nsauditor-ai-agent-skill 0.1.59 → 0.1.61
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/SKILL.md +14 -14
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,10 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
|
|
|
4
4
|
|
|
5
5
|
---
|
|
6
6
|
|
|
7
|
+
## 0.1.61 (2026-05-30) — **HOTFIX: SKILL.md `description` trimmed to fit the 1024-char skill-upload limit.** The frontmatter `description` had grown to 1241 chars, so Claude Desktop rejected the skill upload (`field 'description' in SKILL.md must be at most 1024 characters`). Rewrote it to 967 chars while keeping the high-value trigger keywords and adding the new cloud-audit triggers (`scan_cloud`, "audit my AWS/GCP/Azure account", "cloud compliance"). No body/content change vs 0.1.60 (still teaches `scan_cloud`); pairs the same EE 0.16.2 + CE 0.1.93.
|
|
8
|
+
|
|
9
|
+
## 0.1.60 (2026-05-30) — Paired-release for EE 0.16.2 + CE 0.1.93 — **SKILL.md updated**: teaches the NEW MCP `scan_cloud` tool (audit AWS/GCP/Azure accounts directly, no network host) — added to the Pro/Enterprise Tools table (Enterprise tier) + the "which tool to use" decision tree, plus a result-interpretation rule ("a cloud was effectively audited only if it's in `auditedProviders`; `audited:false` / `notes` / `pluginsRan:0` means NOT audited — never report a clean pass"). Feature lives in CE 0.1.93; plugin count UNCHANGED (28); all six matrices UNCHANGED.
|
|
10
|
+
|
|
7
11
|
## 0.1.59 (2026-05-30) — Paired-release pin for EE 0.16.1 + CE 0.1.92 — MCP `NSA_ENV_FILE`: the MCP server now loads a per-environment dotenv file named by `NSA_ENV_FILE` at startup (the MCP analog of the 0.16.0 CLI `--env`), so an operator points the server at a specific account/cloud by changing one path in the Claude Desktop / Claude Code config. Loaded after auth + license (scan-target vars only); fail-fast + authoritative-file ambient-cred clearing close a false-clean caught by the `audit-cloud-plugin-false-negatives` review. Feature lives in CE; plugin count UNCHANGED (28); all six matrices UNCHANGED. SKILL.md/references unchanged.
|
|
8
12
|
|
|
9
13
|
## 0.1.58 (2026-05-29) — Paired-release pin for EE 0.16.0 + CE 0.1.91 — CLI per-account scanning: `--env` / `--aws-profile` flags + sentinel-host plugin scoping (`--host aws|gcp|azure` + `--plugins all` runs only that cloud's plugins); EE adds a declarative `cloudProvider` field to all 27 cloud plugins. Plugin count UNCHANGED (28); all six matrices UNCHANGED. SKILL.md/references unchanged.
|
package/SKILL.md
CHANGED
|
@@ -1,20 +1,16 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: nsauditor-ai
|
|
3
3
|
description: >
|
|
4
|
-
Use this skill whenever the user wants
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
'
|
|
9
|
-
'
|
|
10
|
-
'
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
CVEs for a software version, audit DNS records, check certificate expiry, or perform
|
|
15
|
-
continuous security monitoring. Use this skill even if the user doesn't explicitly say
|
|
16
|
-
"NSAuditor" — if they want network security scanning and the nsauditor-ai MCP tools
|
|
17
|
-
are available, this is the skill to use. Do NOT use for general coding tasks, web
|
|
4
|
+
Use this skill whenever the user wants network security scanning, auditing, vulnerability
|
|
5
|
+
assessment, host reconnaissance, or cloud-account security/compliance auditing with NSAuditor
|
|
6
|
+
AI (via the nsauditor-ai MCP server: scan_host, scan_cloud, probe_service, get_vulnerabilities,
|
|
7
|
+
list_plugins). Triggers include 'scan', 'audit', 'vulnerability', 'CVE', 'network security',
|
|
8
|
+
'port scan', 'service detection', 'OS fingerprinting', 'penetration test', 'TLS/cipher audit',
|
|
9
|
+
'certificate check', 'DNS security', 'SPF/DKIM/DMARC/DNSSEC', 'SNMP/SMB/NetBIOS', 'CTEM',
|
|
10
|
+
'continuous monitoring', or 'audit my AWS/GCP/Azure account' / 'cloud compliance'. Also use it
|
|
11
|
+
when the user asks to check if a host is up, enumerate services, find open ports, look up CVEs
|
|
12
|
+
for a version, audit DNS records, or audit a cloud account — even if they don't say NSAuditor,
|
|
13
|
+
as long as the nsauditor-ai MCP tools are available. Do NOT use for general coding, web
|
|
18
14
|
development, or non-security topics.
|
|
19
15
|
---
|
|
20
16
|
|
|
@@ -142,6 +138,9 @@ These tools return a license upgrade prompt on CE installations:
|
|
|
142
138
|
| `risk_summary` | Pro | Prioritized risk overview with severity breakdown |
|
|
143
139
|
| `scan_compare` | Pro | Diff two scan results with risk-weighted delta analysis |
|
|
144
140
|
| `save_finding` | Pro | Persist a validated finding to the finding queue |
|
|
141
|
+
| `scan_cloud` | Enterprise | Audit one or more cloud accounts (AWS / GCP / Azure) for security & compliance posture using the server-configured credentials. No network host needed. Input: `{ providers?: ("aws"\|"gcp"\|"azure")[] }` — omit to audit all configured clouds. Use this (not `scan_host`) when the user asks to "audit my AWS account", "audit my AWS and Azure accounts", or "check my cloud compliance". CE/Pro callers get an upgrade message. |
|
|
142
|
+
|
|
143
|
+
> **Interpreting `scan_cloud` results — never report a false clean:** a cloud was effectively audited only if it appears in `auditedProviders`. If the result has `audited: false`, any `notes` entries, or `pluginsRan: 0`, the cloud was **NOT** audited (no plugins, missing credentials, or skipped) — report the gap explicitly; an empty result is **not** a clean pass.
|
|
145
144
|
| `start_assessment` | Enterprise | Multi-host orchestrated security assessment |
|
|
146
145
|
| `prioritize_risks` | Enterprise | Cross-host risk prioritization and ranking |
|
|
147
146
|
| `compliance_check` | Enterprise | SOC 2 (AICPA TSC 2017) + HIPAA (§164.312 Technical Safeguards) + NIST CSF 2.0 Core + PCI DSS v4.0.1 (sub-requirement-level for QSA RoC; PCI SSC June 2024 errata) + ISO/IEC 27001:2022 (per-Annex-A-code-level for ISO/IEC 17021-1 certification body assessors; ISO + IEC October 2022; 2013 edition retired October 31, 2025) + **CIS Critical Security Controls v8** (per-Safeguard-level; Center for Internet Security May 2021, v8.1 errata June 2024) gap analysis — all six shipped (SOC 2 EE 0.3.x; HIPAA EE 0.9.0; NIST CSF 2.0 EE 0.10.0; PCI DSS v4.0.1 EE 0.11.0; ISO/IEC 27001:2022 EE 0.12.0; **CIS Controls v8 EE 0.13.0**). Multi-framework via `--compliance soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8` (any CSV subset; hexa-framework one-scan produces six complete auditor-ready evidence packs). **CIS Controls v8**: 17 covered + 22 partial + 114 OOS across 153 Safeguards / 18 Controls. **Implementation Group cumulative discipline** — IG1=56 (cyber-insurance baseline; ~50-70% of mid-market policies require IG1 attestation), IG2 cumulative=130, IG3 cumulative=153; smallest-IG-membership tagging (NEVER report IG2 as 74-of-74 in isolation). **No-certification-body attestation discipline** — engine output is INPUT to CSAT / CIS-CAT Pro self-attestation OR a SOC 2 auditor cross-validating CIS scope, never "CIS certified." Cloud Companion Guide v8 shared-responsibility + CIS-Hardened-Image substrate-evidence credit (Safeguards 4.1/4.2/4.6) + 5 Security Functions (NOT 6 — no Govern) + 6 Asset Types + MS-ISAC/EI-ISAC/H-ISAC sector baselines + v7.1-to-v8 cross-reference. CIS Safeguard examples: `3.3` Data Access Control Lists, `5.4` Restrict Administrator Privileges, `6.3` MFA for Externally-Exposed Applications, `8.2` Collect Audit Logs, `11.4` Isolated Recovery Data Instance. ISO 27001 Annex A code examples: `A.5.15` Access control, `A.5.23` NEW 2022 Cloud services, `A.8.5` Secure authentication, `A.8.9` NEW 2022 Configuration management, `A.8.16` NEW 2022 Monitoring activities, `A.8.24` Use of cryptography. Statement of Applicability per Clause 6.1.3.d discipline + ISMS Clauses 4-10 OOS-by-design framing (7 Major Nonconformity classes — absence of internal audit per Clause 9.2 or management review per Clause 9.3 = auto-fail Stage 2) + 5-attribute taxonomy NEW in 2022 (controlType / informationSecurityProperties / cybersecurityConcepts [5 categories, NOT 6 like NIST CSF 2.0] / operationalCapabilities / securityDomains) + 2013-to-2022 transition discipline. Pair with ISO-aware GRC (Drata ISO 27001 / Vanta ISO 27001 / AuditBoard / OneTrust ISMS / Secureframe ISO 27001) for SoA workflow + internal audit + management review. PCI DSS sub-requirement examples: `Req 1.2.1` NSC config standards, `Req 8.4.1` MFA on non-console admin, `Req 10.2.1` audit logs enabled, `Req 11.3.1` quarterly internal vuln scans. Defined-vs-Customized Approach discipline per Appendix E (15 Defined-only sub-requirements enforced at schema layer; CHD Scope operator-attested via CDE DFD per Req 1.2.4; card-brand AOC enforcement view — Visa CISP / Mastercard SDP / Amex DSOP / Discover DISC). |
|
|
@@ -352,6 +351,7 @@ See `references/workflows.md` for detailed multi-step patterns:
|
|
|
352
351
|
```
|
|
353
352
|
User wants to...
|
|
354
353
|
├── Scan a host comprehensively → scan_host
|
|
354
|
+
├── Audit a cloud account (AWS/GCP/Azure) → scan_cloud (Enterprise)
|
|
355
355
|
├── Check a specific service/port → probe_service (Pro)
|
|
356
356
|
├── Look up CVEs for software version → get_vulnerabilities (Pro)
|
|
357
357
|
├── See available plugins → list_plugins
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "nsauditor-ai-agent-skill",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.61",
|
|
4
4
|
"description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"nsauditor",
|