transskill 0.2.1 → 0.2.2

package/dist/audit/rules/suspicious-urls.js

@@ -0,0 +1,42 @@
+/**
+ * Rules for detecting suspicious URLs and network references
+ * in agent skill instructions.
+ */
+export const URL_PATTERNS = [
+    {
+        id: 'L1-011a',
+        pattern: /https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?::\d+)?\//,
+        severity: 'medium',
+        description: '指令中包含直接 IP 地址的 HTTP 请求，可能指向恶意服务器',
+        recommendation: '审查该 IP 地址是否可信，尽可能使用域名替代 IP',
+    },
+    {
+        id: 'L1-011b',
+        pattern: /https?:\/\/[^\s'"]*\.(?:onion|i2p)\b/i,
+        severity: 'high',
+        description: '引用暗网地址（.onion/.i2p），可能访问非法内容',
+        recommendation: '审查该地址的用途，避免从暗网下载不可信内容',
+    },
+    {
+        id: 'L1-011c',
+        pattern: /https?:\/\/[^\s'"]*(?:pastebin|hastebin|rentry|ghostbin|dpaste)\.[^\s'"]+/i,
+        severity: 'medium',
+        description: '引用文本分享网站，内容不可追踪且可能隐藏恶意载荷',
+        recommendation: '审查引用的实际内容是否安全',
+    },
+    {
+        id: 'L1-011d',
+        pattern: /https?:\/\/[^\s'"]*(?:raw\.githubusercontent|gist\.github)[^\s'"]+\.(?:sh|py|js|ps1|bat)\b/i,
+        severity: 'low',
+        description: '引用 GitHub 上的脚本文件，需确认来源是否可信',
+        recommendation: '确认 GitHub 仓库和作者是否可信，建议锁定版本 commit hash',
+    },
+    {
+        id: 'L1-011e',
+        pattern: /data:\s*text\/[a-z]+;base64,[A-Za-z0-9+/=]{50,}/i,
+        severity: 'medium',
+        description: '指令中包含 data: URI 长 base64 内容，可能隐藏恶意载荷',
+        recommendation: '审查 data: URI 解码后的实际内容',
+    },
+];
+//# sourceMappingURL=suspicious-urls.js.map

package/dist/audit/rules/suspicious-urls.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"suspicious-urls.js","sourceRoot":"","sources":["../../../src/audit/rules/suspicious-urls.ts"],"names":[],"mappings":"AAUA;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAc;IACrC;QACE,EAAE,EAAE,SAAS;QACb,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,kCAAkC;QAC/C,cAAc,EAAE,4BAA4B;KAC7C;IACD;QACE,EAAE,EAAE,SAAS;QACb,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,8BAA8B;QAC3C,cAAc,EAAE,uBAAuB;KACxC;IACD;QACE,EAAE,EAAE,SAAS;QACb,OAAO,EAAE,4EAA4E;QACrF,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,0BAA0B;QACvC,cAAc,EAAE,eAAe;KAChC;IACD;QACE,EAAE,EAAE,SAAS;QACb,OAAO,EAAE,6FAA6F;QACtG,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,4BAA4B;QACzC,cAAc,EAAE,wCAAwC;KACzD;IACD;QACE,EAAE,EAAE,SAAS;QACb,OAAO,EAAE,kDAAkD;QAC3D,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,sCAAsC;QACnD,cAAc,EAAE,uBAAuB;KACxC;CACF,CAAC"}

package/dist/audit/scanner/directory-scanner.d.ts

@@ -0,0 +1,40 @@
+import type { Auditor, AuditFinding } from '../auditor.interface.js';
+import type { IntermediateSkill } from '../../core/types.js';
+/**
+ * DirectoryScanner (D)
+ *
+ * Scans the full skill directory structure for security issues:
+ * - Script files in scripts/ (analyzed recursively)
+ * - Hidden files and sensitive data
+ * - Symbolic link escapes
+ * - Cross-file reference chains
+ *
+ * This auditor runs on the rootPath of a skill directory
+ * AND the parsed skill content.
+ */
+export declare class DirectoryScanner implements Auditor {
+    readonly id = "directory-scanner";
+    readonly name = "\u76EE\u5F55\u626B\u63CF\u5668 (D)";
+    readonly description = "\u626B\u63CF skill \u76EE\u5F55\u7ED3\u6784\u4E2D\u7684\u5B89\u5168\u9690\u60A3";
+    readonly supportsDirectory = true;
+    /**
+     * Directory audit entry point.
+     * The rootPath is passed as the instructions (hacky but works with current arch).
+     * In practice, use `auditDirectory()` directly.
+     */
+    audit(skill: IntermediateSkill, filePath: string): AuditFinding[];
+    /**
+     * Full directory audit. Scans all files in the skill directory.
+     * Call this directly for directory-mode auditing.
+     */
+    auditDirectory(rootPath: string, skillFilePath?: string): AuditFinding[];
+    private auditScriptFile;
+    private isHiddenFile;
+    private checkHiddenFile;
+    private isSymlink;
+    private checkSymlink;
+    private checkCrossFileRefs;
+    private locateRoot;
+    private collectFiles;
+}
+//# sourceMappingURL=directory-scanner.d.ts.map

package/dist/audit/scanner/directory-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"directory-scanner.d.ts","sourceRoot":"","sources":["../../../src/audit/scanner/directory-scanner.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACrE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAG7D;;;;;;;;;;;GAWG;AACH,qBAAa,gBAAiB,YAAW,OAAO;IAC9C,QAAQ,CAAC,EAAE,uBAAuB;IAClC,QAAQ,CAAC,IAAI,wCAAe;IAC5B,QAAQ,CAAC,WAAW,qFAAyB;IAC7C,QAAQ,CAAC,iBAAiB,QAAQ;IAElC;;;;OAIG;IACH,KAAK,CAAC,KAAK,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,GAAG,YAAY,EAAE;IASjE;;;OAGG;IACH,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,GAAG,YAAY,EAAE;IA2CxE,OAAO,CAAC,eAAe;IAsEvB,OAAO,CAAC,YAAY;IAKpB,OAAO,CAAC,eAAe;IA+CvB,OAAO,CAAC,SAAS;IAQjB,OAAO,CAAC,YAAY;IAyBpB,OAAO,CAAC,kBAAkB;IAoC1B,OAAO,CAAC,UAAU;IAkBlB,OAAO,CAAC,YAAY;CAsBrB"}

package/dist/audit/scanner/directory-scanner.js

@@ -0,0 +1,288 @@
+import { existsSync, readdirSync, readFileSync, statSync, lstatSync } from 'node:fs';
+import { join, resolve, relative } from 'node:path';
+import { InstructionScanner } from './instruction-scanner.js';
+/**
+ * DirectoryScanner (D)
+ *
+ * Scans the full skill directory structure for security issues:
+ * - Script files in scripts/ (analyzed recursively)
+ * - Hidden files and sensitive data
+ * - Symbolic link escapes
+ * - Cross-file reference chains
+ *
+ * This auditor runs on the rootPath of a skill directory
+ * AND the parsed skill content.
+ */
+export class DirectoryScanner {
+    id = 'directory-scanner';
+    name = '目录扫描器 (D)';
+    description = '扫描 skill 目录结构中的安全隐患';
+    supportsDirectory = true;
+    /**
+     * Directory audit entry point.
+     * The rootPath is passed as the instructions (hacky but works with current arch).
+     * In practice, use `auditDirectory()` directly.
+     */
+    audit(skill, filePath) {
+        // Normal mode: filePath is a file — extract dir from it
+        const dirPath = this.locateRoot(skill, filePath);
+        if (!dirPath || !existsSync(dirPath) || !statSync(dirPath).isDirectory()) {
+            return [];
+        }
+        return this.auditDirectory(dirPath, filePath);
+    }
+    /**
+     * Full directory audit. Scans all files in the skill directory.
+     * Call this directly for directory-mode auditing.
+     */
+    auditDirectory(rootPath, skillFilePath) {
+        const findings = [];
+        const absRoot = resolve(rootPath);
+        if (!existsSync(absRoot)) {
+            return findings;
+        }
+        // Collect all files
+        const allFiles = this.collectFiles(absRoot);
+        for (const file of allFiles) {
+            const relPath = relative(absRoot, file);
+            // Skip the skill file itself (already analyzed by L1)
+            if (skillFilePath && resolve(file) === resolve(skillFilePath)) {
+                continue;
+            }
+            // D-001: Check scripts/ subdirectory
+            if (relPath.startsWith('scripts/') || relPath.startsWith('scripts\\')) {
+                findings.push(...this.auditScriptFile(file, relPath));
+            }
+            // D-003: Hidden files
+            if (this.isHiddenFile(relPath)) {
+                findings.push(...this.checkHiddenFile(file, relPath));
+            }
+            // D-004: Symbolic link escape
+            if (this.isSymlink(file)) {
+                findings.push(...this.checkSymlink(file, relPath, absRoot));
+            }
+        }
+        // D-005: Cross-file URL references
+        findings.push(...this.checkCrossFileRefs(absRoot, allFiles));
+        return findings;
+    }
+    // ── D-001: Script file audit ──
+    auditScriptFile(filePath, relPath) {
+        const findings = [];
+        try {
+            const ext = filePath.split('.').pop()?.toLowerCase();
+            const content = readFileSync(filePath, 'utf-8');
+            // Reuse InstructionScanner rules on script content
+            const scanner = new InstructionScanner();
+            const mockSkill = {
+                name: relPath,
+                description: '',
+                instructions: content,
+                metadata: { sourceFormat: '.cursorrules' },
+                platformSpecific: {},
+            };
+            const scriptFindings = scanner.audit(mockSkill, relPath);
+            // Re-tag findings with D prefix
+            for (const f of scriptFindings) {
+                findings.push({
+                    ...f,
+                    id: `D-001-${f.id}`,
+                    filePath: relPath,
+                });
+            }
+            // Check file extension against allowed script types
+            const allowedExts = ['sh', 'py', 'js', 'ts', 'bash', 'zsh', 'ps1', 'bat'];
+            if (!allowedExts.includes(ext ?? '')) {
+                const size = statSync(filePath).size;
+                if (size > 0 && size < 1024 * 1024) {
+                    // Small binary or unusual script
+                    const header = content.slice(0, 100);
+                    if (/[\x00-\x08\x0e-\x1f]/.test(header)) {
+                        findings.push({
+                            id: 'D-001b',
+                            severity: 'medium',
+                            title: 'scripts/ 中包含疑似二进制或混淆文件',
+                            description: `${relPath} 包含二进制内容，可能是打包的恶意载荷`,
+                            filePath: relPath,
+                            recommendation: '检查该文件的真实内容',
+                        });
+                    }
+                }
+            }
+        }
+        catch {
+            // Binary or unreadable file — flag if suspicious
+            try {
+                const size = statSync(filePath).size;
+                if (size > 0 && size < 10 * 1024 * 1024) {
+                    findings.push({
+                        id: 'D-001c',
+                        severity: 'low',
+                        title: '无法读取脚本文件',
+                        description: `${relPath} 无法作为文本读取，可能是二进制文件`,
+                        filePath: relPath,
+                        recommendation: '确认该文件是否属于 skill 的必要部分',
+                    });
+                }
+            }
+            catch {
+                // Skip unreadable
+            }
+        }
+        return findings;
+    }
+    // ── D-003: Hidden file checks ──
+    isHiddenFile(relPath) {
+        const parts = relPath.split(/[/\\]/);
+        return parts.some((p) => p.startsWith('.') && p.length > 1);
+    }
+    checkHiddenFile(filePath, relPath) {
+        const findings = [];
+        const name = relPath.split(/[/\\]/).pop() ?? '';
+        // Check for sensitive hidden files
+        const sensitivePatterns = [
+            { pattern: /^\.env/, severity: 'high', desc: '环境变量文件，可能包含 API key 和密码' },
+            { pattern: /^\.git[^/]*$/, severity: 'high', desc: 'Git 配置目录/文件，可能泄露仓库信息' },
+            { pattern: /^\.npmrc/, severity: 'medium', desc: 'npm 配置文件，可能包含认证 token' },
+            { pattern: /^\.aws/, severity: 'high', desc: 'AWS 配置目录，可能包含云凭证' },
+            { pattern: /^\.ssh/, severity: 'critical', desc: 'SSH 配置目录，可能包含私钥' },
+            { pattern: /^\.docker/, severity: 'high', desc: 'Docker 配置目录' },
+            { pattern: /^\.kube/, severity: 'high', desc: 'Kubernetes 配置目录，可能包含集群凭证' },
+        ];
+        for (const sp of sensitivePatterns) {
+            if (sp.pattern.test(name)) {
+                findings.push({
+                    id: 'D-003',
+                    severity: sp.severity,
+                    title: `目录中包含敏感文件: ${relPath}`,
+                    description: sp.desc,
+                    filePath: relPath,
+                    recommendation: '将敏感配置文件从 skill 目录中移除，使用环境变量引用',
+                    cwe: 'CWE-522',
+                });
+                return findings; // One match per file
+            }
+        }
+        // Generic hidden file (non-sensitive)
+        if (!relPath.startsWith('.')) {
+            findings.push({
+                id: 'D-003b',
+                severity: 'low',
+                title: `目录中包含隐藏文件: ${relPath}`,
+                description: `${relPath} 是隐藏文件，可能无意中包含在 skill 中`,
+                filePath: relPath,
+                recommendation: '确认该文件是否应该包含在 skill 中',
+            });
+        }
+        return findings;
+    }
+    // ── D-004: Symlink escape ──
+    isSymlink(filePath) {
+        try {
+            return lstatSync(filePath).isSymbolicLink();
+        }
+        catch {
+            return false;
+        }
+    }
+    checkSymlink(filePath, relPath, rootPath) {
+        const findings = [];
+        try {
+            const realPath = resolve(rootPath, readFileSync(filePath, 'utf-8'));
+            const absRoot = resolve(rootPath);
+            if (!realPath.startsWith(absRoot)) {
+                findings.push({
+                    id: 'D-004',
+                    severity: 'high',
+                    title: '符号链接逃逸到 skill 目录外',
+                    description: `${relPath} 是一个符号链接，指向目录外的路径: ${realPath}`,
+                    filePath: relPath,
+                    recommendation: '移除指向目录外的符号链接，或将目标文件复制到 skill 目录内',
+                    cwe: 'CWE-59',
+                });
+            }
+        }
+        catch {
+            // Can't resolve symlink
+        }
+        return findings;
+    }
+    // ── D-005: Cross-file reference chain ──
+    checkCrossFileRefs(rootPath, allFiles) {
+        const findings = [];
+        const urlRegex = /https?:\/\/[^\s'"]+/g;
+        for (const file of allFiles) {
+            try {
+                const content = readFileSync(file, 'utf-8');
+                const urls = content.match(urlRegex);
+                if (!urls)
+                    continue;
+                for (const url of urls) {
+                    // Flag URLs that download and execute scripts
+                    if (/(?:curl|wget)\s+.*(?:https?:\/\/)/i.test(content)) {
+                        const relPath = relative(rootPath, file);
+                        findings.push({
+                            id: 'D-005',
+                            severity: 'high',
+                            title: `文件引用外部 URL 并可能执行: ${relPath}`,
+                            description: `${relPath} 中包含 curl/wget 外部 URL 的指令`,
+                            filePath: relPath,
+                            recommendation: '审查该外部 URL 的内容，确保来源可信',
+                            cwe: 'CWE-494',
+                        });
+                        break;
+                    }
+                }
+            }
+            catch {
+                // Skip binary
+            }
+        }
+        return findings;
+    }
+    // ── Helpers ──
+    locateRoot(skill, filePath) {
+        // Try attached files for directory clues
+        if (skill.metadata.attachedFiles && skill.metadata.attachedFiles.length > 0) {
+            const first = skill.metadata.attachedFiles[0];
+            const dir = join(first.absolutePath, '..');
+            if (existsSync(dir))
+                return dir;
+        }
+        // Try parent of the skill file
+        const dir = resolve(filePath, '..');
+        if (existsSync(dir))
+            return dir;
+        // Try the file path itself
+        if (existsSync(filePath) && statSync(filePath).isDirectory())
+            return filePath;
+        return null;
+    }
+    collectFiles(dirPath) {
+        const files = [];
+        try {
+            const entries = readdirSync(dirPath);
+            for (const entry of entries) {
+                if (entry === '.git' || entry === 'node_modules')
+                    continue;
+                const fullPath = join(dirPath, entry);
+                try {
+                    if (lstatSync(fullPath).isDirectory()) {
+                        files.push(...this.collectFiles(fullPath));
+                    }
+                    else {
+                        files.push(fullPath);
+                    }
+                }
+                catch {
+                    // Permission denied, skip
+                }
+            }
+        }
+        catch {
+            // Can't read, skip
+        }
+        return files;
+    }
+}
+//# sourceMappingURL=directory-scanner.js.map

package/dist/audit/scanner/directory-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"directory-scanner.js","sourceRoot":"","sources":["../../../src/audit/scanner/directory-scanner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACrF,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAGpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAE9D;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,gBAAgB;IAClB,EAAE,GAAG,mBAAmB,CAAC;IACzB,IAAI,GAAG,WAAW,CAAC;IACnB,WAAW,GAAG,qBAAqB,CAAC;IACpC,iBAAiB,GAAG,IAAI,CAAC;IAElC;;;;OAIG;IACH,KAAK,CAAC,KAAwB,EAAE,QAAgB;QAC9C,wDAAwD;QACxD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YACzE,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,QAAgB,EAAE,aAAsB;QACrD,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QAElC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACzB,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,oBAAoB;QACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAE5C,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAExC,sDAAsD;YACtD,IAAI,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC9D,SAAS;YACX,CAAC;YAED,qCAAqC;YACrC,IAAI,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;gBACtE,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;YACxD,CAAC;YAED,sBAAsB;YACtB,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/B,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;YACxD,CAAC;YAED,8BAA8B;YAC9B,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzB,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,mCAAmC;QACnC,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QAE7D,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,iCAAiC;IAEzB,eAAe,CAAC,QAAgB,EAAE,OAAe;QACvD,MAAM,QAAQ,GAAmB,EAAE,CAAC;QAEpC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,CAAC;YACrD,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEhD,mDAAmD;YACnD,MAAM,OAAO,GAAG,IAAI,kBAAkB,EAAE,CAAC;YACzC,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,OAAO;gBACb,WAAW,EAAE,EAAE;gBACf,YAAY,EAAE,OAAO;gBACrB,QAAQ,EAAE,EAAE,YAAY,EAAE,cAAc,EAAE;gBAC1C,gBAAgB,EAAE,EAAE;aACrB,CAAC;YACF,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAEzD,gCAAgC;YAChC,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;gBAC/B,QAAQ,CAAC,IAAI,CAAC;oBACZ,GAAG,CAAC;oBACJ,EAAE,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE;oBACnB,QAAQ,EAAE,OAAO;iBAClB,CAAC,CAAC;YACL,CAAC;YAED,oDAAoD;YACpD,MAAM,WAAW,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;YAC1E,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,CAAC;gBACrC,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC;gBACrC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;oBACnC,iCAAiC;oBACjC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;oBACrC,IAAI,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;wBACxC,QAAQ,CAAC,IAAI,CAAC;4BACZ,EAAE,EAAE,QAAQ;4BACZ,QAAQ,EAAE,QAAQ;4BAClB,KAAK,EAAE,wBAAwB;4BAC/B,WAAW,EAAE,GAAG,OAAO,qBAAqB;4BAC5C,QAAQ,EAAE,OAAO;4BACjB,cAAc,EAAE,YAAY;yBAC7B,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,iDAAiD;YACjD,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC;gBACrC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;oBACxC,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,QAAQ;wBACZ,QAAQ,EAAE,KAAK;wBACf,KAAK,EAAE,UAAU;wBACjB,WAAW,EAAE,GAAG,OAAO,oBAAoB;wBAC3C,QAAQ,EAAE,OAAO;wBACjB,cAAc,EAAE,uBAAuB;qBACxC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,kBAAkB;YACpB,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,kCAAkC;IAE1B,YAAY,CAAC,OAAe;QAClC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9D,CAAC;IAEO,eAAe,CAAC,QAAgB,EAAE,OAAe;QACvD,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QAEhD,mCAAmC;QACnC,MAAM,iBAAiB,GAAG;YACxB,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAe,EAAE,IAAI,EAAE,yBAAyB,EAAE;YACjF,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAe,EAAE,IAAI,EAAE,sBAAsB,EAAE;YACpF,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAiB,EAAE,IAAI,EAAE,uBAAuB,EAAE;YACnF,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAe,EAAE,IAAI,EAAE,kBAAkB,EAAE;YAC1E,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAmB,EAAE,IAAI,EAAE,iBAAiB,EAAE;YAC7E,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAe,EAAE,IAAI,EAAE,aAAa,EAAE;YACxE,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAe,EAAE,IAAI,EAAE,0BAA0B,EAAE;SACpF,CAAC;QAEF,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;YACnC,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1B,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,OAAO;oBACX,QAAQ,EAAE,EAAE,CAAC,QAAQ;oBACrB,KAAK,EAAE,cAAc,OAAO,EAAE;oBAC9B,WAAW,EAAE,EAAE,CAAC,IAAI;oBACpB,QAAQ,EAAE,OAAO;oBACjB,cAAc,EAAE,+BAA+B;oBAC/C,GAAG,EAAE,SAAS;iBACf,CAAC,CAAC;gBACH,OAAO,QAAQ,CAAC,CAAC,qBAAqB;YACxC,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,QAAQ;gBACZ,QAAQ,EAAE,KAAK;gBACf,KAAK,EAAE,cAAc,OAAO,EAAE;gBAC9B,WAAW,EAAE,GAAG,OAAO,yBAAyB;gBAChD,QAAQ,EAAE,OAAO;gBACjB,cAAc,EAAE,sBAAsB;aACvC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,8BAA8B;IAEtB,SAAS,CAAC,QAAgB;QAChC,IAAI,CAAC;YACH,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC,cAAc,EAAE,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,YAAY,CAAC,QAAgB,EAAE,OAAe,EAAE,QAAgB;QACtE,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YACpE,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;YAElC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClC,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,OAAO;oBACX,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,mBAAmB;oBAC1B,WAAW,EAAE,GAAG,OAAO,sBAAsB,QAAQ,EAAE;oBACvD,QAAQ,EAAE,OAAO;oBACjB,cAAc,EAAE,kCAAkC;oBAClD,GAAG,EAAE,QAAQ;iBACd,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,0CAA0C;IAElC,kBAAkB,CAAC,QAAgB,EAAE,QAAkB;QAC7D,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,sBAAsB,CAAC;QAExC,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBACrC,IAAI,CAAC,IAAI;oBAAE,SAAS;gBAEpB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,8CAA8C;oBAC9C,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;wBACvD,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;wBACzC,QAAQ,CAAC,IAAI,CAAC;4BACZ,EAAE,EAAE,OAAO;4BACX,QAAQ,EAAE,MAAM;4BAChB,KAAK,EAAE,qBAAqB,OAAO,EAAE;4BACrC,WAAW,EAAE,GAAG,OAAO,2BAA2B;4BAClD,QAAQ,EAAE,OAAO;4BACjB,cAAc,EAAE,sBAAsB;4BACtC,GAAG,EAAE,SAAS;yBACf,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,cAAc;YAChB,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,gBAAgB;IAER,UAAU,CAAC,KAAwB,EAAE,QAAgB;QAC3D,yCAAyC;QACzC,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5E,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;YAC3C,IAAI,UAAU,CAAC,GAAG,CAAC;gBAAE,OAAO,GAAG,CAAC;QAClC,CAAC;QAED,+BAA+B;QAC/B,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACpC,IAAI,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC;QAEhC,2BAA2B;QAC3B,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE;YAAE,OAAO,QAAQ,CAAC;QAE9E,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,YAAY,CAAC,OAAe;QAClC,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;YACrC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,cAAc;oBAAE,SAAS;gBAC3D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBACtC,IAAI,CAAC;oBACH,IAAI,SAAS,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;wBACtC,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC7C,CAAC;yBAAM,CAAC;wBACN,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACvB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,0BAA0B;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,mBAAmB;QACrB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}

package/dist/audit/scanner/instruction-scanner.d.ts

@@ -0,0 +1,20 @@
+import type { Auditor, AuditFinding } from '../auditor.interface.js';
+import type { IntermediateSkill } from '../../core/types.js';
+/**
+ * InstructionScanner (L1)
+ *
+ * Scans the instructions body of any skill format for:
+ * - Dangerous shell commands (rm -rf, sudo, etc.)
+ * - Remote code execution patterns (curl|sh, eval)
+ * - Prompt injection / jailbreak attempts
+ * - Suspicious URL references
+ * - Base64/hex encoded commands
+ */
+export declare class InstructionScanner implements Auditor {
+    readonly id = "instruction-scanner";
+    readonly name = "\u6307\u4EE4\u626B\u63CF\u5668 (L1)";
+    readonly description = "\u626B\u63CF skill \u6307\u4EE4\u4E2D\u7684\u5371\u9669\u547D\u4EE4\u3001prompt \u6CE8\u5165\u3001\u7F51\u7EDC\u5916\u94FE\u7B49";
+    audit(skill: IntermediateSkill, filePath: string): AuditFinding[];
+    private checkEncoding;
+}
+//# sourceMappingURL=instruction-scanner.d.ts.map

package/dist/audit/scanner/instruction-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"instruction-scanner.d.ts","sourceRoot":"","sources":["../../../src/audit/scanner/instruction-scanner.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACrE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAK7D;;;;;;;;;GASG;AACH,qBAAa,kBAAmB,YAAW,OAAO;IAChD,QAAQ,CAAC,EAAE,yBAAyB;IACpC,QAAQ,CAAC,IAAI,yCAAgB;IAC7B,QAAQ,CAAC,WAAW,sIAAuC;IAE3D,KAAK,CAAC,KAAK,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,GAAG,YAAY,EAAE;IA4EjE,OAAO,CAAC,aAAa;CAmDtB"}

package/dist/audit/scanner/instruction-scanner.js

@@ -0,0 +1,147 @@
+import { DANGEROUS_COMMAND_RULES } from '../rules/dangerous-commands.js';
+import { PROMPT_INJECTION_RULES } from '../rules/prompt-injection.js';
+import { URL_PATTERNS } from '../rules/suspicious-urls.js';
+/**
+ * InstructionScanner (L1)
+ *
+ * Scans the instructions body of any skill format for:
+ * - Dangerous shell commands (rm -rf, sudo, etc.)
+ * - Remote code execution patterns (curl|sh, eval)
+ * - Prompt injection / jailbreak attempts
+ * - Suspicious URL references
+ * - Base64/hex encoded commands
+ */
+export class InstructionScanner {
+    id = 'instruction-scanner';
+    name = '指令扫描器 (L1)';
+    description = '扫描 skill 指令中的危险命令、prompt 注入、网络外链等';
+    audit(skill, filePath) {
+        const findings = [];
+        const instructions = skill.instructions;
+        if (!instructions || instructions.trim().length === 0) {
+            return findings;
+        }
+        const lines = instructions.split('\n');
+        // 1) Check dangerous command patterns
+        for (const rule of DANGEROUS_COMMAND_RULES) {
+            const match = instructions.match(rule.pattern);
+            if (match) {
+                const lineNumber = findLineNumber(lines, match.index ?? 0);
+                findings.push({
+                    id: rule.id,
+                    severity: rule.severity,
+                    title: rule.description.length > 60
+                        ? rule.description.slice(0, 60) + '…'
+                        : rule.description,
+                    description: rule.description,
+                    filePath,
+                    lineNumber,
+                    snippet: extractSnippet(lines, lineNumber),
+                    recommendation: rule.recommendation,
+                    cwe: rule.cwe,
+                });
+            }
+        }
+        // 2) Check prompt injection patterns
+        for (const rule of PROMPT_INJECTION_RULES) {
+            const match = instructions.match(rule.pattern);
+            if (match) {
+                const lineNumber = findLineNumber(lines, match.index ?? 0);
+                findings.push({
+                    id: rule.id,
+                    severity: rule.severity,
+                    title: rule.description.length > 60
+                        ? rule.description.slice(0, 60) + '…'
+                        : rule.description,
+                    description: rule.description,
+                    filePath,
+                    lineNumber,
+                    snippet: extractSnippet(lines, lineNumber),
+                    recommendation: rule.recommendation,
+                    cwe: rule.cwe,
+                });
+            }
+        }
+        // 3) Check for base64/hex encoding (potential obfuscation)
+        findings.push(...this.checkEncoding(instructions, filePath, lines));
+        // 4) Check for suspicious URLs
+        for (const rule of URL_PATTERNS) {
+            const match = instructions.match(rule.pattern);
+            if (match) {
+                const lineNumber = findLineNumber(lines, match.index ?? 0);
+                findings.push({
+                    id: rule.id,
+                    severity: rule.severity,
+                    title: rule.description,
+                    description: rule.description,
+                    filePath,
+                    lineNumber,
+                    snippet: extractSnippet(lines, lineNumber),
+                    recommendation: rule.recommendation,
+                });
+            }
+        }
+        return findings;
+    }
+    checkEncoding(instructions, filePath, lines) {
+        const findings = [];
+        // Detect base64 decode then execute patterns
+        const b64Exec = /(?:base64\s*-d|base64\s*--decode|frombase64)\s*[|;]\s*(?:sh|bash|python|node)\b/i;
+        const b64Match = instructions.match(b64Exec);
+        if (b64Match) {
+            findings.push({
+                id: 'L1-008a',
+                severity: 'high',
+                title: 'Base64 解码后执行，可能隐藏恶意指令',
+                description: '对 base64 编码内容解码后执行，可能用于隐藏恶意载荷',
+                filePath,
+                lineNumber: findLineNumber(lines, b64Match.index ?? 0),
+                snippet: extractSnippet(lines, findLineNumber(lines, b64Match.index ?? 0)),
+                recommendation: '审查解码后的实际内容是否安全',
+                cwe: 'CWE-693',
+            });
+        }
+        // Detect long base64 strings embedded in commands
+        const longB64 = /['"][A-Za-z0-9+/=]{100,}['"]/g;
+        let b64StringMatch;
+        while ((b64StringMatch = longB64.exec(instructions)) !== null) {
+            // Only flag if it looks like it's being used somehow (near a command)
+            const ctxStart = Math.max(0, b64StringMatch.index - 60);
+            const ctxEnd = Math.min(instructions.length, b64StringMatch.index + b64StringMatch[0].length + 60);
+            const context = instructions.slice(ctxStart, ctxEnd);
+            const suspiciousContext = /\b(run|exec|eval|decode|execute|load|import|source)\b/i.test(context);
+            if (suspiciousContext) {
+                findings.push({
+                    id: 'L1-008b',
+                    severity: 'medium',
+                    title: '指令中包含长 base64 编码字符串',
+                    description: '疑似编码混淆，可能隐藏恶意载荷',
+                    filePath,
+                    lineNumber: findLineNumber(lines, b64StringMatch.index),
+                    snippet: extractSnippet(lines, findLineNumber(lines, b64StringMatch.index)),
+                    recommendation: '审查 base64 解码后的内容',
+                    cwe: 'CWE-693',
+                });
+            }
+        }
+        return findings;
+    }
+}
+// ── Helpers ──
+function findLineNumber(lines, charIndex) {
+    let pos = 0;
+    for (let i = 0; i < lines.length; i++) {
+        pos += lines[i].length + 1; // +1 for newline
+        if (pos > charIndex)
+            return i + 1; // 1-indexed
+    }
+    return lines.length;
+}
+function extractSnippet(lines, lineNumber) {
+    const idx = lineNumber - 1;
+    if (idx < 0 || idx >= lines.length)
+        return '';
+    const line = lines[idx].trim();
+    return line.length > 120 ? line.slice(0, 120) + '…' : line;
+}
+//# sourceMappingURL=instruction-scanner.js.map

package/dist/audit/scanner/instruction-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"instruction-scanner.js","sourceRoot":"","sources":["../../../src/audit/scanner/instruction-scanner.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AACzE,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAE3D;;;;;;;;;GASG;AACH,MAAM,OAAO,kBAAkB;IACpB,EAAE,GAAG,qBAAqB,CAAC;IAC3B,IAAI,GAAG,YAAY,CAAC;IACpB,WAAW,GAAG,mCAAmC,CAAC;IAE3D,KAAK,CAAC,KAAwB,EAAE,QAAgB;QAC9C,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,MAAM,YAAY,GAAG,KAAK,CAAC,YAAY,CAAC;QAExC,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEvC,sCAAsC;QACtC,KAAK,MAAM,IAAI,IAAI,uBAAuB,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC/C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC;gBAC3D,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,EAAE;wBACjC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG;wBACrC,CAAC,CAAC,IAAI,CAAC,WAAW;oBACpB,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,QAAQ;oBACR,UAAU;oBACV,OAAO,EAAE,cAAc,CAAC,KAAK,EAAE,UAAU,CAAC;oBAC1C,cAAc,EAAE,IAAI,CAAC,cAAc;oBACnC,GAAG,EAAE,IAAI,CAAC,GAAG;iBACd,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,KAAK,MAAM,IAAI,IAAI,sBAAsB,EAAE,CAAC;YAC1C,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC/C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC;gBAC3D,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,EAAE;wBACjC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG;wBACrC,CAAC,CAAC,IAAI,CAAC,WAAW;oBACpB,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,QAAQ;oBACR,UAAU;oBACV,OAAO,EAAE,cAAc,CAAC,KAAK,EAAE,UAAU,CAAC;oBAC1C,cAAc,EAAE,IAAI,CAAC,cAAc;oBACnC,GAAG,EAAE,IAAI,CAAC,GAAG;iBACd,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,2DAA2D;QAC3D,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;QAEpE,+BAA+B;QAC/B,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC/C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC;gBAC3D,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,KAAK,EAAE,IAAI,CAAC,WAAW;oBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,QAAQ;oBACR,UAAU;oBACV,OAAO,EAAE,cAAc,CAAC,KAAK,EAAE,UAAU,CAAC;oBAC1C,cAAc,EAAE,IAAI,CAAC,cAAc;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,aAAa,CACnB,YAAoB,EACpB,QAAgB,EAChB,KAAe;QAEf,MAAM,QAAQ,GAAmB,EAAE,CAAC;QAEpC,6CAA6C;QAC7C,MAAM,OAAO,GAAG,kFAAkF,CAAC;QACnG,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,SAAS;gBACb,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,uBAAuB;gBAC9B,WAAW,EAAE,+BAA+B;gBAC5C,QAAQ;gBACR,UAAU,EAAE,cAAc,CAAC,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,CAAC,CAAC;gBACtD,OAAO,EAAE,cAAc,CAAC,KAAK,EAAE,cAAc,CAAC,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC;gBAC1E,cAAc,EAAE,gBAAgB;gBAChC,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;QACL,CAAC;QAED,kDAAkD;QAClD,MAAM,OAAO,GAAG,+BAA+B,CAAC;QAChD,IAAI,cAAsC,CAAC;QAC3C,OAAO,CAAC,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9D,sEAAsE;YACtE,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,cAAc,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;YACxD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,cAAc,CAAC,KAAK,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;YACnG,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YACrD,MAAM,iBAAiB,GACrB,wDAAwD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzE,IAAI,iBAAiB,EAAE,CAAC;gBACtB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,SAAS;oBACb,QAAQ,EAAE,QAAQ;oBAClB,KAAK,EAAE,qBAAqB;oBAC5B,WAAW,EAAE,iBAAiB;oBAC9B,QAAQ;oBACR,UAAU,EAAE,cAAc,CAAC,KAAK,EAAE,cAAc,CAAC,KAAK,CAAC;oBACvD,OAAO,EAAE,cAAc,CAAC,KAAK,EAAE,cAAc,CAAC,KAAK,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC;oBAC3E,cAAc,EAAE,kBAAkB;oBAClC,GAAG,EAAE,SAAS;iBACf,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AAED,gBAAgB;AAEhB,SAAS,cAAc,CAAC,KAAe,EAAE,SAAiB;IACxD,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,iBAAiB;QAC7C,IAAI,GAAG,GAAG,SAAS;YAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY;IACjD,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,CAAC;AACtB,CAAC;AAED,SAAS,cAAc,CAAC,KAAe,EAAE,UAAkB;IACzD,MAAM,GAAG,GAAG,UAAU,GAAG,CAAC,CAAC;IAC3B,IAAI,GAAG,GAAG,CAAC,IAAI,GAAG,IAAI,KAAK,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IAC9C,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/B,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;AAC7D,CAAC"}

package/dist/audit/scanner/mcp-scanner.d.ts

@@ -0,0 +1,17 @@
+import type { Auditor, AuditFinding } from '../auditor.interface.js';
+import type { IntermediateSkill, FormatType } from '../../core/types.js';
+/**
+ * MCPScanner (L3)
+ *
+ * Deep audit for MCP JSON format files.
+ * Checks for tool poisoning, tool shadowing, sensitive data exposure,
+ * and other MCP-specific risks aligned with OWASP MCP Top 10.
+ */
+export declare class MCPScanner implements Auditor {
+    readonly id = "mcp-scanner";
+    readonly name = "MCP \u4E13\u9879\u626B\u63CF\u5668 (L3)";
+    readonly description = "\u6DF1\u5EA6\u5BA1\u8BA1 MCP JSON \u914D\u7F6E\u4E2D\u7684\u5B89\u5168\u98CE\u9669";
+    readonly supportedFormats: FormatType[];
+    audit(skill: IntermediateSkill, filePath: string): AuditFinding[];
+}
+//# sourceMappingURL=mcp-scanner.d.ts.map

package/dist/audit/scanner/mcp-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-scanner.d.ts","sourceRoot":"","sources":["../../../src/audit/scanner/mcp-scanner.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACrE,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEzE;;;;;;GAMG;AACH,qBAAa,UAAW,YAAW,OAAO;IACxC,QAAQ,CAAC,EAAE,iBAAiB;IAC5B,QAAQ,CAAC,IAAI,6CAAoB;IACjC,QAAQ,CAAC,WAAW,wFAA4B;IAEhD,QAAQ,CAAC,gBAAgB,EAAE,UAAU,EAAE,CAAgB;IAEvD,KAAK,CAAC,KAAK,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,GAAG,YAAY,EAAE;CAwLlE"}