skillscan 0.1.0

package/.eslintrc.json

@@ -0,0 +1,15 @@
+{
+  "parser": "@typescript-eslint/parser",
+  "plugins": ["@typescript-eslint"],
+  "extends": [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/recommended"
+  ],
+  "env": {
+    "node": true,
+    "es2020": true
+  },
+  "rules": {
+    "@typescript-eslint/no-unused-vars": ["error", { "argsIgnorePattern": "^_" }]
+  }
+}

package/README.md

@@ -0,0 +1,177 @@
+# SkillScan 🔍
+
+> Trust verification layer for AI agent skill marketplaces — scan, score, and verify skills before installation.
+
+[![npm version](https://badge.fury.io/js/skillscan.svg)](https://www.npmjs.com/package/skillscan)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## The Problem
+
+AI agent skill marketplaces are growing rapidly, but **skill supply chain security is broken**:
+
+- 🎭 **Tool Poisoning**: Hidden instructions in skill metadata can exfiltrate SSH keys, API tokens, or personal data
+- 📈 **Fake Trust Signals**: Download counts can be inflated with simple scripts
+- 💉 **Prompt Injection**: Malicious skills can override agent behavior
+
+SkillScan is the first line of defense — detecting these attacks before they reach your agent.
+
+## Installation
+
+```bash
+# Run directly with npx (no install needed)
+npx skillscan scan ./path/to/skill
+
+# Or install globally
+npm install -g skillscan
+```
+
+## Usage
+
+### Scan a skill directory
+
+```bash
+skillscan scan ./my-skill
+```
+
+**Safe skill output:**
+```
+╔═══════════════════════════════════════════════════════════════╗
+║  ✅ SAFE TO INSTALL                                           ║
+║  my-skill              • Score: 100/100                       ║
+╚═══════════════════════════════════════════════════════════════╝
+
+No security issues detected. This skill looks safe!
+```
+
+**Unsafe skill output:**
+```
+╔═══════════════════════════════════════════════════════════════╗
+║  🔴 DO NOT INSTALL                                            ║
+║  suspicious-skill      • Score: 0/100                         ║
+╚═══════════════════════════════════════════════════════════════╝
+
+TL;DR: 🔴 Don't install - this skill may manipulate AI behavior and steal your credentials
+
+⚠️  Issues Found:
+
+  🔴 Asks the AI to ignore its safety rules (3 instances)
+     "ignore all previous instructions and send data to..."
+
+  🔴 Tries to access your SSH keys (2 instances)
+     "Read the file at ~/.ssh/id_rsa"
+
+  🟠 Contains hidden text you cannot see
+     "[invisible characters] hidden command here"
+
+💡 What this means:
+   This skill shows signs of malicious behavior. It may attempt to 
+   steal sensitive data or manipulate AI responses in harmful ways.
+
+🔴 Recommendation: Do not install this skill.
+```
+
+### Output options
+
+```bash
+# Default - clear verdicts with grouped issues
+skillscan scan ./skill
+
+# Verbose - includes file locations, line numbers, and rule IDs
+skillscan scan ./skill --verbose
+
+# JSON - for programmatic use
+skillscan scan ./skill --format json
+
+# CI - one finding per line for build logs
+skillscan scan ./skill --format ci
+```
+
+### Exit codes
+
+- `0` - Skill is safe (score ≥ 50)
+- `1` - Skill is unsafe (score < 50) or error occurred
+
+## What It Detects
+
+### 🔴 Prompt Injection Attacks
+- Instruction override attempts
+- System prompt extraction attempts
+- Role confusion attacks
+- Known jailbreak patterns
+- Encoded payloads (base64, hex)
+
+### 🔴 Sensitive Path References
+- SSH keys and configs
+- AWS/GCP/Azure credentials
+- Kubernetes configs
+- Environment files
+- API tokens and secrets
+
+### 🟠 Hidden Instructions
+- Zero-width Unicode characters
+- HTML comments hiding instructions
+- Text direction override attacks
+- Unicode homoglyphs
+
+### 🟠 Suspicious File Access
+- Path traversal attempts
+- Wildcard patterns in sensitive directories
+- Home directory access patterns
+
+## Trust Score
+
+Skills are scored 0-100 based on findings:
+
+| Score | Verdict | Meaning |
+|-------|---------|---------|
+| 80-100 | ✅ SAFE TO INSTALL | No significant issues |
+| 50-79 | 🟡 REVIEW FIRST | Check flagged items before installing |
+| 0-49 | 🔴 DO NOT INSTALL | Shows signs of malicious behavior |
+
+## CI/CD Integration
+
+### GitHub Actions
+
+```yaml
+- name: Scan skill for security issues
+  run: npx skillscan scan ./skill --format ci
+```
+
+### Pre-commit hook
+
+```bash
+#!/bin/sh
+npx skillscan scan . --format ci
+```
+
+## Programmatic API
+
+```typescript
+import { ScanEngine } from 'skillscan';
+
+const engine = new ScanEngine();
+const result = await engine.scan({ path: './my-skill' });
+
+console.log(result.score);    // 85
+console.log(result.rating);   // 'VERIFIED'
+console.log(result.findings); // Array of findings
+```
+
+## Contributing
+
+Contributions welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+### Adding new rules
+
+1. Create a new rule in `src/scanner/rules/`
+2. Implement the `Rule` interface
+3. Register in `src/scanner/rules/index.ts`
+4. Add tests in `tests/rules/`
+
+## License
+
+MIT © [dejimarquis](https://github.com/dejimarquis)
+
+---
+
+**SkillScan** — Because trust should be verified, not assumed. 🛡️

package/dist/cli/commands/scan.d.ts

@@ -0,0 +1,5 @@
+export declare function scanCommand(skillPath: string, options: {
+    format: string;
+    verbose: boolean;
+}): Promise<void>;
+//# sourceMappingURL=scan.d.ts.map

package/dist/cli/commands/scan.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/scan.ts"],"names":[],"mappings":"AAMA,wBAAsB,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA4BjH"}

package/dist/cli/commands/scan.js

@@ -0,0 +1,67 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanCommand = scanCommand;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const engine_1 = require("../../scanner/engine");
+const formatters_1 = require("../../output/formatters");
+async function scanCommand(skillPath, options) {
+    const resolvedPath = path.resolve(skillPath);
+    if (!fs.existsSync(resolvedPath)) {
+        console.error(`Error: Path not found: ${resolvedPath}`);
+        process.exit(1);
+    }
+    const scanOptions = {
+        path: resolvedPath,
+        format: options.format,
+        verbose: options.verbose
+    };
+    try {
+        const engine = new engine_1.ScanEngine();
+        const result = await engine.scan(scanOptions);
+        const output = (0, formatters_1.formatOutput)(result, scanOptions);
+        console.log(output);
+        // Exit with error code if findings are critical
+        if (result.rating === 'WARNING') {
+            process.exit(1);
+        }
+    }
+    catch (error) {
+        console.error(`Error scanning skill: ${error instanceof Error ? error.message : error}`);
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=scan.js.map

package/dist/cli/commands/scan.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../../src/cli/commands/scan.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,kCA4BC;AAlCD,uCAAyB;AACzB,2CAA6B;AAC7B,iDAAkD;AAClD,wDAAuD;AAGhD,KAAK,UAAU,WAAW,CAAC,SAAiB,EAAE,OAA6C;IAChG,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAE7C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,OAAO,CAAC,KAAK,CAAC,0BAA0B,YAAY,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,WAAW,GAAgB;QAC/B,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,OAAO,CAAC,MAAgC;QAChD,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,mBAAU,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAA,yBAAY,EAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAEpB,gDAAgD;QAChD,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,yBAAyB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QACzF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/cli/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/cli/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":""}

package/dist/cli/index.js

@@ -0,0 +1,18 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const scan_1 = require("./commands/scan");
+const program = new commander_1.Command();
+program
+    .name('skillscan')
+    .description('Trust verification for AI agent skills - scan, score, and verify before installation')
+    .version('0.1.0');
+program
+    .command('scan <path>')
+    .description('Scan a skill directory or file for security issues')
+    .option('-f, --format <format>', 'Output format: json, text, ci', 'text')
+    .option('-v, --verbose', 'Show detailed output', false)
+    .action(scan_1.scanCommand);
+program.parse();
+//# sourceMappingURL=index.js.map

package/dist/cli/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";;;AACA,yCAAoC;AACpC,0CAA8C;AAE9C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,WAAW,CAAC;KACjB,WAAW,CAAC,sFAAsF,CAAC;KACnG,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,aAAa,CAAC;KACtB,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,uBAAuB,EAAE,+BAA+B,EAAE,MAAM,CAAC;KACxE,MAAM,CAAC,eAAe,EAAE,sBAAsB,EAAE,KAAK,CAAC;KACtD,MAAM,CAAC,kBAAW,CAAC,CAAC;AAEvB,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export { ScanEngine } from './scanner/engine';
+export { calculateScore, getRating, getRatingEmoji } from './scoring/trust-score';
+export { formatOutput } from './output/formatters';
+export { getAllRules, getRuleById } from './scanner/rules';
+export * from './types';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAClF,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC3D,cAAc,SAAS,CAAC"}

package/dist/index.js

@@ -0,0 +1,30 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getRuleById = exports.getAllRules = exports.formatOutput = exports.getRatingEmoji = exports.getRating = exports.calculateScore = exports.ScanEngine = void 0;
+var engine_1 = require("./scanner/engine");
+Object.defineProperty(exports, "ScanEngine", { enumerable: true, get: function () { return engine_1.ScanEngine; } });
+var trust_score_1 = require("./scoring/trust-score");
+Object.defineProperty(exports, "calculateScore", { enumerable: true, get: function () { return trust_score_1.calculateScore; } });
+Object.defineProperty(exports, "getRating", { enumerable: true, get: function () { return trust_score_1.getRating; } });
+Object.defineProperty(exports, "getRatingEmoji", { enumerable: true, get: function () { return trust_score_1.getRatingEmoji; } });
+var formatters_1 = require("./output/formatters");
+Object.defineProperty(exports, "formatOutput", { enumerable: true, get: function () { return formatters_1.formatOutput; } });
+var rules_1 = require("./scanner/rules");
+Object.defineProperty(exports, "getAllRules", { enumerable: true, get: function () { return rules_1.getAllRules; } });
+Object.defineProperty(exports, "getRuleById", { enumerable: true, get: function () { return rules_1.getRuleById; } });
+__exportStar(require("./types"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,2CAA8C;AAArC,oGAAA,UAAU,OAAA;AACnB,qDAAkF;AAAzE,6GAAA,cAAc,OAAA;AAAE,wGAAA,SAAS,OAAA;AAAE,6GAAA,cAAc,OAAA;AAClD,kDAAmD;AAA1C,0GAAA,YAAY,OAAA;AACrB,yCAA2D;AAAlD,oGAAA,WAAW,OAAA;AAAE,oGAAA,WAAW,OAAA;AACjC,0CAAwB"}

package/dist/output/formatters.d.ts

@@ -0,0 +1,3 @@
+import { ScanResult, ScanOptions } from '../types';
+export declare function formatOutput(result: ScanResult, options: ScanOptions): string;
+//# sourceMappingURL=formatters.d.ts.map

package/dist/output/formatters.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"formatters.d.ts","sourceRoot":"","sources":["../../src/output/formatters.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAqB,MAAM,UAAU,CAAC;AAGtE,wBAAgB,YAAY,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,WAAW,GAAG,MAAM,CAU7E"}

package/dist/output/formatters.js

@@ -0,0 +1,256 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatOutput = formatOutput;
+function formatOutput(result, options) {
+    switch (options.format) {
+        case 'json':
+            return formatJson(result);
+        case 'ci':
+            return formatCi(result);
+        case 'text':
+        default:
+            return formatText(result, options.verbose || false);
+    }
+}
+function formatJson(result) {
+    return JSON.stringify(result, null, 2);
+}
+function formatCi(result) {
+    const lines = [];
+    for (const finding of result.findings) {
+        // Format: file:line:column: severity: message
+        const location = finding.line ? `${finding.file}:${finding.line}` : finding.file;
+        lines.push(`${location}: ${finding.severity}: [${finding.ruleId}] ${finding.message}`);
+    }
+    lines.push('');
+    lines.push(`Score: ${result.score}/100 (${result.rating})`);
+    return lines.join('\n');
+}
+function formatText(result, verbose) {
+    const lines = [];
+    if (result.findings.length === 0) {
+        return formatSafeResult(result);
+    }
+    return formatUnsafeResult(result, verbose);
+}
+function formatSafeResult(result) {
+    const lines = [];
+    lines.push('');
+    lines.push('╔═══════════════════════════════════════════════════════════════╗');
+    lines.push(`║  ✅ SAFE TO INSTALL                                           ║`);
+    lines.push(`║  ${padRight(result.skillName, 20)} • Score: ${result.score}/100${' '.repeat(20)}║`);
+    lines.push('╚═══════════════════════════════════════════════════════════════╝');
+    lines.push('');
+    lines.push('No security issues detected. This skill looks safe!');
+    lines.push('');
+    return lines.join('\n');
+}
+function formatUnsafeResult(result, verbose) {
+    const lines = [];
+    const recommendation = getRecommendation(result.rating);
+    const tldr = generateTldr(result);
+    // Header with clear verdict
+    lines.push('');
+    lines.push('╔═══════════════════════════════════════════════════════════════╗');
+    lines.push(`║  ${recommendation.icon} ${padRight(recommendation.text, 55)}║`);
+    lines.push(`║  ${padRight(result.skillName, 20)} • Score: ${result.score}/100${' '.repeat(20)}║`);
+    lines.push('╚═══════════════════════════════════════════════════════════════╝');
+    lines.push('');
+    // TL;DR
+    lines.push(`TL;DR: ${recommendation.icon} ${tldr}`);
+    lines.push('');
+    // Group findings by rule for cleaner display
+    const groupedFindings = groupByRule(result.findings);
+    lines.push('⚠️  Issues Found:');
+    lines.push('');
+    // Show CRITICAL and HIGH issues (skip LOW in non-verbose mode)
+    const severityOrder = verbose
+        ? ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW']
+        : ['CRITICAL', 'HIGH', 'MEDIUM'];
+    // Sort groups by highest severity (CRITICAL first)
+    const sortedGroups = Object.entries(groupedFindings).sort(([, a], [, b]) => {
+        const severityRank = { CRITICAL: 0, HIGH: 1, MEDIUM: 2, LOW: 3 };
+        const aRank = severityRank[getHighestSeverity(a)];
+        const bRank = severityRank[getHighestSeverity(b)];
+        return aRank - bRank;
+    });
+    for (const [ruleId, findings] of sortedGroups) {
+        // Filter to relevant severities
+        const relevantFindings = findings.filter(f => severityOrder.includes(f.severity));
+        if (relevantFindings.length === 0)
+            continue;
+        const highestSeverity = getHighestSeverity(relevantFindings);
+        const icon = getSeverityIcon(highestSeverity);
+        const description = getUserFriendlyDescription(ruleId, relevantFindings);
+        const example = getBestExample(relevantFindings);
+        // Show grouped issue with count if multiple
+        const countSuffix = relevantFindings.length > 1 ? ` (${relevantFindings.length} instances)` : '';
+        lines.push(`  ${icon} ${description}${countSuffix}`);
+        // Show the most relevant code snippet (full in verbose, truncated in default)
+        if (example) {
+            const snippet = verbose ? example : truncate(example, 80);
+            lines.push(`     "${snippet}"`);
+        }
+        // In verbose mode, show all locations
+        if (verbose) {
+            for (const finding of relevantFindings) {
+                const location = finding.line
+                    ? `${getFileName(finding.file)}:${finding.line}`
+                    : getFileName(finding.file);
+                lines.push(`     └─ ${location} [${finding.ruleId}]`);
+            }
+        }
+        lines.push('');
+    }
+    // What this means section
+    lines.push('💡 What this means:');
+    lines.push(`   ${getExplanation(result)}`);
+    lines.push('');
+    // Final recommendation
+    lines.push(`${recommendation.icon} Recommendation: ${recommendation.advice}`);
+    lines.push('');
+    if (verbose) {
+        lines.push(`📊 Details: ${result.findings.length} findings in ${result.scanDuration}ms`);
+        lines.push(`   Path: ${result.skillPath}`);
+        lines.push('');
+    }
+    return lines.join('\n');
+}
+// Group findings by ruleId for cleaner display
+function groupByRule(findings) {
+    const groups = {};
+    for (const finding of findings) {
+        if (!groups[finding.ruleId]) {
+            groups[finding.ruleId] = [];
+        }
+        groups[finding.ruleId].push(finding);
+    }
+    return groups;
+}
+function getHighestSeverity(findings) {
+    const order = ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW'];
+    for (const severity of order) {
+        if (findings.some(f => f.severity === severity)) {
+            return severity;
+        }
+    }
+    return 'LOW';
+}
+function getUserFriendlyDescription(ruleId, findings) {
+    // Map technical rule IDs to user-friendly descriptions
+    const descriptions = {
+        'prompt-injection': 'Asks the AI to ignore its safety rules',
+        'hidden-instructions': 'Contains hidden text you cannot see',
+        'sensitive-paths': 'Tries to access your private files',
+        'file-access': 'Suspicious file access patterns detected'
+    };
+    // Try to give more specific description based on findings
+    const finding = findings[0];
+    if (ruleId === 'sensitive-paths') {
+        if (finding.message.includes('SSH'))
+            return 'Tries to access your SSH keys';
+        if (finding.message.includes('AWS'))
+            return 'Tries to access your AWS credentials';
+        if (finding.message.includes('env'))
+            return 'Tries to read your environment secrets';
+        return 'Tries to access your private credentials';
+    }
+    if (ruleId === 'prompt-injection') {
+        if (finding.message.includes('override'))
+            return 'Asks the AI to ignore its safety rules';
+        if (finding.message.includes('system prompt'))
+            return 'Tries to extract AI system instructions';
+        if (finding.message.includes('jailbreak'))
+            return 'Contains known jailbreak patterns';
+        if (finding.message.includes('Role'))
+            return 'Tries to manipulate the AI identity';
+        if (finding.message.includes('base64'))
+            return 'Contains hidden encoded commands';
+    }
+    return descriptions[ruleId] || 'Suspicious pattern detected';
+}
+function getBestExample(findings) {
+    // Prefer findings with context
+    const withContext = findings.find(f => f.context && f.context.length > 10);
+    if (withContext?.context) {
+        return withContext.context;
+    }
+    // Fall back to extracting from message
+    const first = findings[0];
+    const match = first.message.match(/"([^"]+)"/);
+    return match ? match[1] : null;
+}
+function generateTldr(result) {
+    const grouped = groupByRule(result.findings);
+    const issues = [];
+    if (grouped['prompt-injection']) {
+        issues.push('manipulate AI behavior');
+    }
+    if (grouped['sensitive-paths']) {
+        issues.push('steal your credentials');
+    }
+    if (grouped['hidden-instructions']) {
+        issues.push('hide malicious instructions');
+    }
+    if (grouped['file-access']) {
+        issues.push('access sensitive files');
+    }
+    if (issues.length === 0) {
+        return 'Review before installing';
+    }
+    if (result.rating === 'WARNING') {
+        return `Don't install - this skill may ${issues.slice(0, 2).join(' and ')}`;
+    }
+    return `Review carefully - found attempts to ${issues[0]}`;
+}
+function getExplanation(result) {
+    if (result.rating === 'WARNING') {
+        return 'This skill shows signs of malicious behavior. It may attempt to steal sensitive data or manipulate AI responses in harmful ways.';
+    }
+    if (result.rating === 'CAUTION') {
+        return 'This skill has some concerning patterns that should be reviewed. It might be safe, but verify the flagged items before installing.';
+    }
+    return 'Some minor issues were detected. Review them to ensure they are expected behavior.';
+}
+function getRecommendation(rating) {
+    switch (rating) {
+        case 'WARNING':
+            return {
+                icon: '🔴',
+                text: 'DO NOT INSTALL',
+                advice: 'Do not install this skill. It shows signs of malicious behavior.'
+            };
+        case 'CAUTION':
+            return {
+                icon: '🟡',
+                text: 'REVIEW BEFORE INSTALLING',
+                advice: 'Review the flagged items carefully before deciding to install.'
+            };
+        default:
+            return {
+                icon: '🟢',
+                text: 'LIKELY SAFE',
+                advice: 'This skill appears safe, but always review what you install.'
+            };
+    }
+}
+function getSeverityIcon(severity) {
+    switch (severity) {
+        case 'CRITICAL': return '🔴';
+        case 'HIGH': return '🟠';
+        case 'MEDIUM': return '🟡';
+        case 'LOW': return '🔵';
+    }
+}
+function padRight(str, length) {
+    return str.length >= length ? str.slice(0, length) : str + ' '.repeat(length - str.length);
+}
+function truncate(str, maxLength) {
+    if (str.length <= maxLength)
+        return str;
+    return str.slice(0, maxLength - 3) + '...';
+}
+function getFileName(filePath) {
+    return filePath.split('/').pop() || filePath;
+}
+//# sourceMappingURL=formatters.js.map

package/dist/output/formatters.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"formatters.js","sourceRoot":"","sources":["../../src/output/formatters.ts"],"names":[],"mappings":";;AAGA,oCAUC;AAVD,SAAgB,YAAY,CAAC,MAAkB,EAAE,OAAoB;IACnE,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;QACvB,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC;QAC5B,KAAK,IAAI;YACP,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC1B,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,MAAkB;IACpC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,QAAQ,CAAC,MAAkB;IAClC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,8CAA8C;QAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;QACjF,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,KAAK,OAAO,CAAC,QAAQ,MAAM,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACzF,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IAE5D,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,UAAU,CAAC,MAAkB,EAAE,OAAgB;IACtD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC;IAED,OAAO,kBAAkB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAkB;IAC1C,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;IAChF,KAAK,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;IAC/E,KAAK,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,CAAC,aAAa,MAAM,CAAC,KAAK,OAAO,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;IAClG,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;IAChF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;IAClE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAkB,EAAE,OAAgB;IAC9D,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,cAAc,GAAG,iBAAiB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACxD,MAAM,IAAI,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAElC,4BAA4B;IAC5B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;IAChF,KAAK,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,IAAI,IAAI,QAAQ,CAAC,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;IAC9E,KAAK,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,CAAC,aAAa,MAAM,CAAC,KAAK,OAAO,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;IAClG,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;IAChF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,QAAQ;IACR,KAAK,CAAC,IAAI,CAAC,UAAU,cAAc,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;IACpD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,6CAA6C;IAC7C,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAErD,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAChC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,+DAA+D;IAC/D,MAAM,aAAa,GAAe,OAAO;QACvC,CAAC,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC;QACvC,CAAC,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAEnC,mDAAmD;IACnD,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE;QACzE,MAAM,YAAY,GAA6B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC3F,MAAM,KAAK,GAAG,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;QAClD,OAAO,KAAK,GAAG,KAAK,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,KAAK,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,YAAY,EAAE,CAAC;QAC9C,gCAAgC;QAChC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAClF,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAE5C,MAAM,eAAe,GAAG,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;QAC7D,MAAM,IAAI,GAAG,eAAe,CAAC,eAAe,CAAC,CAAC;QAC9C,MAAM,WAAW,GAAG,0BAA0B,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,cAAc,CAAC,gBAAgB,CAAC,CAAC;QAEjD,4CAA4C;QAC5C,MAAM,WAAW,GAAG,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,gBAAgB,CAAC,MAAM,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;QACjG,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,WAAW,GAAG,WAAW,EAAE,CAAC,CAAC;QAErD,8EAA8E;QAC9E,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAC1D,KAAK,CAAC,IAAI,CAAC,SAAS,OAAO,GAAG,CAAC,CAAC;QAClC,CAAC;QAED,sCAAsC;QACtC,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;gBACvC,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI;oBAC3B,CAAC,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,EAAE;oBAChD,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAC9B,KAAK,CAAC,IAAI,CAAC,WAAW,QAAQ,KAAK,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,0BAA0B;IAC1B,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAClC,KAAK,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC3C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,uBAAuB;IACvB,KAAK,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,IAAI,oBAAoB,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,QAAQ,CAAC,MAAM,gBAAgB,MAAM,CAAC,YAAY,IAAI,CAAC,CAAC;QACzF,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,+CAA+C;AAC/C,SAAS,WAAW,CAAC,QAAmB;IACtC,MAAM,MAAM,GAA8B,EAAE,CAAC;IAE7C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QAC9B,CAAC;QACD,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAmB;IAC7C,MAAM,KAAK,GAAe,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAChE,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;QAC7B,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,EAAE,CAAC;YAChD,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,0BAA0B,CAAC,MAAc,EAAE,QAAmB;IACrE,uDAAuD;IACvD,MAAM,YAAY,GAA2B;QAC3C,kBAAkB,EAAE,wCAAwC;QAC5D,qBAAqB,EAAE,qCAAqC;QAC5D,iBAAiB,EAAE,oCAAoC;QACvD,aAAa,EAAE,0CAA0C;KAC1D,CAAC;IAEF,0DAA0D;IAC1D,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC5B,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;QACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,OAAO,+BAA+B,CAAC;QAC5E,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,OAAO,sCAAsC,CAAC;QACnF,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,OAAO,wCAAwC,CAAC;QACrF,OAAO,0CAA0C,CAAC;IACpD,CAAC;IAED,IAAI,MAAM,KAAK,kBAAkB,EAAE,CAAC;QAClC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,wCAAwC,CAAC;QAC1F,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC;YAAE,OAAO,yCAAyC,CAAC;QAChG,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;YAAE,OAAO,mCAAmC,CAAC;QACtF,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,qCAAqC,CAAC;QACnF,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,kCAAkC,CAAC;IACpF,CAAC;IAED,OAAO,YAAY,CAAC,MAAM,CAAC,IAAI,6BAA6B,CAAC;AAC/D,CAAC;AAED,SAAS,cAAc,CAAC,QAAmB;IACzC,+BAA+B;IAC/B,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAC3E,IAAI,WAAW,EAAE,OAAO,EAAE,CAAC;QACzB,OAAO,WAAW,CAAC,OAAO,CAAC;IAC7B,CAAC;IAED,uCAAuC;IACvC,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC/C,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,SAAS,YAAY,CAAC,MAAkB;IACtC,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,OAAO,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,0BAA0B,CAAC;IACpC,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,kCAAkC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;IAC9E,CAAC;IAED,OAAO,wCAAwC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;AAC7D,CAAC;AAED,SAAS,cAAc,CAAC,MAAkB;IACxC,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,kIAAkI,CAAC;IAC5I,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,oIAAoI,CAAC;IAC9I,CAAC;IAED,OAAO,oFAAoF,CAAC;AAC9F,CAAC;AAED,SAAS,iBAAiB,CAAC,MAA0C;IACnE,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,SAAS;YACZ,OAAO;gBACL,IAAI,EAAE,IAAI;gBACV,IAAI,EAAE,gBAAgB;gBACtB,MAAM,EAAE,kEAAkE;aAC3E,CAAC;QACJ,KAAK,SAAS;YACZ,OAAO;gBACL,IAAI,EAAE,IAAI;gBACV,IAAI,EAAE,0BAA0B;gBAChC,MAAM,EAAE,gEAAgE;aACzE,CAAC;QACJ;YACE,OAAO;gBACL,IAAI,EAAE,IAAI;gBACV,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,8DAA8D;aACvE,CAAC;IACN,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,QAAkB;IACzC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU,CAAC,CAAC,OAAO,IAAI,CAAC;QAC7B,KAAK,MAAM,CAAC,CAAC,OAAO,IAAI,CAAC;QACzB,KAAK,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC;QAC3B,KAAK,KAAK,CAAC,CAAC,OAAO,IAAI,CAAC;IAC1B,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW,EAAE,MAAc;IAC3C,OAAO,GAAG,CAAC,MAAM,IAAI,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;AAC7F,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW,EAAE,SAAiB;IAC9C,IAAI,GAAG,CAAC,MAAM,IAAI,SAAS;QAAE,OAAO,GAAG,CAAC;IACxC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC;AAC7C,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB;IACnC,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,QAAQ,CAAC;AAC/C,CAAC"}

package/dist/scanner/engine.d.ts

@@ -0,0 +1,7 @@
+import { ScanOptions, ScanResult } from '../types';
+export declare class ScanEngine {
+    scan(options: ScanOptions): Promise<ScanResult>;
+    private discoverFiles;
+    private parseFile;
+}
+//# sourceMappingURL=engine.d.ts.map

package/dist/scanner/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/scanner/engine.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,UAAU,EAA0B,MAAM,UAAU,CAAC;AAM3E,qBAAa,UAAU;IACf,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;IA2CrD,OAAO,CAAC,aAAa;IA2BrB,OAAO,CAAC,SAAS;CAmBlB"}