpDetectionServiceUtils.ts
-import * as fs14 from "fs";
+import * as fs15 from "fs";
 import * as os9 from "os";
 
 // src/mcp/services/McpDetectionService/VscodeMcpDetectionService.ts
-import * as fs17 from "fs";
+import * as fs18 from "fs";
 import * as os11 from "os";
-import * as path17 from "path";
+import * as path18 from "path";
 
 // src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
 import { z as z42 } from "zod";
 
 // src/mcp/services/PathValidation.ts
-import fs18 from "fs";
-import path18 from "path";
+import fs19 from "fs";
+import path19 from "path";
 async function validatePath(inputPath) {
   logDebug("Validating MCP path", { inputPath });
   if (/^\/[a-zA-Z]:\//.test(inputPath)) {
@@ -19977,7 +20183,7 @@ async function validatePath(inputPath) {
     logError(error);
     return { isValid: false, error, path: inputPath };
   }
-  const normalizedPath = path18.normalize(inputPath);
+  const normalizedPath = path19.normalize(inputPath);
   if (normalizedPath.includes("..")) {
     const error = `Normalized path contains path traversal patterns: ${inputPath}`;
     logError(error);
@@ -20004,7 +20210,7 @@ async function validatePath(inputPath) {
   logDebug("Path validation successful", { inputPath });
   logDebug("Checking path existence", { inputPath });
   try {
-    await fs18.promises.access(inputPath);
+    await fs19.promises.access(inputPath);
     logDebug("Path exists and is accessible", { inputPath });
     WorkspaceService.setKnownWorkspacePath(inputPath);
     logDebug("Stored validated path in WorkspaceService", { inputPath });
@@ -20632,10 +20838,10 @@ If you wish to scan files that were recently changed in your git history call th
 init_FileUtils();
 init_GitService();
 init_configs();
-import fs19 from "fs/promises";
+import fs20 from "fs/promises";
 import nodePath from "path";
 var getLocalFiles = async ({
-  path: path25,
+  path: path26,
   maxFileSize = MCP_MAX_FILE_SIZE,
   maxFiles,
   isAllFilesScan,
@@ -20643,17 +20849,17 @@ var getLocalFiles = async ({
   scanRecentlyChangedFiles
 }) => {
   logDebug(`[${scanContext}] Starting getLocalFiles`, {
-    path: path25,
+    path: path26,
     maxFileSize,
     maxFiles,
     isAllFilesScan,
     scanRecentlyChangedFiles
   });
   try {
-    const resolvedRepoPath = await fs19.realpath(path25);
+    const resolvedRepoPath = await fs20.realpath(path26);
     logDebug(`[${scanContext}] Resolved repository path`, {
       resolvedRepoPath,
-      originalPath: path25
+      originalPath: path26
     });
     const gitService = new GitService(resolvedRepoPath, log);
     const gitValidation = await gitService.validateRepository();
@@ -20666,7 +20872,7 @@ var getLocalFiles = async ({
     if (!gitValidation.isValid || isAllFilesScan) {
       try {
         files = await FileUtils.getLastChangedFiles({
-          dir: path25,
+          dir: path26,
           maxFileSize,
           maxFiles,
           isAllFilesScan
@@ -20730,7 +20936,7 @@ var getLocalFiles = async ({
           absoluteFilePath
         );
         try {
-          const fileStat = await fs19.stat(absoluteFilePath);
+          const fileStat = await fs20.stat(absoluteFilePath);
           return {
             filename: nodePath.basename(absoluteFilePath),
             relativePath,
@@ -20758,7 +20964,7 @@ var getLocalFiles = async ({
     logError(`${scanContext}Unexpected error in getLocalFiles`, {
       error: error instanceof Error ? error.message : String(error),
       stack: error instanceof Error ? error.stack : void 0,
-      path: path25
+      path: path26
     });
     throw error;
   }
@@ -20767,8 +20973,8 @@ var getLocalFiles = async ({
 // src/mcp/services/LocalMobbFolderService.ts
 init_client_generates();
 init_GitService();
-import fs20 from "fs";
-import path19 from "path";
+import fs21 from "fs";
+import path20 from "path";
 import { z as z41 } from "zod";
 function extractPathFromPatch(patch) {
   const match = patch?.match(/diff --git a\/([^\s]+) b\//);
@@ -20854,19 +21060,19 @@ var LocalMobbFolderService = class {
           "[LocalMobbFolderService] Non-git repository detected, skipping .gitignore operations"
         );
       }
-      const mobbFolderPath = path19.join(
+      const mobbFolderPath = path20.join(
         this.repoPath,
         this.defaultMobbFolderName
       );
-      if (!fs20.existsSync(mobbFolderPath)) {
+      if (!fs21.existsSync(mobbFolderPath)) {
         logInfo("[LocalMobbFolderService] Creating .mobb folder", {
           mobbFolderPath
         });
-        fs20.mkdirSync(mobbFolderPath, { recursive: true });
+        fs21.mkdirSync(mobbFolderPath, { recursive: true });
       } else {
         logDebug("[LocalMobbFolderService] .mobb folder already exists");
       }
-      const stats = fs20.statSync(mobbFolderPath);
+      const stats = fs21.statSync(mobbFolderPath);
       if (!stats.isDirectory()) {
         throw new Error(`Path exists but is not a directory: ${mobbFolderPath}`);
       }
@@ -20907,13 +21113,13 @@ var LocalMobbFolderService = class {
       logDebug("[LocalMobbFolderService] Git repository validated successfully");
     } else {
       try {
-        const stats = fs20.statSync(this.repoPath);
+        const stats = fs21.statSync(this.repoPath);
         if (!stats.isDirectory()) {
           throw new Error(
             `Path exists but is not a directory: ${this.repoPath}`
           );
         }
-        fs20.accessSync(this.repoPath, fs20.constants.R_OK | fs20.constants.W_OK);
+        fs21.accessSync(this.repoPath, fs21.constants.R_OK | fs21.constants.W_OK);
         logDebug(
           "[LocalMobbFolderService] Non-git directory validated successfully"
         );
@@ -21026,8 +21232,8 @@ var LocalMobbFolderService = class {
         mobbFolderPath,
         baseFileName
       );
-      const filePath = path19.join(mobbFolderPath, uniqueFileName);
-      await fs20.promises.writeFile(filePath, patch, "utf8");
+      const filePath = path20.join(mobbFolderPath, uniqueFileName);
+      await fs21.promises.writeFile(filePath, patch, "utf8");
       logInfo("[LocalMobbFolderService] Patch saved successfully", {
         filePath,
         fileName: uniqueFileName,
@@ -21084,11 +21290,11 @@ var LocalMobbFolderService = class {
    * @returns Unique filename that doesn't conflict with existing files
    */
   getUniqueFileName(folderPath, baseFileName) {
-    const baseName = path19.parse(baseFileName).name;
-    const extension = path19.parse(baseFileName).ext;
+    const baseName = path20.parse(baseFileName).name;
+    const extension = path20.parse(baseFileName).ext;
     let uniqueFileName = baseFileName;
     let index = 1;
-    while (fs20.existsSync(path19.join(folderPath, uniqueFileName))) {
+    while (fs21.existsSync(path20.join(folderPath, uniqueFileName))) {
       uniqueFileName = `${baseName}-${index}${extension}`;
       index++;
       if (index > 1e3) {
@@ -21119,18 +21325,18 @@ var LocalMobbFolderService = class {
     logDebug("[LocalMobbFolderService] Logging patch info", { fixId: fix.id });
     try {
       const mobbFolderPath = await this.getFolder();
-      const patchInfoPath = path19.join(mobbFolderPath, "patchInfo.md");
+      const patchInfoPath = path20.join(mobbFolderPath, "patchInfo.md");
       const markdownContent = this.generateFixMarkdown(fix, savedPatchFileName);
       let existingContent = "";
-      if (fs20.existsSync(patchInfoPath)) {
-        existingContent = await fs20.promises.readFile(patchInfoPath, "utf8");
+      if (fs21.existsSync(patchInfoPath)) {
+        existingContent = await fs21.promises.readFile(patchInfoPath, "utf8");
         logDebug("[LocalMobbFolderService] Existing patchInfo.md found");
       } else {
         logDebug("[LocalMobbFolderService] Creating new patchInfo.md file");
       }
       const separator = existingContent ? "\n\n================================================================================\n\n" : "";
       const updatedContent = `${markdownContent}${separator}${existingContent}`;
-      await fs20.promises.writeFile(patchInfoPath, updatedContent, "utf8");
+      await fs21.promises.writeFile(patchInfoPath, updatedContent, "utf8");
       logInfo("[LocalMobbFolderService] Patch info logged successfully", {
         patchInfoPath,
         fixId: fix.id,
@@ -21161,7 +21367,7 @@ var LocalMobbFolderService = class {
     const timestamp = (/* @__PURE__ */ new Date()).toISOString();
     const patch = this.extractPatchFromFix(fix);
     const relativePatchedFilePath = patch ? extractPathFromPatch(patch) : null;
-    const patchedFilePath = relativePatchedFilePath ? path19.resolve(this.repoPath, relativePatchedFilePath) : null;
+    const patchedFilePath = relativePatchedFilePath ? path20.resolve(this.repoPath, relativePatchedFilePath) : null;
     const fixIdentifier = savedPatchFileName ? savedPatchFileName.replace(".patch", "") : fix.id;
     let markdown = `# Fix ${fixIdentifier}
 
@@ -21503,16 +21709,16 @@ import {
   unlinkSync,
   writeFileSync
 } from "fs";
-import fs21 from "fs/promises";
+import fs22 from "fs/promises";
 import parseDiff3 from "parse-diff";
-import path20 from "path";
+import path21 from "path";
 var PatchApplicationService = class {
   /**
    * Gets the appropriate comment syntax for a file based on its extension
    */
   static getCommentSyntax(filePath) {
-    const ext = path20.extname(filePath).toLowerCase();
-    const basename2 = path20.basename(filePath);
+    const ext = path21.extname(filePath).toLowerCase();
+    const basename2 = path21.basename(filePath);
     const commentMap = {
       // C-style languages (single line comments)
       ".js": "//",
@@ -21720,7 +21926,7 @@ var PatchApplicationService = class {
         }
       );
     }
-    const dirPath = path20.dirname(normalizedFilePath);
+    const dirPath = path21.dirname(normalizedFilePath);
     mkdirSync(dirPath, { recursive: true });
     writeFileSync(normalizedFilePath, finalContent, "utf8");
     return normalizedFilePath;
@@ -21729,9 +21935,9 @@ var PatchApplicationService = class {
     repositoryPath,
     targetPath
   }) {
-    const repoRoot = path20.resolve(repositoryPath);
-    const normalizedPath = path20.resolve(repoRoot, targetPath);
-    const repoRootWithSep = repoRoot.endsWith(path20.sep) ? repoRoot : `${repoRoot}${path20.sep}`;
+    const repoRoot = path21.resolve(repositoryPath);
+    const normalizedPath = path21.resolve(repoRoot, targetPath);
+    const repoRootWithSep = repoRoot.endsWith(path21.sep) ? repoRoot : `${repoRoot}${path21.sep}`;
     if (normalizedPath !== repoRoot && !normalizedPath.startsWith(repoRootWithSep)) {
       throw new Error(
         `Security violation: target path ${targetPath} resolves outside repository`
@@ -21740,7 +21946,7 @@ var PatchApplicationService = class {
     return {
       repoRoot,
       normalizedPath,
-      relativePath: path20.relative(repoRoot, normalizedPath)
+      relativePath: path21.relative(repoRoot, normalizedPath)
     };
   }
   /**
@@ -22022,9 +22228,9 @@ var PatchApplicationService = class {
         continue;
       }
       try {
-        const absolutePath = path20.resolve(repositoryPath, targetFile);
+        const absolutePath = path21.resolve(repositoryPath, targetFile);
         if (existsSync6(absolutePath)) {
-          const stats = await fs21.stat(absolutePath);
+          const stats = await fs22.stat(absolutePath);
           const fileModTime = stats.mtime.getTime();
           if (fileModTime > scanStartTime) {
             logError(
@@ -22065,7 +22271,7 @@ var PatchApplicationService = class {
     const appliedFixes = [];
     const failedFixes = [];
     const skippedFixes = [];
-    const resolvedRepoPath = await fs21.realpath(repositoryPath);
+    const resolvedRepoPath = await fs22.realpath(repositoryPath);
     logInfo(
       `[${scanContext}] Starting patch application for ${fixes.length} fixes`,
       {
@@ -22248,7 +22454,7 @@ var PatchApplicationService = class {
       fix,
       scanContext
     });
-    appliedFiles.push(path20.relative(repositoryPath, actualPath));
+    appliedFiles.push(path21.relative(repositoryPath, actualPath));
     logDebug(`[${scanContext}] Created new file: ${relativePath}`);
   }
   /**
@@ -22297,7 +22503,7 @@ var PatchApplicationService = class {
         fix,
         scanContext
       });
-      appliedFiles.push(path20.relative(repositoryPath, actualPath));
+      appliedFiles.push(path21.relative(repositoryPath, actualPath));
       logDebug(`[${scanContext}] Modified file: ${relativePath}`);
     }
   }
@@ -22493,9 +22699,9 @@ init_configs();
 
 // src/mcp/services/FileOperations.ts
 init_FileUtils();
-import fs22 from "fs";
-import path21 from "path";
-import AdmZip2 from "adm-zip";
+import fs23 from "fs";
+import path22 from "path";
+import AdmZip3 from "adm-zip";
 var FileOperations = class {
   /**
    * Creates a ZIP archive containing the specified source files
@@ -22510,14 +22716,14 @@ var FileOperations = class {
     maxFileSize
   }) {
     logDebug("[FileOperations] Packing files");
-    const zip = new AdmZip2();
+    const zip = new AdmZip3();
     let packedFilesCount = 0;
     const packedFiles = [];
     const excludedFiles = [];
-    const resolvedRepoPath = path21.resolve(repositoryPath);
+    const resolvedRepoPath = path22.resolve(repositoryPath);
     for (const filepath of fileList) {
-      const absoluteFilepath = path21.join(repositoryPath, filepath);
-      const resolvedFilePath = path21.resolve(absoluteFilepath);
+      const absoluteFilepath = path22.join(repositoryPath, filepath);
+      const resolvedFilePath = path22.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         const reason = "potential path traversal security risk";
         logDebug(`[FileOperations] Skipping ${filepath} due to ${reason}`);
@@ -22564,11 +22770,11 @@ var FileOperations = class {
     fileList,
     repositoryPath
   }) {
-    const resolvedRepoPath = path21.resolve(repositoryPath);
+    const resolvedRepoPath = path22.resolve(repositoryPath);
     const validatedPaths = [];
     for (const filepath of fileList) {
-      const absoluteFilepath = path21.join(repositoryPath, filepath);
-      const resolvedFilePath = path21.resolve(absoluteFilepath);
+      const absoluteFilepath = path22.join(repositoryPath, filepath);
+      const resolvedFilePath = path22.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         logDebug(
           `[FileOperations] Rejecting ${filepath} - path traversal attempt detected`
@@ -22576,7 +22782,7 @@ var FileOperations = class {
         continue;
       }
       try {
-        await fs22.promises.access(absoluteFilepath, fs22.constants.R_OK);
+        await fs23.promises.access(absoluteFilepath, fs23.constants.R_OK);
         validatedPaths.push(filepath);
       } catch (error) {
         logDebug(
@@ -22595,8 +22801,8 @@ var FileOperations = class {
     const fileDataArray = [];
     for (const absolutePath of filePaths) {
       try {
-        const content = await fs22.promises.readFile(absolutePath);
-        const relativePath = path21.basename(absolutePath);
+        const content = await fs23.promises.readFile(absolutePath);
+        const relativePath = path22.basename(absolutePath);
         fileDataArray.push({
           relativePath,
           absolutePath,
@@ -22621,7 +22827,7 @@ var FileOperations = class {
     relativeFilepath
   }) {
     try {
-      return await fs22.promises.readFile(absoluteFilepath);
+      return await fs23.promises.readFile(absoluteFilepath);
     } catch (fsError) {
       logError(
         `[FileOperations] Failed to read ${relativeFilepath} from filesystem: ${fsError}`
@@ -22908,14 +23114,14 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
    * since the last scan.
    */
   async scanForSecurityVulnerabilities({
-    path: path25,
+    path: path26,
     isAllDetectionRulesScan,
     isAllFilesScan,
     scanContext
   }) {
     this.hasAuthenticationFailed = false;
     logDebug(`[${scanContext}] Scanning for new security vulnerabilities`, {
-      path: path25
+      path: path26
     });
     if (!this.gqlClient) {
       logInfo(`[${scanContext}] No GQL client found, skipping scan`);
@@ -22931,11 +23137,11 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       logDebug(
         `[${scanContext}] Connected to the API, assembling list of files to scan`,
-        { path: path25 }
+        { path: path26 }
       );
       const isBackgroundScan = scanContext === ScanContext.BACKGROUND_INITIAL || scanContext === ScanContext.BACKGROUND_PERIODIC;
       const files = await getLocalFiles({
-        path: path25,
+        path: path26,
         isAllFilesScan,
         scanContext,
         scanRecentlyChangedFiles: !isBackgroundScan
@@ -22961,13 +23167,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
       const { fixReportId, projectId } = await scanFiles({
         fileList: filesToScan.map((file) => file.relativePath),
-        repositoryPath: path25,
+        repositoryPath: path26,
         gqlClient: this.gqlClient,
         isAllDetectionRulesScan,
         scanContext
       });
       logInfo(
-        `[${scanContext}] Security scan completed for ${path25} reportId: ${fixReportId} projectId: ${projectId}`
+        `[${scanContext}] Security scan completed for ${path26} reportId: ${fixReportId} projectId: ${projectId}`
       );
       if (isAllFilesScan) {
         return;
@@ -23261,13 +23467,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     });
     return scannedFiles.some((file) => file.relativePath === fixFile);
   }
-  async getFreshFixes({ path: path25 }) {
+  async getFreshFixes({ path: path26 }) {
     const scanContext = ScanContext.USER_REQUEST;
-    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path25 });
-    if (this.path !== path25) {
-      this.path = path25;
+    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path26 });
+    if (this.path !== path26) {
+      this.path = path26;
       this.reset();
-      logInfo(`[${scanContext}] Reset service state for new path`, { path: path25 });
+      logInfo(`[${scanContext}] Reset service state for new path`, { path: path26 });
     }
     try {
       const loginContext = createMcpLoginContext("check_new_fixes");
@@ -23286,7 +23492,7 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       throw error;
     }
-    this.triggerScan({ path: path25, gqlClient: this.gqlClient });
+    this.triggerScan({ path: path26, gqlClient: this.gqlClient });
     let isMvsAutoFixEnabled = null;
     try {
       isMvsAutoFixEnabled = await this.gqlClient.getMvsAutoFixSettings();
@@ -23320,33 +23526,33 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     return noFreshFixesPrompt;
   }
   triggerScan({
-    path: path25,
+    path: path26,
     gqlClient
   }) {
-    if (this.path !== path25) {
-      this.path = path25;
+    if (this.path !== path26) {
+      this.path = path26;
       this.reset();
-      logInfo(`Reset service state for new path in triggerScan`, { path: path25 });
+      logInfo(`Reset service state for new path in triggerScan`, { path: path26 });
     }
     this.gqlClient = gqlClient;
     if (!this.intervalId) {
-      this.startPeriodicScanning(path25);
-      this.executeInitialScan(path25);
-      void this.executeInitialFullScan(path25);
+      this.startPeriodicScanning(path26);
+      this.executeInitialScan(path26);
+      void this.executeInitialFullScan(path26);
     }
   }
-  startPeriodicScanning(path25) {
+  startPeriodicScanning(path26) {
     const scanContext = ScanContext.BACKGROUND_PERIODIC;
     logDebug(
       `[${scanContext}] Starting periodic scan for new security vulnerabilities`,
       {
-        path: path25
+        path: path26
       }
     );
     this.intervalId = setInterval(() => {
-      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path25 });
+      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path26 });
       this.scanForSecurityVulnerabilities({
-        path: path25,
+        path: path26,
         scanContext
       }).catch((error) => {
         logError(`[${scanContext}] Error during periodic security scan`, {
@@ -23355,45 +23561,45 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
     }, MCP_PERIODIC_CHECK_INTERVAL);
   }
-  async executeInitialFullScan(path25) {
+  async executeInitialFullScan(path26) {
     const scanContext = ScanContext.FULL_SCAN;
-    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path25 });
+    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path26 });
     logDebug(`[${scanContext}] Full scan paths scanned`, {
       fullScanPathsScanned: this.fullScanPathsScanned
     });
-    if (this.fullScanPathsScanned.includes(path25)) {
+    if (this.fullScanPathsScanned.includes(path26)) {
       logDebug(`[${scanContext}] Full scan already executed for this path`, {
-        path: path25
+        path: path26
       });
       return;
     }
     configStore.set("fullScanPathsScanned", [
       ...this.fullScanPathsScanned,
-      path25
+      path26
     ]);
     try {
       await this.scanForSecurityVulnerabilities({
-        path: path25,
+        path: path26,
         isAllFilesScan: true,
         isAllDetectionRulesScan: true,
         scanContext: ScanContext.FULL_SCAN
       });
-      if (!this.fullScanPathsScanned.includes(path25)) {
-        this.fullScanPathsScanned.push(path25);
+      if (!this.fullScanPathsScanned.includes(path26)) {
+        this.fullScanPathsScanned.push(path26);
         configStore.set("fullScanPathsScanned", this.fullScanPathsScanned);
       }
-      logInfo(`[${scanContext}] Full scan completed`, { path: path25 });
+      logInfo(`[${scanContext}] Full scan completed`, { path: path26 });
     } catch (error) {
       logError(`[${scanContext}] Error during initial full security scan`, {
         error
       });
     }
   }
-  executeInitialScan(path25) {
+  executeInitialScan(path26) {
     const scanContext = ScanContext.BACKGROUND_INITIAL;
-    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path25 });
+    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path26 });
     this.scanForSecurityVulnerabilities({
-      path: path25,
+      path: path26,
       scanContext: ScanContext.BACKGROUND_INITIAL
     }).catch((error) => {
       logError(`[${scanContext}] Error during initial security scan`, { error });
@@ -23490,9 +23696,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path25 = pathValidationResult.path;
+    const path26 = pathValidationResult.path;
     const resultText = await this.newFixesService.getFreshFixes({
-      path: path25
+      path: path26
     });
     logInfo("CheckForNewAvailableFixesTool execution completed", {
       resultText
@@ -23670,8 +23876,8 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path25 = pathValidationResult.path;
-    const gitService = new GitService(path25, log);
+    const path26 = pathValidationResult.path;
+    const gitService = new GitService(path26, log);
     const gitValidation = await gitService.validateRepository();
     if (!gitValidation.isValid) {
       throw new Error(`Invalid git repository: ${gitValidation.error}`);
@@ -24056,9 +24262,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path25 = pathValidationResult.path;
+    const path26 = pathValidationResult.path;
     const files = await getLocalFiles({
-      path: path25,
+      path: path26,
       maxFileSize: MCP_MAX_FILE_SIZE,
       maxFiles: args.maxFiles,
       scanContext: ScanContext.USER_REQUEST,
@@ -24078,7 +24284,7 @@ Example payload:
     try {
       const fixResult = await this.vulnerabilityFixService.processVulnerabilities({
         fileList: files.map((file) => file.relativePath),
-        repositoryPath: path25,
+        repositoryPath: path26,
         offset: args.offset,
         limit: args.limit,
         isRescan: args.rescan || !!args.maxFiles
@@ -24182,33 +24388,33 @@ var mcpHandler = async (_args) => {
 };
 
 // src/args/commands/review.ts
-import fs23 from "fs";
-import chalk11 from "chalk";
+import fs24 from "fs";
+import chalk12 from "chalk";
 function reviewBuilder(yargs2) {
   return yargs2.option("f", {
     alias: "scan-file",
     demandOption: true,
     type: "string",
-    describe: chalk11.bold(
+    describe: chalk12.bold(
       "Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube, Semgrep)"
     )
   }).option("repo", { ...repoOption, demandOption: true }).option("scanner", { ...scannerOptions, demandOption: true }).option("ref", { ...refOption, demandOption: true }).option("ch", {
     alias: "commit-hash",
-    describe: chalk11.bold("Hash of the commit"),
+    describe: chalk12.bold("Hash of the commit"),
     type: "string",
     demandOption: true
   }).option("mobb-project-name", mobbProjectNameOption).option("api-key", { ...apiKeyOption, demandOption: true }).option("commit-hash", { ...commitHashOption, demandOption: true }).option("github-token", {
-    describe: chalk11.bold("Github action token"),
+    describe: chalk12.bold("Github action token"),
     type: "string",
     demandOption: true
   }).option("pull-request", {
     alias: ["pr", "pr-number", "pr-id"],
-    describe: chalk11.bold("Number of the pull request"),
+    describe: chalk12.bold("Number of the pull request"),
     type: "number",
     demandOption: true
   }).option("p", {
     alias: "src-path",
-    describe: chalk11.bold(
+    describe: chalk12.bold(
       "Path to the repository folder with the source code"
     ),
     type: "string",
@@ -24219,9 +24425,9 @@ function reviewBuilder(yargs2) {
   ).help();
 }
 function validateReviewOptions(argv) {
-  if (!fs23.existsSync(argv.f)) {
+  if (!fs24.existsSync(argv.f)) {
     throw new CliError(`
-Can't access ${chalk11.bold(argv.f)}`);
+Can't access ${chalk12.bold(argv.f)}`);
   }
   validateRepoUrl(argv);
   validateReportFileFormat(argv.f);
@@ -24256,6 +24462,27 @@ async function scanHandler(args) {
   await scan(args, { skipPrompts: args.yes });
 }
 
+// src/args/commands/scan_skill.ts
+import chalk13 from "chalk";
+function scanSkillBuilder(args) {
+  return args.option("url", {
+    demandOption: true,
+    type: "string",
+    describe: chalk13.bold(
+      "URL or local directory of the skill to scan (GitHub repo, ZIP archive, raw SKILL.md, or folder containing SKILL.md)"
+    )
+  }).option("api-key", apiKeyOption).option("ci", ciOption).example(
+    "npx mobbdev@latest scan-skill --url https://github.com/user/my-skill",
+    "Scan an OpenClaw/ClawHub skill for security threats"
+  ).example(
+    "npx mobbdev@latest scan-skill --url ./my-skill-folder",
+    "Scan a local skill directory that contains SKILL.md"
+  ).help();
+}
+async function scanSkillHandler(args) {
+  await scanSkill(args);
+}
+
 // src/args/commands/token.ts
 function addScmTokenBuilder(args) {
   return args.option("scm-type", scmTypeOption).option("url", urlOption).option("token", scmTokenOption).option("organization", scmOrgOption).option("refresh-token", scmRefreshTokenOption).option("api-key", apiKeyOption).option("ci", ciOption).example(
@@ -24297,10 +24524,10 @@ init_client_generates();
 init_urlParser2();
 
 // src/features/codeium_intellij/codeium_language_server_grpc_client.ts
-import path22 from "path";
+import path23 from "path";
 import * as grpc from "@grpc/grpc-js";
 import * as protoLoader from "@grpc/proto-loader";
-var PROTO_PATH = path22.join(
+var PROTO_PATH = path23.join(
   getModuleRootDir(),
   "src/features/codeium_intellij/proto/exa/language_server_pb/language_server.proto"
 );
@@ -24312,7 +24539,7 @@ function loadProto() {
     defaults: true,
     oneofs: true,
     includeDirs: [
-      path22.join(getModuleRootDir(), "src/features/codeium_intellij/proto")
+      path23.join(getModuleRootDir(), "src/features/codeium_intellij/proto")
     ]
   });
   return grpc.loadPackageDefinition(
@@ -24366,30 +24593,30 @@ async function getGrpcClient(port, csrf3) {
 }
 
 // src/features/codeium_intellij/parse_intellij_logs.ts
-import fs24 from "fs";
+import fs25 from "fs";
 import os12 from "os";
-import path23 from "path";
+import path24 from "path";
 function getLogsDir() {
   if (process.platform === "darwin") {
-    return path23.join(os12.homedir(), "Library/Logs/JetBrains");
+    return path24.join(os12.homedir(), "Library/Logs/JetBrains");
   } else if (process.platform === "win32") {
-    return path23.join(
-      process.env["LOCALAPPDATA"] || path23.join(os12.homedir(), "AppData/Local"),
+    return path24.join(
+      process.env["LOCALAPPDATA"] || path24.join(os12.homedir(), "AppData/Local"),
       "JetBrains"
     );
   } else {
-    return path23.join(os12.homedir(), ".cache/JetBrains");
+    return path24.join(os12.homedir(), ".cache/JetBrains");
   }
 }
 function parseIdeLogDir(ideLogDir) {
-  const logFiles = fs24.readdirSync(ideLogDir).filter((f) => /^idea(\.\d+)?\.log$/.test(f)).map((f) => ({
+  const logFiles = fs25.readdirSync(ideLogDir).filter((f) => /^idea(\.\d+)?\.log$/.test(f)).map((f) => ({
     name: f,
-    mtime: fs24.statSync(path23.join(ideLogDir, f)).mtimeMs
+    mtime: fs25.statSync(path24.join(ideLogDir, f)).mtimeMs
   })).sort((a, b) => a.mtime - b.mtime).map((f) => f.name);
   let latestCsrf = null;
   let latestPort = null;
   for (const logFile of logFiles) {
-    const lines = fs24.readFileSync(path23.join(ideLogDir, logFile), "utf-8").split("\n");
+    const lines = fs25.readFileSync(path24.join(ideLogDir, logFile), "utf-8").split("\n");
     for (const line of lines) {
       if (!line.includes(
         "com.codeium.intellij.language_server.LanguageServerProcessHandler"
@@ -24415,13 +24642,13 @@ function parseIdeLogDir(ideLogDir) {
 function findRunningCodeiumLanguageServers() {
   const results = [];
   const logsDir = getLogsDir();
-  if (!fs24.existsSync(logsDir)) return results;
-  for (const ide of fs24.readdirSync(logsDir)) {
-    let ideLogDir = path23.join(logsDir, ide);
+  if (!fs25.existsSync(logsDir)) return results;
+  for (const ide of fs25.readdirSync(logsDir)) {
+    let ideLogDir = path24.join(logsDir, ide);
     if (process.platform !== "darwin") {
-      ideLogDir = path23.join(ideLogDir, "log");
+      ideLogDir = path24.join(ideLogDir, "log");
     }
-    if (!fs24.existsSync(ideLogDir) || !fs24.statSync(ideLogDir).isDirectory()) {
+    if (!fs25.existsSync(ideLogDir) || !fs25.statSync(ideLogDir).isDirectory()) {
       continue;
     }
     const result = parseIdeLogDir(ideLogDir);
@@ -24602,10 +24829,10 @@ function processChatStepCodeAction(step) {
 // src/features/codeium_intellij/install_hook.ts
 import fsPromises6 from "fs/promises";
 import os13 from "os";
-import path24 from "path";
-import chalk12 from "chalk";
+import path25 from "path";
+import chalk14 from "chalk";
 function getCodeiumHooksPath() {
-  return path24.join(os13.homedir(), ".codeium", "hooks.json");
+  return path25.join(os13.homedir(), ".codeium", "hooks.json");
 }
 async function readCodeiumHooks() {
   const hooksPath = getCodeiumHooksPath();
@@ -24618,7 +24845,7 @@ async function readCodeiumHooks() {
 }
 async function writeCodeiumHooks(config2) {
   const hooksPath = getCodeiumHooksPath();
-  const dir = path24.dirname(hooksPath);
+  const dir = path25.dirname(hooksPath);
   await fsPromises6.mkdir(dir, { recursive: true });
   await fsPromises6.writeFile(
     hooksPath,
@@ -24628,7 +24855,7 @@ async function writeCodeiumHooks(config2) {
 }
 async function installWindsurfHooks(options = {}) {
   const hooksPath = getCodeiumHooksPath();
-  console.log(chalk12.blue("Installing Mobb hooks in Windsurf IntelliJ..."));
+  console.log(chalk14.blue("Installing Mobb hooks in Windsurf IntelliJ..."));
   const config2 = await readCodeiumHooks();
   if (!config2.hooks) {
     config2.hooks = {};
@@ -24648,7 +24875,7 @@ async function installWindsurfHooks(options = {}) {
     if (envVars.length > 0) {
       command = `${envVars.join(" ")} ${command}`;
       console.log(
-        chalk12.blue(
+        chalk14.blue(
           `Adding environment variables to hook command: ${envVars.join(", ")}`
         )
       );
@@ -24662,15 +24889,15 @@ async function installWindsurfHooks(options = {}) {
     (hook) => hook.command?.includes("mobbdev@latest windsurf-intellij-process-hook")
   );
   if (existingHookIndex >= 0) {
-    console.log(chalk12.yellow("Mobb hook already exists, updating..."));
+    console.log(chalk14.yellow("Mobb hook already exists, updating..."));
     config2.hooks.post_write_code[existingHookIndex] = mobbHook;
   } else {
-    console.log(chalk12.green("Adding new Mobb hook..."));
+    console.log(chalk14.green("Adding new Mobb hook..."));
     config2.hooks.post_write_code.push(mobbHook);
   }
   await writeCodeiumHooks(config2);
   console.log(
-    chalk12.green(
+    chalk14.green(
       `\u2705 Mobb hooks ${options.saveEnv ? "and environment variables " : ""}installed successfully in ${hooksPath}`
     )
   );
@@ -24720,81 +24947,86 @@ var windsurfIntellijProcessHookHandler = async () => {
 var parseArgs = async (args) => {
   const yargsInstance = yargs(args);
   return yargsInstance.updateStrings({
-    "Commands:": chalk13.yellow.underline.bold("Commands:"),
-    "Options:": chalk13.yellow.underline.bold("Options:"),
-    "Examples:": chalk13.yellow.underline.bold("Examples:"),
-    "Show help": chalk13.bold("Show help")
+    "Commands:": chalk15.yellow.underline.bold("Commands:"),
+    "Options:": chalk15.yellow.underline.bold("Options:"),
+    "Examples:": chalk15.yellow.underline.bold("Examples:"),
+    "Show help": chalk15.bold("Show help")
   }).usage(
-    `${chalk13.bold(
+    `${chalk15.bold(
       "\n Bugsy - Trusted, Automatic Vulnerability Fixer \u{1F575}\uFE0F\u200D\u2642\uFE0F\n\n"
-    )} ${chalk13.yellow.underline.bold("Usage:")} 
-  $0 ${chalk13.green(
+    )} ${chalk15.yellow.underline.bold("Usage:")} 
+  $0 ${chalk15.green(
       "<command>"
-    )} ${chalk13.dim("[options]")}
+    )} ${chalk15.dim("[options]")}
             `
   ).version(false).command(
     mobbCliCommand.scan,
-    chalk13.bold(
+    chalk15.bold(
       "Scan your code for vulnerabilities, get automated fixes right away."
     ),
     scanBuilder,
     scanHandler
   ).command(
     mobbCliCommand.analyze,
-    chalk13.bold(
+    chalk15.bold(
       "Provide a code repository, get automated fixes right away. You can also provide a vulnerability report to analyze or have Mobb scan the code for you."
     ),
     analyzeBuilder,
     analyzeHandler
   ).command(
     mobbCliCommand.review,
-    chalk13.bold(
+    chalk15.bold(
       "Mobb will review your github pull requests and provide comments with fixes "
     ),
     reviewBuilder,
     reviewHandler
   ).command(
     mobbCliCommand.addScmToken,
-    chalk13.bold(
+    chalk15.bold(
       "Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes."
     ),
     addScmTokenBuilder,
     addScmTokenHandler
+  ).command(
+    mobbCliCommand.scanSkill,
+    chalk15.bold("Scan an OpenClaw/ClawHub skill for security threats."),
+    scanSkillBuilder,
+    scanSkillHandler
   ).command(
     mobbCliCommand.convertToSarif,
-    chalk13.bold("Convert an existing SAST report to SARIF format."),
+    chalk15.bold("Convert an existing SAST report to SARIF format."),
     convertToSarifBuilder,
     convertToSarifHandler
   ).command(
     mobbCliCommand.mcp,
-    chalk13.bold("Launch the MCP (Model Context Protocol) server."),
+    chalk15.bold("Launch the MCP (Model Context Protocol) server."),
     mcpBuilder,
     mcpHandler
   ).command(
     mobbCliCommand.uploadAiBlame,
-    chalk13.bold(
+    chalk15.bold(
       "Upload AI Blame inference artifacts (prompt + inference) and finalize them."
     ),
     uploadAiBlameBuilder,
     uploadAiBlameCommandHandler
   ).command(
     mobbCliCommand.claudeCodeInstallHook,
-    chalk13.bold("Install Claude Code hooks for data collection."),
+    chalk15.bold("Install Claude Code hooks for data collection."),
     claudeCodeInstallHookBuilder,
     claudeCodeInstallHookHandler
   ).command(
     mobbCliCommand.claudeCodeProcessHook,
-    chalk13.bold("Process Claude Code hook data and upload to backend."),
+    chalk15.bold("Process Claude Code hook data and upload to backend."),
     claudeCodeProcessHookBuilder,
     claudeCodeProcessHookHandler
   ).command(
     mobbCliCommand.windsurfIntellijInstallHook,
-    chalk13.bold("Install Windsurf IntelliJ hooks for data collection."),
+    chalk15.bold("Install Windsurf IntelliJ hooks for data collection."),
     windsurfIntellijInstallHookBuilder,
     windsurfIntellijInstallHookHandler
   ).command(
     mobbCliCommand.windsurfIntellijProcessHook,
-    chalk13.bold("Process Windsurf IntelliJ hook data and upload to backend."),
+    chalk15.bold("Process Windsurf IntelliJ hook data and upload to backend."),
     windsurfIntellijProcessHookBuilder,
     windsurfIntellijProcessHookHandler
   ).example(
@@ -24805,7 +25037,7 @@ var parseArgs = async (args) => {
     handler() {
       yargsInstance.showHelp();
     }
-  }).strictOptions().help("h").alias("h", "help").epilog(chalk13.bgBlue("Made with \u2764\uFE0F by Mobb")).showHelpOnFail(true).wrap(Math.min(120, yargsInstance.terminalWidth())).parse();
+  }).strictOptions().help("h").alias("h", "help").epilog(chalk15.bgBlue("Made with \u2764\uFE0F by Mobb")).showHelpOnFail(true).wrap(Math.min(120, yargsInstance.terminalWidth())).parse();
 };
 
 // src/index.ts