nsauditor-ai-agent-skill 0.2.5 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +9 -1
  2. package/SKILL.md +1 -1
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -4,9 +4,17 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
4
4
 
5
5
  ---
6
6
 
7
+ ## 0.2.7 (2026-06-08) — Paired-release pin for EE 0.19.2 + CE 0.2.7 — Confirmed false-negative tail
8
+
9
+ Paired no-op bump (knowledge-package version sync). EE 0.19.2 closes six more gauntlet-confirmed Tier-B false-negatives across the Pro/Enterprise cloud auditors (1222 Azure KV legacy access-policy per-verb breadth + 2 anchor-drifts + drift-detector closure · 1021 GCP broad-but-not-full public firewall ranges · 1070 AWS KMS PendingDeletion key-policy audit · 1100 CodePipeline sticky approval-latch · 1024 GCP Storage bucket-enumeration truncation evidence-gap · 1040 CloudTrail data-events read-coverage caveat), each TDD'd + independently adversarially reviewed. Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED. No change to the MCP tool/plugin schemas this skill documents.
10
+
11
+ ## 0.2.6 (2026-06-08) — Paired-release pin for EE 0.19.1 + CE 0.2.6 — Confirmed false-negative batch
12
+
13
+ Paired no-op bump (knowledge-package version sync). EE 0.19.1 closes seven gauntlet-confirmed Tier-B false-negatives across the Pro/Enterprise cloud auditors (1030 AWS IAM prefix-glob privesc + access-key hygiene · 1150 SQS wildcard-Principal queue-policy audit · 1130 air-gapped KMS CreateGrant/GenerateDataKey · 1120 S3 versioned-bucket noncurrent-version disposal · 1080 Lambda deprecated/unknown-runtime currency · 1025 GCP OIDC-impersonation + WIF-provider admin-equivalence · 1160 VPC-endpoint sensitive-action service-namespace matching), each TDD'd + independently adversarially reviewed. Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED. No change to the MCP tool/plugin schemas this skill documents.
14
+
7
15
  ## 0.2.5 (2026-06-07) — Paired-release pin for EE 0.19.0 + CE 0.2.5 — No silent false-clean
8
16
 
9
- Paired no-op bump (SKILL.md version banner only; SKILL.md body + `references/plugins.md` UNCHANGED). EE 0.19.0 is the largest false-clean-class closure since the framework cycles: an un-scanned cloud region, a denied API call, or a logging-but-not-delivering trail can no longer read CLEAN at EITHER the compliance verdict OR the MCP `scan_cloud` transport. The shared `forEachRegion` fan-out (all 16 regional AWS plugins) now emits a per-region `region-scan-evidence-gap` LOW+evidenceGap finding for every errored/access-denied region — pre-fix an errored region was recorded in scanScope but emitted ZERO findings, so the findings-only compliance engine + the MCP summary saw it as CLEAN; class-O routing then fail-closes EXACTLY that source's native attested controls across all six frameworks (208 additive titlePattern anchors; matrices UNCHANGED at the count level). Four per-plugin swallow→gap retrofits: 1150 SQS/SNS region AccessDenied, 1022 Azure storage enumeration-error (SDK-absent soft-degrade vs real failure), 1200 GuardDuty `ListDetectors` AccessDenied no longer mis-classified as a definitive "NOT ENABLED" HIGH, and 1040 CloudTrail now reads `LatestDeliveryError` so a trail that is logging but failing to deliver to S3 is flagged HIGH. Plus two air-gapped/IAM criticals from the Mythos review (offline CVE matcher fails-CLOSED on distro/epoch/build-suffixed versions; plugin 1110 keeps HIGH on the AWS-default root-delegation key policy) and the EE AI-enrichment prompt no longer leaks the scan target (public IP/hostname/MAC/secrets) to the external LLM — every target host is anonymized to a deterministic `[target-N]` label and routed through CE's content-scrubber. No skill-logic change. **Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED** (SOC 2 + HIPAA + NIST CSF 2.0 + PCI DSS v4.0.1 + ISO 27001:2022 + CIS Controls v8). STAGED (pre-publish).
17
+ Paired no-op bump (SKILL.md version banner only; SKILL.md body + `references/plugins.md` UNCHANGED). EE 0.19.0 is the largest false-clean-class closure since the framework cycles: an un-scanned cloud region, a denied API call, or a logging-but-not-delivering trail can no longer read CLEAN at EITHER the compliance verdict OR the MCP `scan_cloud` transport. The shared `forEachRegion` fan-out (all 16 regional AWS plugins) now emits a per-region `region-scan-evidence-gap` LOW+evidenceGap finding for every errored/access-denied region — pre-fix an errored region was recorded in scanScope but emitted ZERO findings, so the findings-only compliance engine + the MCP summary saw it as CLEAN; class-O routing then fail-closes EXACTLY that source's native attested controls across all six frameworks (208 additive titlePattern anchors; matrices UNCHANGED at the count level). Four per-plugin swallow→gap retrofits: 1150 SQS/SNS region AccessDenied, 1022 Azure storage enumeration-error (SDK-absent soft-degrade vs real failure), 1200 GuardDuty `ListDetectors` AccessDenied no longer mis-classified as a definitive "NOT ENABLED" HIGH, and 1040 CloudTrail now reads `LatestDeliveryError` so a trail that is logging but failing to deliver to S3 is flagged HIGH. Plus two air-gapped/IAM criticals from the Mythos review (offline CVE matcher fails-CLOSED on distro/epoch/build-suffixed versions; plugin 1110 keeps HIGH on the AWS-default root-delegation key policy) and the EE AI-enrichment prompt no longer leaks the scan target (public IP/hostname/MAC/secrets) to the external LLM — every target host is anonymized to a deterministic `[target-N]` label and routed through CE's content-scrubber. No skill-logic change. **Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED** (SOC 2 + HIPAA + NIST CSF 2.0 + PCI DSS v4.0.1 + ISO 27001:2022 + CIS Controls v8). Published + live on npm 2026-06-07 (61st trio).
10
18
 
11
19
  ## 0.2.4 (2026-06-05) — Paired-release pin for EE 0.18.3 + CE 0.2.4 — GCP IAM + Azure Key Vault false-negative hardening III
12
20
 
package/SKILL.md CHANGED
@@ -16,7 +16,7 @@ description: >
16
16
 
17
17
  # NSAuditor AI — Agent Skill
18
18
 
19
- > **Version:** 0.2.5 (post-EE 0.19.0No silent false-clean: per-region evidence-gap + class-O routing + swallow retrofits + air-gapped CVE/KMS criticals + AI-egress redaction) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
19
+ > **Version:** 0.2.7 (post-EE 0.19.2Confirmed false-negative tail: 6 more cloud-auditor silent misses closed [1222 Azure KV per-verb breadth + anchor-drifts · 1021 GCP broad-public firewall · 1070 AWS KMS PendingDeletion · 1100 CodePipeline approval-latch · 1024 GCP Storage truncation gap · 1040 CloudTrail data-events read-coverage]) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
20
20
 
21
21
  NSAuditor AI is a modular, AI-assisted network security audit platform with 27+ scanner
22
22
  plugins, CVE matching, MITRE ATT&CK mapping, and Zero Data Exfiltration by design. This
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nsauditor-ai-agent-skill",
3
- "version": "0.2.5",
3
+ "version": "0.2.7",
4
4
  "description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
5
5
  "keywords": [
6
6
  "nsauditor",