skill-checker 0.1.11 → 0.1.13

package/dist/index.d.ts

@@ -141,16 +141,19 @@ declare function generateHookResponse(report: ScanReport, config?: SkillCheckerC
  */
 declare function loadConfig(startDir?: string, configPath?: string): SkillCheckerConfig;
 
-/**
- * IOC (Indicators of Compromise) database type definition and seed data.
- * Seed data is compiled from publicly available threat intelligence.
- */
+interface CategorizedDomains {
+    exfiltration: string[];
+    tunnel: string[];
+    oast: string[];
+    paste: string[];
+    c2: string[];
+}
 interface IOCDatabase {
     version: string;
     updated: string;
     c2_ips: string[];
     malicious_hashes: Record<string, string>;
-    malicious_domains: string[];
+    malicious_domains: CategorizedDomains;
     typosquat: {
         known_patterns: string[];
         protected_names: string[];

package/dist/index.js

@@ -336,6 +336,70 @@ var structuralChecks = {
   }
 };
 
+// src/types.ts
+var SEVERITY_SCORES = {
+  CRITICAL: 25,
+  HIGH: 10,
+  MEDIUM: 3,
+  LOW: 1
+};
+function computeGrade(score) {
+  if (score >= 90) return "A";
+  if (score >= 75) return "B";
+  if (score >= 60) return "C";
+  if (score >= 40) return "D";
+  return "F";
+}
+var REDUCE_MAP = {
+  CRITICAL: "HIGH",
+  HIGH: "MEDIUM",
+  MEDIUM: "LOW",
+  LOW: "LOW"
+};
+function reduceSeverity(original, reason) {
+  let reduced = REDUCE_MAP[original];
+  if (original === "CRITICAL" && reduced === "LOW") {
+    reduced = "MEDIUM";
+  }
+  return {
+    severity: reduced,
+    reducedFrom: original,
+    annotation: `[reduced: ${reason}]`
+  };
+}
+var DEFAULT_CONFIG = {
+  policy: "balanced",
+  overrides: {},
+  ignore: []
+};
+function getHookAction(policy, severity) {
+  const matrix = {
+    strict: {
+      CRITICAL: "deny",
+      HIGH: "deny",
+      MEDIUM: "ask",
+      LOW: "report"
+    },
+    balanced: {
+      CRITICAL: "deny",
+      HIGH: "ask",
+      MEDIUM: "report",
+      LOW: "report"
+    },
+    permissive: {
+      CRITICAL: "ask",
+      HIGH: "report",
+      MEDIUM: "report",
+      LOW: "report"
+    }
+  };
+  const row = matrix[policy];
+  if (!row) {
+    return matrix.balanced[severity];
+  }
+  return row[severity];
+}
+
 // src/utils/context.ts
 function isInCodeBlock(lines, lineIndex) {
   let inBlock = false;
@@ -399,6 +463,49 @@ function isLicenseFile(filePath) {
 function isLocalhostURL(url) {
   return /^https?:\/\/(localhost|127\.0\.0\.1|0\.0\.0\.0|\[::1\])/i.test(url);
 }
+function isInEducationalContext(lines, lineIndex) {
+  const line = lines[lineIndex];
+  if (/^#{1,6}\s+/.test(line)) return true;
+  if (/^\s*[-*]?\s*(\*\*[^*]+\*\*\s*:|[A-Z][^:]{0,40}:)\s/.test(line))
+    return true;
+  for (let i = lineIndex; i >= Math.max(0, lineIndex - 15); i--) {
+    if (/^#{1,4}\s+.*(strateg|guide|framework|structure|model|overview|comparison|concept|principle|example|tutorial|reference|approach|method)/i.test(
+      lines[i]
+    )) {
+      return true;
+    }
+  }
+  return false;
+}
+var PROMOTIONAL_INTENT_PATTERNS = [
+  /\d+%\s*off\b/i,
+  /\blimited\s+time\b/i,
+  /\bact\s+now\b/i,
+  /\bhurry\b/i,
+  /\btoday\s+only\b/i,
+  /\bdon'?t\s+miss\b/i,
+  /\bsave\s+\d+%/i,
+  /\bexclusive\s+(offer|deal)\b/i,
+  /\bsign\s+up\s+(now|today)\b/i,
+  /\bget\s+started\b/i,
+  /\bclaim\s+(now|yours?)\b/i,
+  /\boffer\s+ends?\b/i,
+  /\blast\s+chance\b/i,
+  /\bonly\s+\d+\s+left\b/i,
+  /\bends?\s+in\s+\d+/i,
+  /\bstart\s+(your\s+)?free\s+trial\b/i
+];
+function hasPromotionalIntent(line) {
+  return PROMOTIONAL_INTENT_PATTERNS.some((p) => p.test(line));
+}
+function hasPromotionalIntentNearby(lines, lineIndex, window = 3) {
+  const start = Math.max(0, lineIndex - window);
+  const end = Math.min(lines.length - 1, lineIndex + window);
+  for (let i = start; i <= end; i++) {
+    if (hasPromotionalIntent(lines[i])) return true;
+  }
+  return false;
+}
 function parseURLPath(url) {
   try {
     const u = new URL(url);
@@ -430,16 +537,18 @@ var LOREM_PATTERNS = [
   /dolor\s+sit\s+amet/i,
   /consectetur\s+adipiscing/i
 ];
-var AD_PATTERNS = [
+var STRONG_AD_PATTERNS = [
   /\bbuy\s+now\b/i,
-  /\bfree\s+trial\b/i,
+  /\bclick\s+here\s+to\s+(buy|subscribe|download)/i,
+  /\buse\s+code\b.*\b\d+%?\s*off\b/i
+];
+var SOFT_AD_PATTERNS = [
   /\bdiscount\b/i,
+  /\bfree\s+trial\b/i,
   /\bpromo\s*code\b/i,
   /\bsubscribe\s+(to|now)\b/i,
   /\bsponsored\s+by\b/i,
   /\baffiliate\s+link\b/i,
-  /\bclick\s+here\s+to\s+(buy|subscribe|download)/i,
-  /\buse\s+code\b.*\b\d+%?\s*off\b/i,
   /\bcheck\s+out\s+my\b/i
 ];
 var contentChecks = {
@@ -504,7 +613,8 @@ var contentChecks = {
     checkDescriptionMismatch(results, skill);
     for (let i = 0; i < skill.bodyLines.length; i++) {
       const line = skill.bodyLines[i];
-      for (const pattern of AD_PATTERNS) {
+      let matched = false;
+      for (const pattern of STRONG_AD_PATTERNS) {
         if (pattern.test(line)) {
           results.push({
             id: "CONT-005",
@@ -513,8 +623,43 @@ var contentChecks = {
             title: "Promotional/advertising content",
             message: `Line ${skill.bodyStartLine + i}: Contains ad-like content.`,
             line: skill.bodyStartLine + i,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
+          matched = true;
+          break;
+        }
+      }
+      if (matched) continue;
+      for (const pattern of SOFT_AD_PATTERNS) {
+        if (pattern.test(line)) {
+          const inCode = isInCodeBlock(skill.bodyLines, i);
+          const inEducational = isInEducationalContext(skill.bodyLines, i);
+          if ((inCode || inEducational) && !hasPromotionalIntentNearby(skill.bodyLines, i)) {
+            const reduction = reduceSeverity("HIGH", "educational/descriptive context");
+            results.push({
+              id: "CONT-005",
+              category: "CONT",
+              severity: reduction.severity,
+              title: "Promotional/advertising content",
+              message: `Line ${skill.bodyStartLine + i}: Contains ad-like content. ${reduction.annotation}`,
+              line: skill.bodyStartLine + i,
+              snippet: line.trim().slice(0, 120),
+              reducedFrom: reduction.reducedFrom,
+              source: "SKILL.md"
+            });
+          } else {
+            results.push({
+              id: "CONT-005",
+              category: "CONT",
+              severity: "HIGH",
+              title: "Promotional/advertising content",
+              message: `Line ${skill.bodyStartLine + i}: Contains ad-like content.`,
+              line: skill.bodyStartLine + i,
+              snippet: line.trim().slice(0, 120),
+              source: "SKILL.md"
+            });
+          }
           break;
         }
       }
@@ -993,70 +1138,6 @@ function dedup(results) {
   });
 }
 
-// src/types.ts
-var SEVERITY_SCORES = {
-  CRITICAL: 25,
-  HIGH: 10,
-  MEDIUM: 3,
-  LOW: 1
-};
-function computeGrade(score) {
-  if (score >= 90) return "A";
-  if (score >= 75) return "B";
-  if (score >= 60) return "C";
-  if (score >= 40) return "D";
-  return "F";
-}
-var REDUCE_MAP = {
-  CRITICAL: "HIGH",
-  HIGH: "MEDIUM",
-  MEDIUM: "LOW",
-  LOW: "LOW"
-};
-function reduceSeverity(original, reason) {
-  let reduced = REDUCE_MAP[original];
-  if (original === "CRITICAL" && reduced === "LOW") {
-    reduced = "MEDIUM";
-  }
-  return {
-    severity: reduced,
-    reducedFrom: original,
-    annotation: `[reduced: ${reason}]`
-  };
-}
-var DEFAULT_CONFIG = {
-  policy: "balanced",
-  overrides: {},
-  ignore: []
-};
-function getHookAction(policy, severity) {
-  const matrix = {
-    strict: {
-      CRITICAL: "deny",
-      HIGH: "deny",
-      MEDIUM: "ask",
-      LOW: "report"
-    },
-    balanced: {
-      CRITICAL: "deny",
-      HIGH: "ask",
-      MEDIUM: "report",
-      LOW: "report"
-    },
-    permissive: {
-      CRITICAL: "ask",
-      HIGH: "report",
-      MEDIUM: "report",
-      LOW: "report"
-    }
-  };
-  const row = matrix[policy];
-  if (!row) {
-    return matrix.balanced[severity];
-  }
-  return row[severity];
-}
-
 // src/checks/code-safety.ts
 var EVAL_PATTERNS = [
   /\beval\s*\(/,
@@ -1533,8 +1614,8 @@ import { homedir } from "os";
 
 // src/ioc/indicators.ts
 var DEFAULT_IOC = {
-  version: "2026.03.06",
-  updated: "2026-03-06",
+  version: "2026.03.16",
+  updated: "2026-03-16",
   c2_ips: [
     "91.92.242.30",
     "91.92.242.39",
@@ -1543,36 +1624,65 @@ var DEFAULT_IOC = {
     "45.155.205.233"
   ],
   malicious_hashes: {
-    // NOTE: Never add the SHA-256 of an empty file (e3b0c44298fc...b855)
+    // NOTE: Never add the SHA256 of an empty file (e3b0c44298fc...b855)
     // as it causes false positives on any empty file.
     "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2": "clawhavoc-exfiltrator"
   },
-  malicious_domains: [
-    "webhook.site",
-    "requestbin.com",
-    "pipedream.com",
-    "pipedream.net",
-    "hookbin.com",
-    "beeceptor.com",
-    "ngrok.io",
-    "ngrok-free.app",
-    "serveo.net",
-    "localtunnel.me",
-    "bore.pub",
-    "interact.sh",
-    "oast.fun",
-    "oastify.com",
-    "dnslog.cn",
-    "ceye.io",
-    "burpcollaborator.net",
-    "pastebin.com",
-    "paste.ee",
-    "hastebin.com",
-    "ghostbin.com",
-    "evil.com",
-    "malware.com",
-    "exploit.in"
-  ],
+  malicious_domains: {
+    exfiltration: [
+      "webhook.site",
+      "requestbin.com",
+      "requestcatcher.com",
+      "pipedream.com",
+      "pipedream.net",
+      "hookbin.com",
+      "beeceptor.com",
+      "postb.in",
+      "webhook.lol",
+      "requestinspector.com",
+      "mockbin.org"
+    ],
+    tunnel: [
+      "ngrok.io",
+      "ngrok-free.app",
+      "serveo.net",
+      "localtunnel.me",
+      "bore.pub",
+      "localhost.run",
+      "loca.lt",
+      "telebit.cloud",
+      "playit.gg",
+      "portmap.io",
+      "pagekite.me"
+    ],
+    oast: [
+      "interact.sh",
+      "oast.fun",
+      "oastify.com",
+      "dnslog.cn",
+      "ceye.io",
+      "burpcollaborator.net",
+      "canarytokens.com",
+      "requestrepo.com"
+    ],
+    paste: [
+      "pastebin.com",
+      "paste.ee",
+      "hastebin.com",
+      "ghostbin.com",
+      "dpaste.org",
+      "rentry.co",
+      "0bin.net",
+      "privatebin.net",
+      "paste.mozilla.org"
+    ],
+    c2: [
+      "evil.com",
+      "malware.com",
+      "exploit.in",
+      "darkweb.onion"
+    ]
+  },
   typosquat: {
     known_patterns: [
       "clawhub1",
@@ -1632,10 +1742,21 @@ function mergeIOC(base, ext) {
     Object.assign(base.malicious_hashes, ext.malicious_hashes);
   }
   if (ext.malicious_domains) {
-    base.malicious_domains = dedupe([
-      ...base.malicious_domains,
-      ...ext.malicious_domains
-    ]);
+    const categories = [
+      "exfiltration",
+      "tunnel",
+      "oast",
+      "paste",
+      "c2"
+    ];
+    for (const cat of categories) {
+      if (ext.malicious_domains[cat]) {
+        base.malicious_domains[cat] = dedupe([
+          ...base.malicious_domains[cat],
+          ...ext.malicious_domains[cat]
+        ]);
+      }
+    }
   }
   if (ext.typosquat) {
     if (ext.typosquat.known_patterns) {
@@ -1660,6 +1781,22 @@ function mergeIOC(base, ext) {
   if (ext.version) base.version = ext.version;
   if (ext.updated) base.updated = ext.updated;
 }
+function getAllDomains(ioc) {
+  const { exfiltration, tunnel, oast, paste, c2 } = ioc.malicious_domains;
+  return [...exfiltration, ...tunnel, ...oast, ...paste, ...c2];
+}
+function getDomainCategory(ioc, domain) {
+  const d = domain.toLowerCase();
+  const categories = ["exfiltration", "tunnel", "oast", "paste", "c2"];
+  for (const cat of categories) {
+    if (ioc.malicious_domains[cat].some(
+      (entry) => d === entry || d.endsWith("." + entry)
+    )) {
+      return cat;
+    }
+  }
+  return void 0;
+}
 function dedupe(arr) {
   return [...new Set(arr)];
 }
@@ -1668,6 +1805,24 @@ function dedupe(arr) {
 var FALLBACK_SUSPICIOUS_DOMAINS = [
   "darkweb.onion"
 ];
+function isSensitiveDomainCombo(line) {
+  if (/curl\b[^\n]*(?:-d|--data|--data-binary|--data-raw|--data-urlencode)\s+@/i.test(line)) {
+    return true;
+  }
+  if (/curl\b[^\n]*(?:-F|--form)\s+[^\s=]+=@/i.test(line)) {
+    return true;
+  }
+  if (/wget\b[^\n]*--post-file/i.test(line)) {
+    return true;
+  }
+  if (/\|\s*(?:sh|bash|zsh|python|node)\b/i.test(line)) {
+    return true;
+  }
+  if (/(?:\.env|\.ssh|id_rsa|\.aws|credentials|\.netrc|\.git-credentials)/i.test(line)) {
+    return true;
+  }
+  return false;
+}
 var MCP_SERVER_PATTERN = /\bmcp[-_]?server\b/i;
 var NPX_Y_PATTERN = /\bnpx\s+-y\s+/;
 var NPM_INSTALL_PATTERN = /\bnpm\s+install\b/;
@@ -1692,7 +1847,10 @@ var supplyChainChecks = {
     const results = [];
     const allText = getAllText(skill);
     const ioc = loadIOC();
-    const suspiciousDomains = ioc.malicious_domains.length > 0 ? ioc.malicious_domains : FALLBACK_SUSPICIOUS_DOMAINS;
+    const suspiciousDomains = getAllDomains(ioc);
+    if (suspiciousDomains.length === 0) {
+      suspiciousDomains.push(...FALLBACK_SUSPICIOUS_DOMAINS);
+    }
     for (let i = 0; i < allText.length; i++) {
       const { line, lineNum, source } = allText[i];
       if (MCP_SERVER_PATTERN.test(line)) {
@@ -1855,15 +2013,46 @@ var supplyChainChecks = {
         const hostname = extractHostname(url);
         for (const domain of suspiciousDomains) {
           if (hostnameMatchesDomain(hostname, domain)) {
+            const category = getDomainCategory(ioc, domain);
+            const categoryLabel = category ? ` (${category})` : "";
+            let severity = "HIGH";
+            let reducedFrom;
+            let msgSuffix = "";
+            if (isSensitiveDomainCombo(line)) {
+              severity = "CRITICAL";
+              msgSuffix = " [escalated: combined with sensitive operation]";
+            } else {
+              const srcLines = getLinesForSource(skill, source);
+              const localIdx = getLocalIndex(source, lineNum, skill.bodyStartLine);
+              const inCodeBlock = localIdx >= 0 && isInCodeBlock(srcLines, localIdx);
+              if (inCodeBlock) {
+                severity = "MEDIUM";
+                reducedFrom = "HIGH";
+                msgSuffix = " [reduced: in code block]";
+              } else {
+                const allLines = getAllLines(skill);
+                const globalIdx = findGlobalLineIndex(allLines, source, lineNum);
+                const isDoc = source === "SKILL.md" && globalIdx >= 0 && isInDocumentationContext(
+                  allLines.map((l) => l.line),
+                  globalIdx
+                );
+                if (isDoc) {
+                  severity = "LOW";
+                  reducedFrom = "HIGH";
+                  msgSuffix = " [reduced: in documentation context]";
+                }
+              }
+            }
             results.push({
               id: "SUPPLY-007",
               category: "SUPPLY",
-              severity: "CRITICAL",
-              title: "Suspicious domain detected",
-              message: `${source}:${lineNum}: References suspicious domain "${domain}".`,
+              severity,
+              title: `Suspicious domain${categoryLabel} detected`,
+              message: `${source}:${lineNum}: References suspicious domain "${domain}".${msgSuffix}`,
               line: lineNum,
               snippet: url,
-              source
+              source,
+              reducedFrom
             });
             break;
           }