skill-checker 0.1.0

package/dist/index.js

@@ -0,0 +1,2168 @@
+// src/parser.ts
+import { readFileSync, readdirSync, statSync, existsSync } from "fs";
+import { join, extname, basename, resolve } from "path";
+import { parse as parseYaml } from "yaml";
+var BINARY_EXTENSIONS = /* @__PURE__ */ new Set([
+  ".png",
+  ".jpg",
+  ".jpeg",
+  ".gif",
+  ".bmp",
+  ".ico",
+  ".webp",
+  ".svg",
+  ".woff",
+  ".woff2",
+  ".ttf",
+  ".eot",
+  ".otf",
+  ".zip",
+  ".gz",
+  ".tar",
+  ".bz2",
+  ".7z",
+  ".rar",
+  ".exe",
+  ".dll",
+  ".so",
+  ".dylib",
+  ".bin",
+  ".pdf",
+  ".doc",
+  ".docx",
+  ".xls",
+  ".xlsx",
+  ".mp3",
+  ".mp4",
+  ".wav",
+  ".avi",
+  ".mov",
+  ".wasm",
+  ".pyc",
+  ".class"
+]);
+function parseSkill(dirPath) {
+  const absDir = resolve(dirPath);
+  const skillMdPath = join(absDir, "SKILL.md");
+  const hasSkillMd = existsSync(skillMdPath);
+  const raw = hasSkillMd ? readFileSync(skillMdPath, "utf-8") : "";
+  const { frontmatter, frontmatterValid, body, bodyStartLine } = parseFrontmatter(raw);
+  const files = enumerateFiles(absDir);
+  return {
+    dirPath: absDir,
+    raw,
+    frontmatter,
+    frontmatterValid,
+    body,
+    bodyLines: body.split("\n"),
+    bodyStartLine,
+    files
+  };
+}
+function parseSkillContent(content, dirPath = ".") {
+  const { frontmatter, frontmatterValid, body, bodyStartLine } = parseFrontmatter(content);
+  return {
+    dirPath,
+    raw: content,
+    frontmatter,
+    frontmatterValid,
+    body,
+    bodyLines: body.split("\n"),
+    bodyStartLine,
+    files: []
+  };
+}
+function parseFrontmatter(raw) {
+  const fmRegex = /^---\r?\n([\s\S]*?)\r?\n---\r?\n?/;
+  const match = raw.match(fmRegex);
+  if (!match) {
+    return {
+      frontmatter: {},
+      frontmatterValid: false,
+      body: raw,
+      bodyStartLine: 1
+    };
+  }
+  const yamlStr = match[1];
+  const fmLineCount = match[0].split("\n").length;
+  try {
+    const parsed = parseYaml(yamlStr);
+    return {
+      frontmatter: typeof parsed === "object" && parsed !== null ? parsed : {},
+      frontmatterValid: true,
+      body: raw.slice(match[0].length),
+      bodyStartLine: fmLineCount
+    };
+  } catch {
+    return {
+      frontmatter: {},
+      frontmatterValid: false,
+      body: raw.slice(match[0].length),
+      bodyStartLine: fmLineCount
+    };
+  }
+}
+function enumerateFiles(dirPath, maxDepth = 5) {
+  const files = [];
+  if (!existsSync(dirPath)) return files;
+  function walk(currentDir, depth) {
+    if (depth > maxDepth) return;
+    let entries;
+    try {
+      entries = readdirSync(currentDir, { withFileTypes: true });
+    } catch {
+      return;
+    }
+    for (const entry of entries) {
+      const fullPath = join(currentDir, entry.name);
+      if (entry.isDirectory()) {
+        if (entry.name.startsWith(".") || entry.name === "node_modules") continue;
+        walk(fullPath, depth + 1);
+        continue;
+      }
+      const ext = extname(entry.name).toLowerCase();
+      let stats;
+      try {
+        stats = statSync(fullPath);
+      } catch {
+        continue;
+      }
+      const isBinary = BINARY_EXTENSIONS.has(ext);
+      const relativePath = fullPath.slice(dirPath.length + 1);
+      let content;
+      if (!isBinary && stats.size < 1e6) {
+        try {
+          content = readFileSync(fullPath, "utf-8");
+        } catch {
+        }
+      }
+      files.push({
+        path: relativePath,
+        name: basename(entry.name, ext),
+        extension: ext,
+        sizeBytes: stats.size,
+        isBinary,
+        content
+      });
+    }
+  }
+  walk(dirPath, 0);
+  return files;
+}
+
+// src/checks/structural.ts
+var HYPHEN_CASE_RE = /^[a-z][a-z0-9]*(-[a-z0-9]+)*$/;
+var MAX_NAME_LENGTH = 64;
+var EXECUTABLE_EXTENSIONS = /* @__PURE__ */ new Set([
+  ".exe",
+  ".bat",
+  ".cmd",
+  ".sh",
+  ".bash",
+  ".ps1",
+  ".com",
+  ".msi"
+]);
+var BINARY_EXTENSIONS2 = /* @__PURE__ */ new Set([
+  ".exe",
+  ".dll",
+  ".so",
+  ".dylib",
+  ".bin",
+  ".wasm",
+  ".class",
+  ".pyc"
+]);
+var structuralChecks = {
+  name: "Structural Validity",
+  category: "STRUCT",
+  run(skill) {
+    const results = [];
+    if (!skill.raw) {
+      results.push({
+        id: "STRUCT-001",
+        category: "STRUCT",
+        severity: "CRITICAL",
+        title: "Missing SKILL.md",
+        message: "No SKILL.md file found in the skill directory."
+      });
+      return results;
+    }
+    if (!skill.frontmatterValid) {
+      results.push({
+        id: "STRUCT-002",
+        category: "STRUCT",
+        severity: "HIGH",
+        title: "Invalid YAML frontmatter",
+        message: "SKILL.md is missing valid YAML frontmatter (---...--- block)."
+      });
+    }
+    if (!skill.frontmatter.name) {
+      results.push({
+        id: "STRUCT-003",
+        category: "STRUCT",
+        severity: "HIGH",
+        title: "Missing name field",
+        message: 'Frontmatter is missing the required "name" field.'
+      });
+    }
+    if (!skill.frontmatter.description) {
+      results.push({
+        id: "STRUCT-004",
+        category: "STRUCT",
+        severity: "MEDIUM",
+        title: "Missing description field",
+        message: 'Frontmatter is missing the "description" field.'
+      });
+    }
+    if (skill.body.trim().length < 50) {
+      results.push({
+        id: "STRUCT-005",
+        category: "STRUCT",
+        severity: "CRITICAL",
+        title: "SKILL.md body is too short",
+        message: `Body is only ${skill.body.trim().length} characters. A valid skill should have meaningful instructions (>=50 chars).`
+      });
+    }
+    for (const file of skill.files) {
+      const ext = file.extension.toLowerCase();
+      if (BINARY_EXTENSIONS2.has(ext) || EXECUTABLE_EXTENSIONS.has(ext)) {
+        results.push({
+          id: "STRUCT-006",
+          category: "STRUCT",
+          severity: "HIGH",
+          title: "Unexpected binary/executable file",
+          message: `Found unexpected file: ${file.path} (${ext})`
+        });
+      }
+    }
+    const name = skill.frontmatter.name;
+    if (name) {
+      if (!HYPHEN_CASE_RE.test(name)) {
+        results.push({
+          id: "STRUCT-007",
+          category: "STRUCT",
+          severity: "MEDIUM",
+          title: "Name not in hyphen-case format",
+          message: `Skill name "${name}" should be in hyphen-case (e.g. "my-skill").`
+        });
+      }
+      if (name.length > MAX_NAME_LENGTH) {
+        results.push({
+          id: "STRUCT-007",
+          category: "STRUCT",
+          severity: "MEDIUM",
+          title: "Name too long",
+          message: `Skill name is ${name.length} chars, max ${MAX_NAME_LENGTH}.`
+        });
+      }
+    }
+    return results;
+  }
+};
+
+// src/utils/context.ts
+function isInCodeBlock(lines, lineIndex) {
+  let inBlock = false;
+  for (let i = 0; i < lineIndex && i < lines.length; i++) {
+    if (lines[i].trim().startsWith("```")) {
+      inBlock = !inBlock;
+    }
+  }
+  return inBlock;
+}
+function isNamespaceOrSchemaURI(url, line) {
+  if (/\bxmlns\b/i.test(line)) return true;
+  if (/\bnamespace\b/i.test(line)) return true;
+  if (/\bschema[s]?\b/i.test(line) && !/(schema\.org)/i.test(url)) return true;
+  const parsed = parseURLPath(url);
+  if (!parsed) return false;
+  if (/\/\d{4}\//.test(parsed.path)) {
+    if (!parsed.hasQuery && !parsed.hasFileExtension) return true;
+  }
+  return false;
+}
+function isInNetworkRequestContext(line) {
+  const networkPatterns = [
+    /\bfetch\s*\(/i,
+    /\bcurl\s+/i,
+    /\bwget\s+/i,
+    /\baxios\b/i,
+    /\brequests?\.(get|post|put|delete|head)\s*\(/i,
+    /\bhttp\.(get|request)\s*\(/i,
+    /\bopen\s*\(\s*["'](?:GET|POST|PUT|DELETE)/i,
+    /\bURLSession\b/,
+    /\bInvoke-WebRequest\b/i
+  ];
+  return networkPatterns.some((p) => p.test(line));
+}
+function isInDocumentationContext(lines, lineIndex) {
+  const line = lines[lineIndex];
+  if (/^\s*[-*]\s+\*\*\w+\*\*\s*[:：]/.test(line)) return true;
+  for (let i = lineIndex; i >= Math.max(0, lineIndex - 15); i--) {
+    const l = lines[i];
+    if (/^#{1,4}\s+.*(install|setup|prerequisite|requirement|depend|getting\s+started)/i.test(l)) {
+      return true;
+    }
+  }
+  return false;
+}
+function parseURLPath(url) {
+  try {
+    const u = new URL(url);
+    const hasQuery = u.search.length > 0;
+    const lastSegment = u.pathname.split("/").pop() ?? "";
+    const hasFileExtension = /\.\w{1,5}$/.test(lastSegment);
+    return { path: u.pathname, hasQuery, hasFileExtension };
+  } catch {
+    return null;
+  }
+}
+
+// src/checks/content.ts
+var STRICT_PLACEHOLDER_PATTERNS = [
+  /\bTODO\b/,
+  /\bFIXME\b/,
+  /\bHACK\b/,
+  /\bXXX\b/,
+  /\binsert\s+here\b/i,
+  /\bfill\s+in\b/i,
+  /\bTBD\b/,
+  /\bcoming\s+soon\b/i
+];
+var CONTEXT_SENSITIVE_PLACEHOLDER_PATTERNS = [
+  /\bplaceholder\b/i
+];
+var LOREM_PATTERNS = [
+  /lorem\s+ipsum/i,
+  /dolor\s+sit\s+amet/i,
+  /consectetur\s+adipiscing/i
+];
+var AD_PATTERNS = [
+  /\bbuy\s+now\b/i,
+  /\bfree\s+trial\b/i,
+  /\bdiscount\b/i,
+  /\bpromo\s*code\b/i,
+  /\bsubscribe\s+(to|now)\b/i,
+  /\bsponsored\s+by\b/i,
+  /\baffiliate\s+link\b/i,
+  /\bclick\s+here\s+to\s+(buy|subscribe|download)/i,
+  /\buse\s+code\b.*\b\d+%?\s*off\b/i,
+  /\bcheck\s+out\s+my\b/i
+];
+var contentChecks = {
+  name: "Content Quality",
+  category: "CONT",
+  run(skill) {
+    const results = [];
+    if (!skill.body || skill.body.trim().length === 0) return results;
+    for (let i = 0; i < skill.bodyLines.length; i++) {
+      const line = skill.bodyLines[i];
+      let matched = false;
+      for (const pattern of STRICT_PLACEHOLDER_PATTERNS) {
+        if (pattern.test(line)) {
+          matched = true;
+          break;
+        }
+      }
+      if (!matched) {
+        const inCodeBlk = isInCodeBlock(skill.bodyLines, i);
+        const hasInlineCode = /`[^`]*placeholder[^`]*`/i.test(line);
+        const isTechnicalRef = (
+          // CSS/HTML context
+          /class\s*=\s*["'].*placeholder/i.test(line) || // Compound technical terms
+          /placeholder[_-]?(type|text|image|content|area|location|id|index|name|shape)/i.test(line) || // PPT/slide layout context: placeholder alongside slide/layout terms
+          /\bplaceholder\b.*\b(TITLE|SUBTITLE|BODY|OBJECT|SLIDE|layout|slide|shape|pptx|presentation)/i.test(line) || /\b(TITLE|SUBTITLE|BODY|OBJECT|SLIDE|layout|slide|shape|pptx|presentation)\b.*\bplaceholder\b/i.test(line) || // API/code context: placeholder as a noun in technical documentation
+          /\bplaceholder\s+(areas?|locations?|counts?|slots?|elements?|fields?)\b/i.test(line) || /\b(replace|replacing|replacement)\b.*\bplaceholder\b/i.test(line)
+        );
+        if (!inCodeBlk && !hasInlineCode && !isTechnicalRef) {
+          for (const pattern of CONTEXT_SENSITIVE_PLACEHOLDER_PATTERNS) {
+            if (pattern.test(line)) {
+              matched = true;
+              break;
+            }
+          }
+        }
+      }
+      if (matched) {
+        results.push({
+          id: "CONT-001",
+          category: "CONT",
+          severity: "HIGH",
+          title: "Placeholder content detected",
+          message: `Line ${skill.bodyStartLine + i}: Contains placeholder text.`,
+          line: skill.bodyStartLine + i,
+          snippet: line.trim().slice(0, 120)
+        });
+      }
+    }
+    for (const pattern of LOREM_PATTERNS) {
+      if (pattern.test(skill.body)) {
+        results.push({
+          id: "CONT-002",
+          category: "CONT",
+          severity: "CRITICAL",
+          title: "Lorem ipsum filler text",
+          message: "Body contains lorem ipsum placeholder text."
+        });
+        break;
+      }
+    }
+    checkRepetition(results, skill);
+    checkDescriptionMismatch(results, skill);
+    for (let i = 0; i < skill.bodyLines.length; i++) {
+      const line = skill.bodyLines[i];
+      for (const pattern of AD_PATTERNS) {
+        if (pattern.test(line)) {
+          results.push({
+            id: "CONT-005",
+            category: "CONT",
+            severity: "HIGH",
+            title: "Promotional/advertising content",
+            message: `Line ${skill.bodyStartLine + i}: Contains ad-like content.`,
+            line: skill.bodyStartLine + i,
+            snippet: line.trim().slice(0, 120)
+          });
+          break;
+        }
+      }
+    }
+    checkCodeHeavy(results, skill);
+    checkNameMismatch(results, skill);
+    return results;
+  }
+};
+function checkRepetition(results, skill) {
+  const lines = skill.bodyLines.filter((l) => l.trim().length > 0);
+  if (lines.length < 5) return;
+  const lineCounts = /* @__PURE__ */ new Map();
+  for (const line of lines) {
+    const normalized = line.trim().toLowerCase();
+    lineCounts.set(normalized, (lineCounts.get(normalized) ?? 0) + 1);
+  }
+  let duplicated = 0;
+  for (const count of lineCounts.values()) {
+    if (count > 1) duplicated += count - 1;
+  }
+  const ratio = duplicated / lines.length;
+  if (ratio > 0.5) {
+    results.push({
+      id: "CONT-003",
+      category: "CONT",
+      severity: "MEDIUM",
+      title: "Low information density",
+      message: `${Math.round(ratio * 100)}% of lines are duplicates. Possible filler content.`
+    });
+  }
+}
+function checkDescriptionMismatch(results, skill) {
+  const desc = skill.frontmatter.description;
+  if (!desc || desc.length < 10) return;
+  const descWords = desc.toLowerCase().split(/\W+/).filter((w) => w.length > 4);
+  if (descWords.length === 0) return;
+  const bodyLower = skill.body.toLowerCase();
+  const matched = descWords.filter((w) => bodyLower.includes(w));
+  if (matched.length / descWords.length < 0.2) {
+    results.push({
+      id: "CONT-004",
+      category: "CONT",
+      severity: "MEDIUM",
+      title: "Description/body mismatch",
+      message: "The frontmatter description appears unrelated to the body content."
+    });
+  }
+}
+function checkCodeHeavy(results, skill) {
+  const lines = skill.bodyLines;
+  if (lines.length < 10) return;
+  let inCodeBlock = false;
+  let codeLines = 0;
+  for (const line of lines) {
+    if (line.trim().startsWith("```")) {
+      inCodeBlock = !inCodeBlock;
+      continue;
+    }
+    if (inCodeBlock) codeLines++;
+  }
+  const nonEmptyLines = lines.filter((l) => l.trim().length > 0).length;
+  if (nonEmptyLines > 0 && codeLines / nonEmptyLines > 0.8) {
+    results.push({
+      id: "CONT-006",
+      category: "CONT",
+      severity: "MEDIUM",
+      title: "Body is mostly code examples",
+      message: "Over 80% of body content is in code blocks with minimal instructions."
+    });
+  }
+}
+function checkNameMismatch(results, skill) {
+  const name = skill.frontmatter.name;
+  if (!name) return;
+  const nameWords = name.split(/[-_]/).filter((w) => w.length > 2).map((w) => w.toLowerCase());
+  const bodyLower = skill.body.toLowerCase();
+  const capabilityHints = nameWords.filter(
+    (w) => !["the", "and", "for", "skill", "tool", "helper", "util"].includes(w)
+  );
+  if (capabilityHints.length === 0) return;
+  const matched = capabilityHints.filter((w) => bodyLower.includes(w));
+  if (matched.length === 0 && capabilityHints.length >= 2) {
+    results.push({
+      id: "CONT-007",
+      category: "CONT",
+      severity: "HIGH",
+      title: "Name/body capability mismatch",
+      message: `Skill name "${name}" implies capabilities not found in body content.`
+    });
+  }
+}
+
+// src/utils/unicode.ts
+var ZERO_WIDTH_CHARS = [
+  "\u200B",
+  // ZERO WIDTH SPACE
+  "\u200C",
+  // ZERO WIDTH NON-JOINER
+  "\u200D",
+  // ZERO WIDTH JOINER
+  "\u200E",
+  // LEFT-TO-RIGHT MARK
+  "\u200F",
+  // RIGHT-TO-LEFT MARK
+  "\uFEFF",
+  // ZERO WIDTH NO-BREAK SPACE (BOM)
+  "\u2060",
+  // WORD JOINER
+  "\u2061",
+  // FUNCTION APPLICATION
+  "\u2062",
+  // INVISIBLE TIMES
+  "\u2063",
+  // INVISIBLE SEPARATOR
+  "\u2064"
+  // INVISIBLE PLUS
+];
+var RTL_OVERRIDE_CHARS = [
+  "\u202A",
+  // LEFT-TO-RIGHT EMBEDDING
+  "\u202B",
+  // RIGHT-TO-LEFT EMBEDDING
+  "\u202C",
+  // POP DIRECTIONAL FORMATTING
+  "\u202D",
+  // LEFT-TO-RIGHT OVERRIDE
+  "\u202E",
+  // RIGHT-TO-LEFT OVERRIDE
+  "\u2066",
+  // LEFT-TO-RIGHT ISOLATE
+  "\u2067",
+  // RIGHT-TO-LEFT ISOLATE
+  "\u2068",
+  // FIRST STRONG ISOLATE
+  "\u2069"
+  // POP DIRECTIONAL ISOLATE
+];
+var HOMOGLYPHS = {
+  "\u0410": "A",
+  // Cyrillic А
+  "\u0412": "B",
+  // Cyrillic В
+  "\u0421": "C",
+  // Cyrillic С
+  "\u0415": "E",
+  // Cyrillic Е
+  "\u041D": "H",
+  // Cyrillic Н
+  "\u041A": "K",
+  // Cyrillic К
+  "\u041C": "M",
+  // Cyrillic М
+  "\u041E": "O",
+  // Cyrillic О
+  "\u0420": "P",
+  // Cyrillic Р
+  "\u0422": "T",
+  // Cyrillic Т
+  "\u0425": "X",
+  // Cyrillic Х
+  "\u0430": "a",
+  // Cyrillic а
+  "\u0435": "e",
+  // Cyrillic е
+  "\u043E": "o",
+  // Cyrillic о
+  "\u0440": "p",
+  // Cyrillic р
+  "\u0441": "c",
+  // Cyrillic с
+  "\u0443": "y",
+  // Cyrillic у
+  "\u0445": "x",
+  // Cyrillic х
+  "\u0391": "A",
+  // Greek Α
+  "\u0392": "B",
+  // Greek Β
+  "\u0395": "E",
+  // Greek Ε
+  "\u0397": "H",
+  // Greek Η
+  "\u0399": "I",
+  // Greek Ι
+  "\u039A": "K",
+  // Greek Κ
+  "\u039C": "M",
+  // Greek Μ
+  "\u039D": "N",
+  // Greek Ν
+  "\u039F": "O",
+  // Greek Ο
+  "\u03A1": "P",
+  // Greek Ρ
+  "\u03A4": "T",
+  // Greek Τ
+  "\u03A7": "X",
+  // Greek Χ
+  "\u03BF": "o"
+  // Greek ο
+};
+function findZeroWidthChars(text) {
+  const found = [];
+  for (let i = 0; i < text.length; i++) {
+    if (ZERO_WIDTH_CHARS.includes(text[i])) {
+      found.push({
+        char: text[i],
+        codePoint: "U+" + text[i].charCodeAt(0).toString(16).toUpperCase().padStart(4, "0"),
+        position: i
+      });
+    }
+  }
+  return found;
+}
+function findRTLOverrides(text) {
+  const found = [];
+  for (let i = 0; i < text.length; i++) {
+    if (RTL_OVERRIDE_CHARS.includes(text[i])) {
+      found.push({
+        char: text[i],
+        codePoint: "U+" + text[i].charCodeAt(0).toString(16).toUpperCase().padStart(4, "0"),
+        position: i
+      });
+    }
+  }
+  return found;
+}
+function findHomoglyphs(text) {
+  const found = [];
+  for (let i = 0; i < text.length; i++) {
+    const latin = HOMOGLYPHS[text[i]];
+    if (latin) {
+      found.push({ char: text[i], looksLike: latin, position: i });
+    }
+  }
+  return found;
+}
+
+// src/utils/entropy.ts
+function shannonEntropy(str) {
+  if (str.length === 0) return 0;
+  const freq = /* @__PURE__ */ new Map();
+  for (const ch of str) {
+    freq.set(ch, (freq.get(ch) ?? 0) + 1);
+  }
+  let entropy = 0;
+  const len = str.length;
+  for (const count of freq.values()) {
+    const p = count / len;
+    if (p > 0) {
+      entropy -= p * Math.log2(p);
+    }
+  }
+  return entropy;
+}
+function isBase64Like(str) {
+  if (str.length < 50) return false;
+  return /^[A-Za-z0-9+/=]{50,}$/.test(str.trim());
+}
+function isHexEncoded(str) {
+  if (str.length < 50) return false;
+  return /^(0x)?[0-9a-fA-F]{50,}$/.test(str.trim());
+}
+function tryDecodeBase64(str) {
+  try {
+    const decoded = Buffer.from(str.trim(), "base64").toString("utf-8");
+    const printable = decoded.replace(/[^\x20-\x7E\n\r\t]/g, "");
+    if (printable.length / decoded.length > 0.8) {
+      return decoded;
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+// src/checks/injection.ts
+var SYSTEM_OVERRIDE_PATTERNS = [
+  /ignore\s+(all\s+)?previous\s+instructions/i,
+  /ignore\s+(all\s+)?prior\s+instructions/i,
+  /disregard\s+(all\s+)?previous/i,
+  /forget\s+(all\s+)?previous/i,
+  /you\s+are\s+now\s+a\s+different/i,
+  /new\s+system\s+prompt/i,
+  /override\s+system\s+prompt/i,
+  /your\s+new\s+instructions?\s+(are|is)/i,
+  /from\s+now\s+on,?\s+you\s+(will|must|should)/i,
+  /act\s+as\s+(if|though)\s+your\s+instructions/i
+];
+var TOOL_MANIPULATION_PATTERNS = [
+  /\bresult\s*[:=]\s*["']?success/i,
+  /tool_result/i,
+  /<tool_result>/i,
+  /\breturn\s+["']?(true|success|approved)/i,
+  /permissionDecision\s*[:=]/i
+];
+var TAG_INJECTION_PATTERNS = [
+  /<system>/i,
+  /<\/system>/i,
+  /<\|im_start\|>/i,
+  /<\|im_end\|>/i,
+  /<\|endoftext\|>/i,
+  /<human>/i,
+  /<assistant>/i,
+  /<\|system\|>/i,
+  /<\|user\|>/i,
+  /<\|assistant\|>/i
+];
+var DELIMITER_PATTERNS = [
+  /={5,}/,
+  /-{5,}\s*(system|instruction|prompt)/i,
+  /#{3,}\s*(system|instruction|prompt)/i,
+  /\[SYSTEM\]/i,
+  /\[INST\]/i,
+  /\[\/INST\]/i
+];
+var injectionChecks = {
+  name: "Injection Detection",
+  category: "INJ",
+  run(skill) {
+    const results = [];
+    const fullText = skill.raw;
+    const zeroWidth = findZeroWidthChars(fullText);
+    if (zeroWidth.length > 0) {
+      results.push({
+        id: "INJ-001",
+        category: "INJ",
+        severity: "CRITICAL",
+        title: "Zero-width Unicode characters detected",
+        message: `Found ${zeroWidth.length} zero-width character(s): ${zeroWidth.slice(0, 5).map((z) => z.codePoint).join(", ")}. These can hide malicious content.`
+      });
+    }
+    const homoglyphs = findHomoglyphs(fullText);
+    if (homoglyphs.length > 0) {
+      results.push({
+        id: "INJ-002",
+        category: "INJ",
+        severity: "HIGH",
+        title: "Homoglyph characters detected",
+        message: `Found ${homoglyphs.length} character(s) that mimic Latin letters (e.g. Cyrillic/Greek). Could be used for spoofing.`,
+        snippet: homoglyphs.slice(0, 5).map((h) => `"${h.char}" looks like "${h.looksLike}"`).join(", ")
+      });
+    }
+    const rtl = findRTLOverrides(fullText);
+    if (rtl.length > 0) {
+      results.push({
+        id: "INJ-003",
+        category: "INJ",
+        severity: "CRITICAL",
+        title: "RTL override characters detected",
+        message: `Found ${rtl.length} RTL/bidirectional override character(s): ${rtl.slice(0, 5).map((r) => r.codePoint).join(", ")}. These can manipulate text display direction.`
+      });
+    }
+    for (let i = 0; i < skill.bodyLines.length; i++) {
+      const line = skill.bodyLines[i];
+      const lineNum = skill.bodyStartLine + i;
+      for (const pattern of SYSTEM_OVERRIDE_PATTERNS) {
+        if (pattern.test(line)) {
+          results.push({
+            id: "INJ-004",
+            category: "INJ",
+            severity: "CRITICAL",
+            title: "System prompt override attempt",
+            message: `Line ${lineNum}: Attempts to override system instructions.`,
+            line: lineNum,
+            snippet: line.trim().slice(0, 120)
+          });
+          break;
+        }
+      }
+      for (const pattern of TOOL_MANIPULATION_PATTERNS) {
+        if (pattern.test(line)) {
+          results.push({
+            id: "INJ-005",
+            category: "INJ",
+            severity: "HIGH",
+            title: "Tool output manipulation",
+            message: `Line ${lineNum}: Attempts to manipulate tool results.`,
+            line: lineNum,
+            snippet: line.trim().slice(0, 120)
+          });
+          break;
+        }
+      }
+      for (const pattern of TAG_INJECTION_PATTERNS) {
+        if (pattern.test(line)) {
+          results.push({
+            id: "INJ-007",
+            category: "INJ",
+            severity: "CRITICAL",
+            title: "Tag injection detected",
+            message: `Line ${lineNum}: Contains special model/system tags.`,
+            line: lineNum,
+            snippet: line.trim().slice(0, 120)
+          });
+          break;
+        }
+      }
+      for (const pattern of DELIMITER_PATTERNS) {
+        if (pattern.test(line)) {
+          results.push({
+            id: "INJ-009",
+            category: "INJ",
+            severity: "MEDIUM",
+            title: "Delimiter confusion pattern",
+            message: `Line ${lineNum}: Uses patterns that could confuse model context boundaries.`,
+            line: lineNum,
+            snippet: line.trim().slice(0, 120)
+          });
+          break;
+        }
+      }
+    }
+    const commentRegex = /<!--([\s\S]*?)-->/g;
+    let commentMatch;
+    while ((commentMatch = commentRegex.exec(fullText)) !== null) {
+      const commentBody = commentMatch[1];
+      if (hasInstructionLikeContent(commentBody)) {
+        const lineNum = fullText.slice(0, commentMatch.index).split("\n").length;
+        results.push({
+          id: "INJ-006",
+          category: "INJ",
+          severity: "HIGH",
+          title: "Hidden instructions in HTML comment",
+          message: `Line ${lineNum}: HTML comment contains instruction-like content.`,
+          line: lineNum,
+          snippet: commentBody.trim().slice(0, 120)
+        });
+      }
+    }
+    const base64Regex = /[A-Za-z0-9+/=]{60,}/g;
+    let b64Match;
+    while ((b64Match = base64Regex.exec(skill.body)) !== null) {
+      const candidate = b64Match[0];
+      if (isBase64Like(candidate)) {
+        const decoded = tryDecodeBase64(candidate);
+        if (decoded && hasInstructionLikeContent(decoded)) {
+          const lineNum = skill.bodyStartLine + skill.body.slice(0, b64Match.index).split("\n").length - 1;
+          results.push({
+            id: "INJ-008",
+            category: "INJ",
+            severity: "CRITICAL",
+            title: "Encoded instructions detected",
+            message: `Line ${lineNum}: Base64 string decodes to instruction-like content.`,
+            line: lineNum,
+            snippet: decoded.slice(0, 120)
+          });
+        }
+      }
+    }
+    return dedup(results);
+  }
+};
+function hasInstructionLikeContent(text) {
+  const instructionPatterns = [
+    /you\s+(must|should|will|are)/i,
+    /ignore\s+previous/i,
+    /execute\s+the\s+following/i,
+    /run\s+this\s+command/i,
+    /\bsudo\b/i,
+    /\brm\s+-rf\b/i,
+    /\bcurl\b.*\bsh\b/i,
+    /\beval\b/i,
+    /\bexec\b/i
+  ];
+  return instructionPatterns.some((p) => p.test(text));
+}
+function dedup(results) {
+  const seen = /* @__PURE__ */ new Set();
+  return results.filter((r) => {
+    const key = `${r.id}:${r.line ?? ""}`;
+    if (seen.has(key)) return false;
+    seen.add(key);
+    return true;
+  });
+}
+
+// src/checks/code-safety.ts
+var EVAL_PATTERNS = [
+  /\beval\s*\(/,
+  /\bexec\s*\(/,
+  /\bnew\s+Function\s*\(/,
+  /\bsetTimeout\s*\(\s*["'`]/,
+  /\bsetInterval\s*\(\s*["'`]/
+];
+var SHELL_EXEC_PATTERNS = [
+  /\bchild_process\b/,
+  /\bexecSync\b/,
+  /\bspawnSync\b/,
+  /\bos\.system\s*\(/,
+  /\bsubprocess\.(run|call|Popen)\s*\(/,
+  /(?<!\bplatform\.)\bsystem\s*\(/,
+  // exclude platform.system()
+  /`[^`]*\$\([^)]+\)[^`]*`/
+  // backtick with command substitution
+];
+var SHELL_EXEC_FALSE_POSITIVES = [
+  /\bplatform\.system\s*\(\s*\)/
+  // Python: just reads OS name
+];
+var DESTRUCTIVE_PATTERNS = [
+  /\brm\s+-rf\b/,
+  /\brm\s+-r\b/,
+  /\brmdir\b/,
+  /\bunlink\s*\(/,
+  /\bfs\.rm(Sync)?\s*\(/,
+  /\bshutil\.rmtree\s*\(/,
+  /\bdel\s+\/[sf]/i,
+  /\bformat\s+[a-z]:/i
+];
+var NETWORK_PATTERNS = [
+  /\bfetch\s*\(\s*["'`]https?:\/\//,
+  /\baxios\.(get|post|put|delete)\s*\(\s*["'`]https?:\/\//,
+  /\bcurl\s+/,
+  /\bwget\s+/,
+  /\brequests?\.(get|post)\s*\(/,
+  /\bhttp\.get\s*\(/,
+  /\bURLSession\b/
+];
+var FILE_WRITE_PATTERNS = [
+  /\bfs\.writeFile(Sync)?\s*\(\s*["'`]\//,
+  /\bopen\s*\(\s*["'`]\/[^"'`]+["'`]\s*,\s*["'`]w/,
+  />\s*\/etc\//,
+  />\s*\/usr\//,
+  />\s*~\//,
+  />\s*\$HOME\//
+];
+var ENV_ACCESS_PATTERNS = [
+  /process\.env\b/,
+  /\bos\.environ\b/,
+  /\bgetenv\s*\(/,
+  /\$\{?\w*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|API_KEY)\w*\}?/i
+];
+var DYNAMIC_CODE_PATTERNS = [
+  /\bcompile\s*\(/,
+  /\bcodegen\b/i,
+  /\bimport\s*\(\s*[^"'`\s]/,
+  /\brequire\s*\(\s*[^"'`\s]/,
+  /\b__import__\s*\(/
+];
+var PERMISSION_PATTERNS = [
+  /\bchmod\s+[+0-9]/,
+  /\bchown\b/,
+  /\bsudo\b/,
+  /\bdoas\b/,
+  /\bsetuid\b/,
+  /\bsetgid\b/
+];
+var codeSafetyChecks = {
+  name: "Code Safety",
+  category: "CODE",
+  run(skill) {
+    const results = [];
+    const textSources = getTextSources(skill);
+    for (const { text, source } of textSources) {
+      const lines = text.split("\n");
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const lineNum = i + 1;
+        const loc = `${source}:${lineNum}`;
+        checkPatterns(results, line, EVAL_PATTERNS, {
+          id: "CODE-001",
+          severity: "CRITICAL",
+          title: "eval/exec/Function constructor",
+          loc,
+          lineNum
+        });
+        if (!SHELL_EXEC_FALSE_POSITIVES.some((p) => p.test(line))) {
+          checkPatterns(results, line, SHELL_EXEC_PATTERNS, {
+            id: "CODE-002",
+            severity: "CRITICAL",
+            title: "Shell/subprocess execution",
+            loc,
+            lineNum
+          });
+        }
+        checkPatterns(results, line, DESTRUCTIVE_PATTERNS, {
+          id: "CODE-003",
+          severity: "CRITICAL",
+          title: "Destructive file operation",
+          loc,
+          lineNum
+        });
+        checkPatterns(results, line, NETWORK_PATTERNS, {
+          id: "CODE-004",
+          severity: "HIGH",
+          title: "Hardcoded external URL/network request",
+          loc,
+          lineNum
+        });
+        checkPatterns(results, line, FILE_WRITE_PATTERNS, {
+          id: "CODE-005",
+          severity: "HIGH",
+          title: "File write outside expected directory",
+          loc,
+          lineNum
+        });
+        checkPatterns(results, line, ENV_ACCESS_PATTERNS, {
+          id: "CODE-006",
+          severity: "MEDIUM",
+          title: "Environment variable access",
+          loc,
+          lineNum
+        });
+        checkPatterns(results, line, DYNAMIC_CODE_PATTERNS, {
+          id: "CODE-010",
+          severity: "HIGH",
+          title: "Dynamic code generation pattern",
+          loc,
+          lineNum
+        });
+        {
+          const srcLines = text.split("\n");
+          const isDoc = isInDocumentationContext(srcLines, i);
+          if (!isDoc) {
+            checkPatterns(results, line, PERMISSION_PATTERNS, {
+              id: "CODE-012",
+              severity: "HIGH",
+              title: "Permission escalation",
+              loc,
+              lineNum
+            });
+          }
+        }
+      }
+      scanEncodedStrings(results, text, source);
+      scanObfuscation(results, text, source);
+    }
+    return results;
+  }
+};
+function checkPatterns(results, line, patterns, opts) {
+  for (const pattern of patterns) {
+    if (pattern.test(line)) {
+      results.push({
+        id: opts.id,
+        category: "CODE",
+        severity: opts.severity,
+        title: opts.title,
+        message: `At ${opts.loc}: ${line.trim().slice(0, 120)}`,
+        line: opts.lineNum,
+        snippet: line.trim().slice(0, 120)
+      });
+      return;
+    }
+  }
+}
+function getTextSources(skill) {
+  const sources = [
+    { text: skill.body, source: "SKILL.md" }
+  ];
+  for (const file of skill.files) {
+    if (file.content && file.path !== "SKILL.md") {
+      sources.push({ text: file.content, source: file.path });
+    }
+  }
+  return sources;
+}
+function scanEncodedStrings(results, text, source) {
+  const longStringRegex = /[A-Za-z0-9+/=]{50,}|(?:0x)?[0-9a-fA-F]{50,}/g;
+  let match;
+  while ((match = longStringRegex.exec(text)) !== null) {
+    const str = match[0];
+    if (isBase64Like(str) || isHexEncoded(str)) {
+      const lineNum = text.slice(0, match.index).split("\n").length;
+      results.push({
+        id: "CODE-007",
+        category: "CODE",
+        severity: "HIGH",
+        title: "Long encoded string",
+        message: `${source}:${lineNum}: Found ${str.length}-char encoded string.`,
+        line: lineNum,
+        snippet: str.slice(0, 80) + "..."
+      });
+    }
+  }
+  const wordRegex = /\b[A-Za-z0-9_]{20,}\b/g;
+  while ((match = wordRegex.exec(text)) !== null) {
+    const entropy = shannonEntropy(match[0]);
+    if (entropy > 4.5) {
+      const lineNum = text.slice(0, match.index).split("\n").length;
+      results.push({
+        id: "CODE-008",
+        category: "CODE",
+        severity: "MEDIUM",
+        title: "High entropy string",
+        message: `${source}:${lineNum}: String "${match[0].slice(0, 30)}..." has entropy ${entropy.toFixed(2)} bits/char.`,
+        line: lineNum
+      });
+    }
+  }
+  const multiEncodingPatterns = [
+    /atob\s*\(\s*atob/i,
+    /base64.*decode.*base64.*decode/i,
+    /Buffer\.from\(.*Buffer\.from/,
+    /decode.*decode.*decode/i
+  ];
+  for (const pattern of multiEncodingPatterns) {
+    if (pattern.test(text)) {
+      results.push({
+        id: "CODE-009",
+        category: "CODE",
+        severity: "CRITICAL",
+        title: "Multi-layer encoding detected",
+        message: `${source}: Contains nested encoding/decoding operations.`
+      });
+      break;
+    }
+  }
+}
+function scanObfuscation(results, text, source) {
+  const obfuscatedVarRegex = /\b_0x[0-9a-f]{2,}\b/g;
+  const obfMatches = text.match(obfuscatedVarRegex);
+  if (obfMatches && obfMatches.length >= 3) {
+    results.push({
+      id: "CODE-011",
+      category: "CODE",
+      severity: "MEDIUM",
+      title: "Obfuscated variable names",
+      message: `${source}: Found ${obfMatches.length} hex-style variable names (e.g. ${obfMatches[0]}). May indicate obfuscated code.`
+    });
+  }
+}
+
+// src/checks/supply-chain.ts
+var SUSPICIOUS_DOMAINS = [
+  "evil.com",
+  "malware.com",
+  "exploit.in",
+  "darkweb.onion",
+  "pastebin.com",
+  // often used for payload hosting
+  "ngrok.io",
+  // tunneling service
+  "requestbin.com",
+  "webhook.site",
+  "pipedream.net",
+  "burpcollaborator.net",
+  "interact.sh",
+  "oastify.com"
+];
+var MCP_SERVER_PATTERN = /\bmcp[-_]?server\b/i;
+var NPX_Y_PATTERN = /\bnpx\s+-y\s+/;
+var NPM_INSTALL_PATTERN = /\bnpm\s+install\b/;
+var PIP_INSTALL_PATTERN = /\bpip3?\s+install\b/;
+var GIT_CLONE_PATTERN = /\bgit\s+clone\b/;
+var URL_PATTERN = /https?:\/\/[^\s"'`<>)\]]+/g;
+var IP_URL_PATTERN = /https?:\/\/(?:\d{1,3}\.){3}\d{1,3}/;
+var supplyChainChecks = {
+  name: "Supply Chain",
+  category: "SUPPLY",
+  run(skill) {
+    const results = [];
+    const allText = getAllText(skill);
+    for (let i = 0; i < allText.length; i++) {
+      const { line, lineNum, source } = allText[i];
+      if (MCP_SERVER_PATTERN.test(line)) {
+        results.push({
+          id: "SUPPLY-001",
+          category: "SUPPLY",
+          severity: "HIGH",
+          title: "MCP server reference",
+          message: `${source}:${lineNum}: References an MCP server. Verify it is from a trusted source.`,
+          line: lineNum,
+          snippet: line.trim().slice(0, 120)
+        });
+      }
+      if (NPX_Y_PATTERN.test(line)) {
+        results.push({
+          id: "SUPPLY-002",
+          category: "SUPPLY",
+          severity: "MEDIUM",
+          title: "npx -y auto-install",
+          message: `${source}:${lineNum}: Uses npx -y which auto-installs packages without confirmation.`,
+          line: lineNum,
+          snippet: line.trim().slice(0, 120)
+        });
+      }
+      if (NPM_INSTALL_PATTERN.test(line) || PIP_INSTALL_PATTERN.test(line)) {
+        const allLines = getAllLines(skill);
+        const globalIdx = findGlobalLineIndex(allLines, source, lineNum);
+        const isDoc = globalIdx >= 0 && isInDocumentationContext(
+          allLines.map((l) => l.line),
+          globalIdx
+        );
+        if (!isDoc) {
+          results.push({
+            id: "SUPPLY-003",
+            category: "SUPPLY",
+            severity: "HIGH",
+            title: "Package installation command",
+            message: `${source}:${lineNum}: Installs packages. Verify package names are legitimate.`,
+            line: lineNum,
+            snippet: line.trim().slice(0, 120)
+          });
+        }
+      }
+      if (GIT_CLONE_PATTERN.test(line)) {
+        results.push({
+          id: "SUPPLY-006",
+          category: "SUPPLY",
+          severity: "MEDIUM",
+          title: "git clone command",
+          message: `${source}:${lineNum}: Clones a git repository. Verify the source.`,
+          line: lineNum,
+          snippet: line.trim().slice(0, 120)
+        });
+      }
+      const urls = line.match(URL_PATTERN) || [];
+      for (const url of urls) {
+        if (url.startsWith("http://")) {
+          if (!isNamespaceOrSchemaURI(url, line)) {
+            const isNetworkCtx = isInNetworkRequestContext(line);
+            results.push({
+              id: "SUPPLY-004",
+              category: "SUPPLY",
+              severity: isNetworkCtx ? "HIGH" : "MEDIUM",
+              title: "Non-HTTPS URL",
+              message: `${source}:${lineNum}: Uses insecure HTTP: ${url}`,
+              line: lineNum,
+              snippet: url
+            });
+          }
+        }
+        if (IP_URL_PATTERN.test(url)) {
+          if (!/https?:\/\/127\.0\.0\.1/.test(url) && !/https?:\/\/0\.0\.0\.0/.test(url)) {
+            results.push({
+              id: "SUPPLY-005",
+              category: "SUPPLY",
+              severity: "CRITICAL",
+              title: "IP address used instead of domain",
+              message: `${source}:${lineNum}: Uses raw IP address: ${url}. This may bypass DNS-based security.`,
+              line: lineNum,
+              snippet: url
+            });
+          }
+        }
+        for (const domain of SUSPICIOUS_DOMAINS) {
+          if (url.includes(domain)) {
+            results.push({
+              id: "SUPPLY-007",
+              category: "SUPPLY",
+              severity: "CRITICAL",
+              title: "Suspicious domain detected",
+              message: `${source}:${lineNum}: References suspicious domain "${domain}".`,
+              line: lineNum,
+              snippet: url
+            });
+            break;
+          }
+        }
+      }
+    }
+    return results;
+  }
+};
+function getAllText(skill) {
+  const result = [];
+  for (let i = 0; i < skill.bodyLines.length; i++) {
+    result.push({
+      line: skill.bodyLines[i],
+      lineNum: skill.bodyStartLine + i,
+      source: "SKILL.md"
+    });
+  }
+  for (const file of skill.files) {
+    if (file.content && file.path !== "SKILL.md") {
+      const lines = file.content.split("\n");
+      for (let i = 0; i < lines.length; i++) {
+        result.push({ line: lines[i], lineNum: i + 1, source: file.path });
+      }
+    }
+  }
+  return result;
+}
+function getAllLines(skill) {
+  return getAllText(skill);
+}
+function findGlobalLineIndex(allLines, source, lineNum) {
+  return allLines.findIndex(
+    (l) => l.source === source && l.lineNum === lineNum
+  );
+}
+
+// src/checks/resource.ts
+var AMPLIFICATION_PATTERNS = [
+  /\brepeat\s+(this|the\s+above)\s+\d+\s+times\b/i,
+  /\bdo\s+this\s+forever\b/i,
+  /\binfinite\s+loop\b/i,
+  /\bwhile\s*\(\s*true\s*\)/,
+  /\bfor\s*\(\s*;;\s*\)/,
+  /\brecursively\s+(apply|run|execute|call)/i,
+  /\bkeep\s+(running|doing|executing)\s+until/i
+];
+var UNRESTRICTED_TOOL_PATTERNS = [
+  /\bBash\s*\(\s*\*\s*\)/,
+  /allowed[_-]?tools\s*:\s*\[?\s*["']?\*["']?\s*\]?/i,
+  /\ball\s+tools\b/i,
+  /\bunrestricted\s+access\b/i,
+  /\bfull\s+access\b/i
+];
+var DISABLE_SAFETY_PATTERNS = [
+  /\bdisable\s+(safety|security|checks?|hooks?|guard)/i,
+  /\bbypass\s+(safety|security|checks?|hooks?|guard)/i,
+  /\bskip\s+(safety|security|checks?|hooks?|guard|verification)/i,
+  /\bturn\s+off\s+(safety|security|checks?|hooks?)/i,
+  /--no-verify\b/,
+  /--force\b/,
+  /--skip-hooks?\b/
+];
+var IGNORE_RULES_PATTERNS = [
+  /\bignore\s+(the\s+)?CLAUDE\.md\b/i,
+  /\bignore\s+(the\s+)?project\s+rules?\b/i,
+  /\bignore\s+(the\s+)?\.claude\b/i,
+  /\boverride\s+(the\s+)?project\s+(settings?|config|rules?)\b/i,
+  /\bdo\s+not\s+(follow|obey|respect)\s+(the\s+)?(project|CLAUDE)/i,
+  /\bdisregard\s+(the\s+)?(project|CLAUDE)\s+(rules?|config|settings?)/i
+];
+var TOKEN_WASTE_PATTERNS = [
+  /\brepeat\s+(every|each)\s+(response|answer|reply)/i,
+  /\balways\s+(start|begin|end)\s+(every|each)\s+(response|answer|reply)\s+with/i,
+  /\binclude\s+this\s+(text|message|string)\s+in\s+(every|each|all)/i,
+  /\bprint\s+(the\s+)?full\s+(source|code|file)\s+(every|each)\s+time/i
+];
+var resourceChecks = {
+  name: "Resource Abuse",
+  category: "RES",
+  run(skill) {
+    const results = [];
+    for (let i = 0; i < skill.bodyLines.length; i++) {
+      const line = skill.bodyLines[i];
+      const lineNum = skill.bodyStartLine + i;
+      for (const pattern of AMPLIFICATION_PATTERNS) {
+        if (pattern.test(line)) {
+          results.push({
+            id: "RES-001",
+            category: "RES",
+            severity: "HIGH",
+            title: "Instruction amplification",
+            message: `Line ${lineNum}: Contains recursive/repetitive task pattern.`,
+            line: lineNum,
+            snippet: line.trim().slice(0, 120)
+          });
+          break;
+        }
+      }
+      for (const pattern of UNRESTRICTED_TOOL_PATTERNS) {
+        if (pattern.test(line)) {
+          results.push({
+            id: "RES-002",
+            category: "RES",
+            severity: "CRITICAL",
+            title: "Unrestricted tool access requested",
+            message: `Line ${lineNum}: Requests broad/unrestricted tool access.`,
+            line: lineNum,
+            snippet: line.trim().slice(0, 120)
+          });
+          break;
+        }
+      }
+      for (const pattern of DISABLE_SAFETY_PATTERNS) {
+        if (pattern.test(line)) {
+          results.push({
+            id: "RES-004",
+            category: "RES",
+            severity: "CRITICAL",
+            title: "Attempts to disable safety checks",
+            message: `Line ${lineNum}: Instructs disabling of safety mechanisms.`,
+            line: lineNum,
+            snippet: line.trim().slice(0, 120)
+          });
+          break;
+        }
+      }
+      for (const pattern of TOKEN_WASTE_PATTERNS) {
+        if (pattern.test(line)) {
+          results.push({
+            id: "RES-005",
+            category: "RES",
+            severity: "MEDIUM",
+            title: "Token waste pattern",
+            message: `Line ${lineNum}: Contains instructions that waste tokens.`,
+            line: lineNum,
+            snippet: line.trim().slice(0, 120)
+          });
+          break;
+        }
+      }
+      for (const pattern of IGNORE_RULES_PATTERNS) {
+        if (pattern.test(line)) {
+          results.push({
+            id: "RES-006",
+            category: "RES",
+            severity: "CRITICAL",
+            title: "Attempts to ignore project rules",
+            message: `Line ${lineNum}: Instructs ignoring CLAUDE.md or project configuration.`,
+            line: lineNum,
+            snippet: line.trim().slice(0, 120)
+          });
+          break;
+        }
+      }
+    }
+    const allowedTools = skill.frontmatter["allowed-tools"];
+    if (Array.isArray(allowedTools) && allowedTools.length > 15) {
+      results.push({
+        id: "RES-003",
+        category: "RES",
+        severity: "MEDIUM",
+        title: "Excessive allowed-tools list",
+        message: `Frontmatter declares ${allowedTools.length} allowed tools. This is unusually broad.`
+      });
+    }
+    if (Array.isArray(allowedTools)) {
+      for (const tool of allowedTools) {
+        if (typeof tool !== "string") continue;
+        for (const pattern of UNRESTRICTED_TOOL_PATTERNS) {
+          if (pattern.test(tool)) {
+            results.push({
+              id: "RES-002",
+              category: "RES",
+              severity: "CRITICAL",
+              title: "Unrestricted tool access requested",
+              message: `Frontmatter allowed-tools contains dangerous pattern: "${tool}"`,
+              snippet: tool.slice(0, 120)
+            });
+            break;
+          }
+        }
+      }
+    }
+    return results;
+  }
+};
+
+// src/ioc/index.ts
+import { readFileSync as readFileSync2, existsSync as existsSync2 } from "fs";
+import { join as join2 } from "path";
+import { homedir } from "os";
+
+// src/ioc/indicators.ts
+var DEFAULT_IOC = {
+  version: "2026.03.06",
+  updated: "2026-03-06",
+  c2_ips: [
+    "91.92.242.30",
+    "91.92.242.39",
+    "185.220.101.1",
+    "185.220.101.2",
+    "45.155.205.233"
+  ],
+  malicious_hashes: {
+    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855": "clawhavoc-empty-payload",
+    "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2": "clawhavoc-exfiltrator"
+  },
+  malicious_domains: [
+    "webhook.site",
+    "requestbin.com",
+    "pipedream.com",
+    "pipedream.net",
+    "hookbin.com",
+    "beeceptor.com",
+    "ngrok.io",
+    "ngrok-free.app",
+    "serveo.net",
+    "localtunnel.me",
+    "bore.pub",
+    "interact.sh",
+    "oast.fun",
+    "oastify.com",
+    "dnslog.cn",
+    "ceye.io",
+    "burpcollaborator.net",
+    "pastebin.com",
+    "paste.ee",
+    "hastebin.com",
+    "ghostbin.com",
+    "evil.com",
+    "malware.com",
+    "exploit.in"
+  ],
+  typosquat: {
+    known_patterns: [
+      "clawhub1",
+      "cllawhub",
+      "clawhab",
+      "moltbot",
+      "claw-hub",
+      "clawhub-pro"
+    ],
+    protected_names: [
+      "clawhub",
+      "secureclaw",
+      "openclaw",
+      "clawbot",
+      "claude",
+      "anthropic",
+      "skill-checker"
+    ]
+  },
+  malicious_publishers: [
+    "clawhavoc",
+    "phantom-tracker",
+    "solana-wallet-drainer"
+  ]
+};
+
+// src/ioc/index.ts
+var cachedIOC = null;
+function loadIOC() {
+  if (cachedIOC) return cachedIOC;
+  const ioc = structuredClone(DEFAULT_IOC);
+  const overridePath = join2(
+    homedir(),
+    ".config",
+    "skill-checker",
+    "ioc-override.json"
+  );
+  if (existsSync2(overridePath)) {
+    try {
+      const raw = readFileSync2(overridePath, "utf-8");
+      const ext = JSON.parse(raw);
+      mergeIOC(ioc, ext);
+    } catch {
+    }
+  }
+  cachedIOC = ioc;
+  return ioc;
+}
+function resetIOCCache() {
+  cachedIOC = null;
+}
+function mergeIOC(base, ext) {
+  if (ext.c2_ips) {
+    base.c2_ips = dedupe([...base.c2_ips, ...ext.c2_ips]);
+  }
+  if (ext.malicious_hashes) {
+    Object.assign(base.malicious_hashes, ext.malicious_hashes);
+  }
+  if (ext.malicious_domains) {
+    base.malicious_domains = dedupe([
+      ...base.malicious_domains,
+      ...ext.malicious_domains
+    ]);
+  }
+  if (ext.typosquat) {
+    if (ext.typosquat.known_patterns) {
+      base.typosquat.known_patterns = dedupe([
+        ...base.typosquat.known_patterns,
+        ...ext.typosquat.known_patterns
+      ]);
+    }
+    if (ext.typosquat.protected_names) {
+      base.typosquat.protected_names = dedupe([
+        ...base.typosquat.protected_names,
+        ...ext.typosquat.protected_names
+      ]);
+    }
+  }
+  if (ext.malicious_publishers) {
+    base.malicious_publishers = dedupe([
+      ...base.malicious_publishers,
+      ...ext.malicious_publishers
+    ]);
+  }
+  if (ext.version) base.version = ext.version;
+  if (ext.updated) base.updated = ext.updated;
+}
+function dedupe(arr) {
+  return [...new Set(arr)];
+}
+
+// src/ioc/matcher.ts
+import { createHash } from "crypto";
+import { readFileSync as readFileSync3 } from "fs";
+import { join as join3 } from "path";
+
+// src/utils/levenshtein.ts
+function levenshtein(a, b) {
+  if (a === b) return 0;
+  if (a.length === 0) return b.length;
+  if (b.length === 0) return a.length;
+  if (a.length > b.length) [a, b] = [b, a];
+  const aLen = a.length;
+  const bLen = b.length;
+  let prev = new Array(aLen + 1);
+  let curr = new Array(aLen + 1);
+  for (let i = 0; i <= aLen; i++) prev[i] = i;
+  for (let j = 1; j <= bLen; j++) {
+    curr[0] = j;
+    for (let i = 1; i <= aLen; i++) {
+      const cost = a[i - 1] === b[j - 1] ? 0 : 1;
+      curr[i] = Math.min(
+        prev[i] + 1,
+        // deletion
+        curr[i - 1] + 1,
+        // insertion
+        prev[i - 1] + cost
+        // substitution
+      );
+    }
+    [prev, curr] = [curr, prev];
+  }
+  return prev[aLen];
+}
+
+// src/ioc/matcher.ts
+var IPV4_PATTERN = /\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b/g;
+function isPrivateIP(ip) {
+  const parts = ip.split(".").map(Number);
+  if (parts.length !== 4 || parts.some((p) => p < 0 || p > 255)) return true;
+  if (parts[0] === 127) return true;
+  if (parts[0] === 10) return true;
+  if (parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31) return true;
+  if (parts[0] === 192 && parts[1] === 168) return true;
+  if (parts.every((p) => p === 0)) return true;
+  if (parts[0] === 169 && parts[1] === 254) return true;
+  return false;
+}
+function matchMaliciousHashes(skill, ioc) {
+  const matches = [];
+  const hashKeys = Object.keys(ioc.malicious_hashes);
+  if (hashKeys.length === 0) return matches;
+  for (const file of skill.files) {
+    const filePath = join3(skill.dirPath, file.path);
+    try {
+      const content = readFileSync3(filePath);
+      const hash = createHash("sha256").update(content).digest("hex");
+      if (ioc.malicious_hashes[hash]) {
+        matches.push({
+          file: file.path,
+          hash,
+          description: ioc.malicious_hashes[hash]
+        });
+      }
+    } catch {
+    }
+  }
+  return matches;
+}
+function matchC2IPs(skill, ioc) {
+  const matches = [];
+  if (ioc.c2_ips.length === 0) return matches;
+  const c2Set = new Set(ioc.c2_ips);
+  const allText = getAllText2(skill);
+  for (const { line, lineNum, source } of allText) {
+    let m;
+    const re = new RegExp(IPV4_PATTERN.source, "g");
+    while ((m = re.exec(line)) !== null) {
+      const ip = m[1];
+      if (!isPrivateIP(ip) && c2Set.has(ip)) {
+        matches.push({
+          ip,
+          line: lineNum,
+          source,
+          snippet: line.trim().slice(0, 120)
+        });
+      }
+    }
+  }
+  return matches;
+}
+function matchTyposquat(skillName, ioc) {
+  if (!skillName) return null;
+  const name = skillName.toLowerCase().trim();
+  for (const pattern of ioc.typosquat.known_patterns) {
+    if (name === pattern.toLowerCase()) {
+      return { type: "known", target: pattern };
+    }
+  }
+  for (const protected_name of ioc.typosquat.protected_names) {
+    const pn = protected_name.toLowerCase();
+    if (name === pn) continue;
+    const dist = levenshtein(name, pn);
+    if (dist > 0 && dist <= 2) {
+      return { type: "similar", target: protected_name, distance: dist };
+    }
+  }
+  return null;
+}
+function getAllText2(skill) {
+  const result = [];
+  for (let i = 0; i < skill.bodyLines.length; i++) {
+    result.push({
+      line: skill.bodyLines[i],
+      lineNum: skill.bodyStartLine + i,
+      source: "SKILL.md"
+    });
+  }
+  for (const file of skill.files) {
+    if (file.content && file.path !== "SKILL.md") {
+      const lines = file.content.split("\n");
+      for (let i = 0; i < lines.length; i++) {
+        result.push({ line: lines[i], lineNum: i + 1, source: file.path });
+      }
+    }
+  }
+  return result;
+}
+
+// src/checks/ioc.ts
+var iocChecks = {
+  name: "IOC Threat Intelligence",
+  category: "SUPPLY",
+  run(skill) {
+    const results = [];
+    const ioc = loadIOC();
+    const hashMatches = matchMaliciousHashes(skill, ioc);
+    for (const match of hashMatches) {
+      results.push({
+        id: "SUPPLY-008",
+        category: "SUPPLY",
+        severity: "CRITICAL",
+        title: "Known malicious file hash",
+        message: `File "${match.file}" matches known malicious hash: ${match.description}`,
+        snippet: match.hash
+      });
+    }
+    const ipMatches = matchC2IPs(skill, ioc);
+    for (const match of ipMatches) {
+      results.push({
+        id: "SUPPLY-009",
+        category: "SUPPLY",
+        severity: "CRITICAL",
+        title: "Known C2 IP address",
+        message: `${match.source}:${match.line}: Contains known C2 server IP: ${match.ip}`,
+        line: match.line,
+        snippet: match.snippet
+      });
+    }
+    const skillName = skill.frontmatter.name;
+    if (skillName) {
+      const typoMatch = matchTyposquat(skillName, ioc);
+      if (typoMatch) {
+        if (typoMatch.type === "known") {
+          results.push({
+            id: "SUPPLY-010",
+            category: "SUPPLY",
+            severity: "CRITICAL",
+            title: "Known typosquat name",
+            message: `Skill name "${skillName}" matches known typosquat pattern "${typoMatch.target}".`,
+            snippet: skillName
+          });
+        } else {
+          results.push({
+            id: "SUPPLY-010",
+            category: "SUPPLY",
+            severity: "HIGH",
+            title: "Possible typosquat name",
+            message: `Skill name "${skillName}" is similar to protected name "${typoMatch.target}" (edit distance: ${typoMatch.distance}).`,
+            snippet: skillName
+          });
+        }
+      }
+    }
+    return results;
+  }
+};
+
+// src/checks/index.ts
+var ALL_MODULES = [
+  structuralChecks,
+  contentChecks,
+  injectionChecks,
+  codeSafetyChecks,
+  supplyChainChecks,
+  resourceChecks,
+  iocChecks
+];
+function runAllChecks(skill) {
+  const results = [];
+  for (const mod of ALL_MODULES) {
+    results.push(...mod.run(skill));
+  }
+  return results;
+}
+
+// src/types.ts
+var SEVERITY_SCORES = {
+  CRITICAL: 25,
+  HIGH: 10,
+  MEDIUM: 3,
+  LOW: 1
+};
+function computeGrade(score) {
+  if (score >= 90) return "A";
+  if (score >= 75) return "B";
+  if (score >= 60) return "C";
+  if (score >= 40) return "D";
+  return "F";
+}
+var DEFAULT_CONFIG = {
+  policy: "balanced",
+  overrides: {},
+  ignore: []
+};
+function getHookAction(policy, severity) {
+  const matrix = {
+    strict: {
+      CRITICAL: "deny",
+      HIGH: "deny",
+      MEDIUM: "ask",
+      LOW: "report"
+    },
+    balanced: {
+      CRITICAL: "deny",
+      HIGH: "ask",
+      MEDIUM: "report",
+      LOW: "report"
+    },
+    permissive: {
+      CRITICAL: "ask",
+      HIGH: "report",
+      MEDIUM: "report",
+      LOW: "report"
+    }
+  };
+  return matrix[policy][severity];
+}
+
+// src/scanner.ts
+function scanSkillDirectory(dirPath, config = DEFAULT_CONFIG) {
+  const skill = parseSkill(dirPath);
+  return buildReport(skill, config);
+}
+function scanSkillContent(content, config = DEFAULT_CONFIG) {
+  const skill = parseSkillContent(content);
+  return buildReport(skill, config);
+}
+function buildReport(skill, config) {
+  let results = runAllChecks(skill);
+  results = results.map((r) => {
+    if (config.overrides[r.id]) {
+      return { ...r, severity: config.overrides[r.id] };
+    }
+    return r;
+  });
+  results = results.filter((r) => !config.ignore.includes(r.id));
+  const score = calculateScore(results);
+  const grade = computeGrade(score);
+  const summary = {
+    total: results.length,
+    critical: results.filter((r) => r.severity === "CRITICAL").length,
+    high: results.filter((r) => r.severity === "HIGH").length,
+    medium: results.filter((r) => r.severity === "MEDIUM").length,
+    low: results.filter((r) => r.severity === "LOW").length
+  };
+  return {
+    skillPath: skill.dirPath,
+    skillName: skill.frontmatter.name ?? "unknown",
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    results,
+    score,
+    grade,
+    summary
+  };
+}
+function calculateScore(results) {
+  let score = 100;
+  for (const r of results) {
+    score -= SEVERITY_SCORES[r.severity];
+  }
+  return Math.max(0, score);
+}
+function worstSeverity(results) {
+  const order = ["CRITICAL", "HIGH", "MEDIUM", "LOW"];
+  for (const sev of order) {
+    if (results.some((r) => r.severity === sev)) return sev;
+  }
+  return null;
+}
+
+// src/reporter/terminal.ts
+import chalk from "chalk";
+var SEVERITY_COLORS = {
+  CRITICAL: chalk.bgRed.white.bold,
+  HIGH: chalk.red.bold,
+  MEDIUM: chalk.yellow,
+  LOW: chalk.gray
+};
+var GRADE_COLORS = {
+  A: chalk.green.bold,
+  B: chalk.cyan.bold,
+  C: chalk.yellow.bold,
+  D: chalk.red.bold,
+  F: chalk.bgRed.white.bold
+};
+var SEVERITY_ICONS = {
+  CRITICAL: "X",
+  HIGH: "!",
+  MEDIUM: "~",
+  LOW: "-"
+};
+function formatTerminalReport(report) {
+  const lines = [];
+  lines.push("");
+  lines.push(
+    chalk.bold("Skill Security Report") + chalk.gray(` - ${report.skillName}`)
+  );
+  lines.push(chalk.gray(`Path: ${report.skillPath}`));
+  lines.push(chalk.gray(`Time: ${report.timestamp}`));
+  lines.push("");
+  const gradeStr = GRADE_COLORS[report.grade](`  ${report.grade}  `);
+  const scoreStr = report.score >= 75 ? chalk.green(`${report.score}/100`) : report.score >= 40 ? chalk.yellow(`${report.score}/100`) : chalk.red(`${report.score}/100`);
+  lines.push(`Grade: ${gradeStr}  Score: ${scoreStr}`);
+  lines.push("");
+  const parts = [];
+  if (report.summary.critical > 0)
+    parts.push(chalk.bgRed.white(` ${report.summary.critical} CRITICAL `));
+  if (report.summary.high > 0)
+    parts.push(chalk.red(` ${report.summary.high} HIGH `));
+  if (report.summary.medium > 0)
+    parts.push(chalk.yellow(` ${report.summary.medium} MEDIUM `));
+  if (report.summary.low > 0)
+    parts.push(chalk.gray(` ${report.summary.low} LOW `));
+  if (parts.length > 0) {
+    lines.push(`Findings: ${parts.join(" ")}`);
+  } else {
+    lines.push(chalk.green("No issues found."));
+  }
+  lines.push("");
+  if (report.results.length > 0) {
+    lines.push(chalk.bold.underline("Findings:"));
+    lines.push("");
+    const grouped = /* @__PURE__ */ new Map();
+    for (const r of report.results) {
+      const group = grouped.get(r.category) ?? [];
+      group.push(r);
+      grouped.set(r.category, group);
+    }
+    for (const [category, findings] of grouped) {
+      lines.push(chalk.bold(`[${category}]`));
+      const order = ["CRITICAL", "HIGH", "MEDIUM", "LOW"];
+      findings.sort(
+        (a, b) => order.indexOf(a.severity) - order.indexOf(b.severity)
+      );
+      for (const f of findings) {
+        const icon = SEVERITY_ICONS[f.severity];
+        const sevLabel = SEVERITY_COLORS[f.severity](
+          ` ${f.severity} `
+        );
+        const idStr = chalk.gray(f.id);
+        lines.push(`  [${icon}] ${sevLabel} ${idStr} ${f.title}`);
+        lines.push(`      ${chalk.gray(f.message)}`);
+        if (f.snippet) {
+          lines.push(`      ${chalk.dim(f.snippet)}`);
+        }
+      }
+      lines.push("");
+    }
+  }
+  lines.push(chalk.bold("Recommendation:"));
+  switch (report.grade) {
+    case "A":
+      lines.push(chalk.green("  Safe to install."));
+      break;
+    case "B":
+      lines.push(chalk.cyan("  Minor issues found. Generally safe."));
+      break;
+    case "C":
+      lines.push(
+        chalk.yellow("  Review recommended before installation.")
+      );
+      break;
+    case "D":
+      lines.push(
+        chalk.red("  Significant risks detected. Install with caution.")
+      );
+      break;
+    case "F":
+      lines.push(
+        chalk.bgRed.white("  DO NOT INSTALL. Critical security issues found.")
+      );
+      break;
+  }
+  lines.push("");
+  return lines.join("\n");
+}
+
+// src/reporter/json.ts
+function formatJsonReport(report) {
+  return JSON.stringify(report, null, 2);
+}
+function generateHookResponse(report, config = DEFAULT_CONFIG) {
+  const worst = worstSeverity(report.results);
+  if (!worst) {
+    return { permissionDecision: "allow" };
+  }
+  const action = getHookAction(config.policy, worst);
+  switch (action) {
+    case "deny":
+      return {
+        permissionDecision: "deny",
+        reason: buildDenySummary(report)
+      };
+    case "ask":
+      return {
+        permissionDecision: "ask",
+        reason: buildAskSummary(report)
+      };
+    case "report":
+      return {
+        permissionDecision: "allow",
+        additionalContext: buildReportSummary(report)
+      };
+  }
+}
+function buildDenySummary(report) {
+  const lines = [
+    `Skill Security Check FAILED (Grade: ${report.grade}, Score: ${report.score}/100)`
+  ];
+  const criticals = report.results.filter((r) => r.severity === "CRITICAL");
+  if (criticals.length > 0) {
+    lines.push(`Critical issues (${criticals.length}):`);
+    for (const c of criticals.slice(0, 5)) {
+      lines.push(`  - [${c.id}] ${c.title}: ${c.message}`);
+    }
+  }
+  return lines.join("\n");
+}
+function buildAskSummary(report) {
+  const lines = [
+    `Skill Security Check: Grade ${report.grade} (${report.score}/100)`,
+    `Found: ${report.summary.critical} critical, ${report.summary.high} high, ${report.summary.medium} medium issues.`,
+    "Review the findings before allowing installation."
+  ];
+  return lines.join("\n");
+}
+function buildReportSummary(report) {
+  const lines = [
+    `[Skill Checker] Grade: ${report.grade} (${report.score}/100)`,
+    `Issues: ${report.summary.total} (${report.summary.critical}C/${report.summary.high}H/${report.summary.medium}M/${report.summary.low}L)`
+  ];
+  if (report.results.length > 0) {
+    lines.push("Top findings:");
+    for (const r of report.results.slice(0, 3)) {
+      lines.push(`  [${r.id}] ${r.severity}: ${r.title}`);
+    }
+  }
+  return lines.join("\n");
+}
+
+// src/config.ts
+import { readFileSync as readFileSync4, existsSync as existsSync3 } from "fs";
+import { join as join4, resolve as resolve2 } from "path";
+import { parse as parseYaml2 } from "yaml";
+var CONFIG_FILENAMES = [
+  ".skillcheckerrc.yaml",
+  ".skillcheckerrc.yml",
+  ".skillcheckerrc"
+];
+function loadConfig(startDir, configPath) {
+  if (configPath) {
+    const absPath = resolve2(configPath);
+    if (existsSync3(absPath)) {
+      return parseConfigFile(absPath);
+    }
+    return { ...DEFAULT_CONFIG };
+  }
+  const dir = startDir ? resolve2(startDir) : process.cwd();
+  let current = dir;
+  while (true) {
+    for (const filename of CONFIG_FILENAMES) {
+      const configPath2 = join4(current, filename);
+      if (existsSync3(configPath2)) {
+        return parseConfigFile(configPath2);
+      }
+    }
+    const parent = join4(current, "..");
+    if (parent === current) break;
+    current = parent;
+  }
+  const home = process.env.HOME ?? process.env.USERPROFILE;
+  if (home) {
+    for (const filename of CONFIG_FILENAMES) {
+      const configPath2 = join4(home, filename);
+      if (existsSync3(configPath2)) {
+        return parseConfigFile(configPath2);
+      }
+    }
+  }
+  return { ...DEFAULT_CONFIG };
+}
+function parseConfigFile(path) {
+  try {
+    const raw = readFileSync4(path, "utf-8");
+    const parsed = parseYaml2(raw);
+    if (!parsed || typeof parsed !== "object") {
+      return { ...DEFAULT_CONFIG };
+    }
+    const config = {
+      policy: isValidPolicy(parsed.policy) ? parsed.policy : "balanced",
+      overrides: {},
+      ignore: []
+    };
+    if (parsed.overrides && typeof parsed.overrides === "object") {
+      for (const [key, value] of Object.entries(parsed.overrides)) {
+        const sev = normalizeSeverity(value);
+        if (sev) {
+          config.overrides[key] = sev;
+        }
+      }
+    }
+    if (Array.isArray(parsed.ignore)) {
+      config.ignore = parsed.ignore.filter(
+        (item) => typeof item === "string"
+      );
+    }
+    return config;
+  } catch {
+    return { ...DEFAULT_CONFIG };
+  }
+}
+function isValidPolicy(value) {
+  return typeof value === "string" && ["strict", "balanced", "permissive"].includes(value);
+}
+function normalizeSeverity(value) {
+  const upper = value?.toUpperCase();
+  if (["CRITICAL", "HIGH", "MEDIUM", "LOW"].includes(upper)) {
+    return upper;
+  }
+  return null;
+}
+export {
+  DEFAULT_CONFIG,
+  SEVERITY_SCORES,
+  computeGrade,
+  formatJsonReport,
+  formatTerminalReport,
+  generateHookResponse,
+  getHookAction,
+  loadConfig,
+  loadIOC,
+  parseSkill,
+  parseSkillContent,
+  resetIOCCache,
+  runAllChecks,
+  scanSkillContent,
+  scanSkillDirectory,
+  worstSeverity
+};
+//# sourceMappingURL=index.js.map