npm - skill-checker - Versions diffs - 0.1.14 → 0.1.16 - Mend

skill-checker 0.1.14 → 0.1.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -4,7 +4,7 @@ Security checker for Claude Code skills — detect injection, malicious code, an
 ## Features
-- **56 security rules** across 6 categories: structural validity, content quality, injection detection, code safety, supply chain, and resource abuse
+- **57 security rules** across 6 categories: structural validity, content quality, injection detection, code safety, supply chain, and resource abuse
 - **Scoring system**: Grade A–F with 0–100 score
 - **Dual entry**: CLI tool + PreToolUse hook for automatic interception
 - **Configurable policies**: strict / balanced / permissive approval strategies
@@ -14,7 +14,7 @@ Security checker for Claude Code skills — detect injection, malicious code, an
 ## Security Standard & Benchmark
-Skill Checker's 56 rules are aligned with established security frameworks including OWASP Top 10 for LLM Applications (2025), MITRE CWE, and MITRE ATT&CK. The tool ships with a reproducible benchmark dataset of six fixture skills covering all rule categories. This alignment is an internal mapping exercise — Skill Checker does not claim third-party certification or external audit status.
+Skill Checker's 57 rules are aligned with established security frameworks including OWASP Top 10 for LLM Applications (2025), MITRE CWE, and MITRE ATT&CK. The tool ships with a reproducible benchmark dataset of six fixture skills covering all rule categories. This alignment is an internal mapping exercise — Skill Checker does not claim third-party certification or external audit status.
 See [docs/SECURITY_BENCHMARK.md](docs/SECURITY_BENCHMARK.md) for the full rule mapping matrix, benchmark methodology, scoring model, and known limitations.
@@ -165,7 +165,7 @@ Config is resolved in order: CLI `--config` flag → project directory (walks up
 | Structural (STRUCT) | 8 | Missing SKILL.md, invalid frontmatter, binary files |
 | Content (CONT) | 7 | Placeholder text, lorem ipsum, promotional content |
 | Injection (INJ) | 10 | Zero-width chars, prompt override, tag injection, social engineering, encoded payloads |
-| Code Safety (CODE) | 15 | eval/exec, shell execution, reverse shell, data exfiltration, API key leakage, rm -rf, obfuscation |
+| Code Safety (CODE) | 16 | eval/exec, shell execution, reverse shell, data exfiltration, API key leakage, persistence mechanisms, rm -rf, obfuscation |
 | Supply Chain (SUPPLY) | 10 | Unknown MCP servers, suspicious domains, malicious hashes, typosquat |
 | Resource Abuse (RES) | 6 | Unrestricted tool access, disable safety checks, ignore project rules |

package/dist/cli.js CHANGED Viewed

@@ -1368,6 +1368,79 @@ var PERMISSION_PATTERNS = [
   /\bsetuid\b/,
   /\bsetgid\b/
 ];
+var PERSISTENCE_GROUPS = [
+  {
+    title: "Scheduled task persistence (cron)",
+    patterns: [
+      /\bcrontab\b/,
+      /\/etc\/cron\.(?:d|hourly|daily|weekly|monthly)\b/,
+      /\/var\/spool\/cron\b/
+    ]
+  },
+  {
+    title: "System service persistence (launchd)",
+    patterns: [
+      /\bLaunchAgents?\b/,
+      /\bLaunchDaemons?\b/,
+      /\blaunchctl\s+(?:load|bootstrap|submit)\b/i
+    ]
+  },
+  {
+    title: "System service persistence (systemd/init.d)",
+    patterns: [
+      /\bsystemctl\s+(?:enable|daemon-reload)\b/i,
+      /\/etc\/systemd\/system\b/,
+      /\.config\/systemd\/user\b/,
+      /\/etc\/init\.d\b/,
+      /\/etc\/rc\.local\b/,
+      /\bupdate-rc\.d\b/,
+      /\bchkconfig\b.*\b(?:--add|on)\b/
+    ]
+  },
+  {
+    title: "Shell profile modification",
+    patterns: [
+      /\.(?:bashrc|bash_profile|bash_login|profile|zshrc|zshenv|zprofile|zlogin)\b/,
+      /\/etc\/(?:profile(?:\.d)?|bash\.bashrc|zshrc|zshenv)\b/,
+      /\.config\/fish\/config\.fish\b/
+    ]
+  },
+  {
+    title: "Autostart / login item persistence",
+    patterns: [
+      /\.config\/autostart\b/,
+      /\/etc\/xdg\/autostart\b/,
+      /\bosascript\b[^\n]*\blogin\s+item\b/i
+    ]
+  },
+  {
+    title: "SSH key persistence",
+    patterns: [
+      /\.ssh\/authorized_keys2?\b/
+    ]
+  },
+  {
+    title: "Library injection persistence",
+    patterns: [
+      /\/etc\/ld\.so\.preload\b/,
+      /\bLD_PRELOAD\b/,
+      /\bDYLD_INSERT_LIBRARIES\b/
+    ]
+  },
+  {
+    title: "Git hooks manipulation",
+    patterns: [
+      /\.git\/hooks\/(?:pre-commit|post-commit|pre-push|post-checkout|post-merge|pre-rebase)\b/,
+      /\bgit\s+config\b[^\n]*\bcore\.hooksPath\b/
+    ]
+  },
+  {
+    title: "macOS periodic script persistence",
+    patterns: [
+      /\/etc\/periodic\/(?:daily|weekly|monthly)\b/
+    ]
+  }
+];
 var codeSafetyChecks = {
   name: "Code Safety",
   category: "CODE",
@@ -1476,16 +1549,27 @@ var codeSafetyChecks = {
           lineNum,
           source
         });
-        {
-          const isDoc = isInDocumentationContext(lines, i);
-          if (!isDoc) {
-            checkPatterns(results, line, PERMISSION_PATTERNS, {
-              id: "CODE-012",
+        const isDoc = isInDocumentationContext(lines, i);
+        if (!isDoc) {
+          checkPatterns(results, line, PERMISSION_PATTERNS, {
+            id: "CODE-012",
+            severity: "HIGH",
+            title: "Permission escalation",
+            loc,
+            lineNum,
+            source
+          });
+        }
+        if (!isDoc) {
+          for (const group of PERSISTENCE_GROUPS) {
+            checkPatterns(results, line, group.patterns, {
+              id: "CODE-016",
               severity: "HIGH",
-              title: "Permission escalation",
+              title: group.title,
               loc,
               lineNum,
-              source
+              source,
+              codeBlockCtx: cbCtx
             });
           }
         }
@@ -2197,9 +2281,11 @@ var AMPLIFICATION_PATTERNS = [
 var UNRESTRICTED_TOOL_PATTERNS = [
   /\bBash\s*\(\s*\*\s*\)/,
   /allowed[_-]?tools\s*:\s*\[?\s*["']?\*["']?\s*\]?/i,
-  /\ball\s+tools\b/i,
-  /\bunrestricted\s+access\b/i,
-  /\bfull\s+access\b/i
+  /\bunrestricted\s+(?:access|tool)/i,
+  /\ball\s+tools?\s+access\b/i,
+  /\bfull\s+tool\s+access\b/i,
+  /\b(?:need|require|grant|give|allow|request|enable)\s+all\s+tools\b/i,
+  /\ball\s+tools\s+(?:enabled|granted|allowed|required|needed)\b/i
 ];
 var DISABLE_SAFETY_PATTERNS = [
   /\bdisable\s+(safety|security|checks?|hooks?|guard)/i,
@@ -2207,13 +2293,12 @@ var DISABLE_SAFETY_PATTERNS = [
   /\bskip\s+(safety|security|checks?|hooks?|guard|verification)/i,
   /\bturn\s+off\s+(safety|security|checks?|hooks?)/i,
   /--no-verify\b/,
-  /--force\b/,
   /--skip-hooks?\b/
 ];
 var IGNORE_RULES_PATTERNS = [
-  /\bignore\s+(the\s+)?CLAUDE\.md\b/i,
-  /\bignore\s+(the\s+)?project\s+rules?\b/i,
-  /\bignore\s+(the\s+)?\.claude\b/i,
+  /\bignore\s+(the\s+)?CLAUDE\.md\b(?!\s+(?:example|template|snippet|sample))/i,
+  /\bignore\s+(the\s+)?project\s+rules?\b(?!\s+(?:example|template|snippet|sample))/i,
+  /\bignore\s+(the\s+)?\.claude\b(?!\s+(?:example|template|snippet|sample))/i,
   /\boverride\s+(the\s+)?project\s+(settings?|config|rules?)\b/i,
   /\bdo\s+not\s+(follow|obey|respect)\s+(the\s+)?(project|CLAUDE)/i,
   /\bdisregard\s+(the\s+)?(project|CLAUDE)\s+(rules?|config|settings?)/i
@@ -2607,7 +2692,7 @@ function deduplicateResults(results) {
   };
   for (const r of results) {
     const sourceKey = r.source ?? `_no_source_:${r.category}:${r.line ?? ""}`;
-    const key = `${r.id}::${sourceKey}`;
+    const key = `${r.id}::${r.title}::${sourceKey}`;
     const group = groups.get(key);
     if (group) {
       group.push(r);