vigile-scan 0.2.4 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +18 -17
  2. package/dist/index.js +413 -95
  3. package/dist/index.js.map +1 -1
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -11,30 +11,30 @@
11
11
  npx vigile-scan
12
12
  ```
13
13
 
14
- That's it. No install, no config. Vigile discovers your MCP server configurations and agent skill files, scans them against 46 detection patterns, and gives you a trust score for each one.
14
+ That's it. No install, no config. Vigile discovers your MCP server configurations and agent skill files, scans them against 54 detection rules, and gives you a trust score for each one.
15
15
 
16
16
  ## What It Detects
17
17
 
18
- ### MCP Server Threats (19 patterns)
18
+ ### MCP Server Threats (22 patterns + 5 inline checks)
19
19
 
20
20
  | ID | Category | What It Catches |
21
21
  |----|----------|-----------------|
22
- | TP-001–005 | Tool Poisoning | Hidden instructions in tool descriptions, cross-tool manipulation, schema deception |
23
- | PE-001–004 | Permission & Escalation | Excessive filesystem/network access, privilege escalation, security bypass flags |
24
- | OB-001–002 | Obfuscation | Base64-encoded payloads, character encoding tricks |
25
- | DA-001–004 | Data & Access | Environment variable exposure, credential patterns, data exfiltration URLs |
26
- | | Supply Chain | Typosquatting detection, known malicious packages, auto-install without confirmation |
22
+ | TP-001–008 | Tool Poisoning | Prompt overrides, hidden manipulation, cross-tool injection, whitespace hiding, system prompt references, secrecy directives |
23
+ | EX-001–007 | Data Exfiltration | SSH key access, AWS credentials, .env files, credential files, suspicious URLs, crypto wallet access, browser data |
24
+ | PM-001–004 | Permission Abuse | Code execution (eval/spawn), unrestricted filesystem, network requests, sensitive path access |
25
+ | OB-001–004 | Obfuscation | Base64 content, zero-width Unicode, hex-encoded strings, Unicode escapes |
26
+ | EV/AR/CM | Inline Checks | Sensitive env vars, security bypass flags, sensitive directory args, auto-install (npx -y), typosquatting |
27
27
 
28
28
  ### Agent Skill Threats (27 patterns)
29
29
 
30
30
  | ID | Category | What It Catches |
31
31
  |----|----------|-----------------|
32
- | SK-001–005 | Instruction Injection | Hidden instructions, prompt override, role manipulation, context poisoning |
33
- | SK-006010 | Data Exfiltration | Credential harvesting, file theft, clipboard spying, keylogging instructions |
34
- | SK-011014 | Malware Delivery | Encoded payloads piped to shell, fake prerequisites, persistence mechanisms |
35
- | SK-015018 | Privilege Abuse | Force flags, sudo escalation, security tool disabling, anti-forensics |
36
- | SK-019022 | Social Engineering | Fake error messages, urgency/fear tactics, impersonation, deceptive naming |
37
- | SK-023027 | Cross-Skill Attacks | Skill file tampering, scope creep, resource abuse, shadow dependencies |
32
+ | SK-001–006 | Instruction Injection | Role hijacking, instruction override, hidden markdown instructions, conditional triggers, cross-skill poisoning, invisible Unicode |
33
+ | SK-010014 | Malware Delivery | Remote script piping, reverse shells, suspicious install prerequisites, encoded payloads, typosquatted packages |
34
+ | SK-020023 | Stealth Operations | Silent action directives, output suppression, history/log evasion, deceptive user responses |
35
+ | SK-030033 | Safety Bypass | Confirmation bypass, safety feature disable, force flags, root/sudo escalation |
36
+ | SK-040043 | Persistence Abuse | Startup file modification, memory file tampering, cron jobs, git hook injection |
37
+ | SK-050053 | Data Exfiltration | Credential harvesting, URL-based exfiltration, filesystem enumeration, env var dumping |
38
38
 
39
39
  ## Platforms
40
40
 
@@ -43,9 +43,10 @@ Vigile auto-discovers configurations from:
43
43
  - **Claude Desktop** — `claude_desktop_config.json`
44
44
  - **Claude Code** — `CLAUDE.md`, `.claude/` skill files
45
45
  - **Cursor** — `.cursor/rules/*.mdc`, `.cursorrules`
46
- - **GitHub Copilot** — `.github/copilot/**/*.md`
47
- - **Windsurf** — `windsurf.json`
48
- - **VS Code** — MCP config in settings
46
+ - **GitHub Copilot** — `.github/copilot/**/*.md`, `copilot-instructions.md`
47
+ - **Windsurf** — `windsurf.json`, `.windsurfrules`
48
+ - **VS Code** — `.vscode/mcp.json`
49
+ - **OpenClaw** — `~/.openclaw/openclaw.json`, `openclaw.config.json`
49
50
 
50
51
  ## Usage
51
52
 
@@ -64,7 +65,7 @@ vigile-scan [options]
64
65
  | `-v, --verbose` | Show detailed findings and score breakdown |
65
66
  | `-c, --config <path>` | Path to a custom MCP config file |
66
67
  | `-o, --output <path>` | Write results to a file |
67
- | `--client <name>` | Only scan a specific client (claude-desktop, cursor, claude-code, windsurf, vscode) |
68
+ | `--client <name>` | Only scan a specific client (claude-desktop, cursor, claude-code, windsurf, vscode, openclaw) |
68
69
  | `--no-upload` | Skip uploading scan results to Vigile API |
69
70
 
70
71
  ### Sentinel Runtime Monitoring (Pro)