vigile-scan 2.1.0 → 3.0.1

package/README.md

@@ -11,7 +11,7 @@
 npx vigile-scan
 ```
 
-That's it. No install, no config. Vigile discovers your MCP server configurations and agent skill files, scans them against 54 detection rules, and gives you a trust score for each one.
+That's it. No install, no config. Vigile discovers your MCP server configurations and agent skill files, scans them against 59 detection rules, and gives you a trust score for each one.
 
 ## What It Detects
 
@@ -25,7 +25,7 @@ That's it. No install, no config. Vigile discovers your MCP server configuration
 | OB-001–004 | Obfuscation | Base64 content, zero-width Unicode, hex-encoded strings, Unicode escapes |
 | EV/AR/CM | Inline Checks | Sensitive env vars, security bypass flags, sensitive directory args, auto-install (npx -y), typosquatting |
 
-### Agent Skill Threats (27 patterns)
+### Agent Skill Threats (32 patterns)
 
 | ID | Category | What It Catches |
 |----|----------|-----------------|
@@ -35,6 +35,7 @@ That's it. No install, no config. Vigile discovers your MCP server configuration
 | SK-030–033 | Safety Bypass | Confirmation bypass, safety feature disable, force flags, root/sudo escalation |
 | SK-040–043 | Persistence Abuse | Startup file modification, memory file tampering, cron jobs, git hook injection |
 | SK-050–053 | Data Exfiltration | Credential harvesting, URL-based exfiltration, filesystem enumeration, env var dumping |
+| SK-060–064 | Location Guard | GPS spoofing, location-aware triggers, geo-targeting attacks, location-based access control bypass |
 
 ## Platforms
 
@@ -160,15 +161,15 @@ When you run `--sentinel`, Vigile intercepts outbound network traffic from your
 - **DNS tunneling** — data exfiltration hidden in DNS queries
 - **Unexpected destinations** — connections to IPs/domains outside the expected set
 
-Sentinel is available on Pro ($29/mo) and Pro+ ($99/mo) plans. Free users can run static scans with no limits.
+Sentinel is available on Pro ($30/mo) and Pro+ ($100/mo) plans. Free users can run static scans with no limits.
 
 ## Pricing
 
 | Tier | Price | Highlights |
 |------|-------|------------|
 | Free | $0/forever | Unlimited CLI scans, 50 API scans/month, registry browsing |
-| Pro | $29/mo | Sentinel monitoring (5 min, 3 servers), 1,000 API scans |
-| Pro+ | $99/mo | Sentinel (30 min, 10 servers), DNS tunneling & C2 detection, alerts |
+| Pro | $30/mo | Sentinel monitoring (5 min, 3 servers), 1,000 API scans |
+| Pro+ | $100/mo | Sentinel (30 min, 10 servers), DNS tunneling & C2 detection, alerts |
 
 ## Links
 

package/dist/index.js

@@ -31,7 +31,7 @@ var require_package = __commonJS({
   "package.json"(exports2, module2) {
     module2.exports = {
       name: "vigile-scan",
-      version: "2.1.0",
+      version: "3.0.1",
       description: "Security scanner for AI agent tools \u2014 detect tool poisoning, permission abuse, and supply chain attacks in MCP servers and agent skills",
       main: "dist/index.js",
       bin: {
@@ -52,7 +52,10 @@ var require_package = __commonJS({
         test: "vitest run",
         "test:watch": "vitest",
         "test:coverage": "vitest run --coverage",
-        prepublishOnly: "npm run build"
+        "audit:check": "npm audit --omit=dev --audit-level=moderate",
+        "audit:all": "npm audit --audit-level=moderate",
+        preversion: "npm run build && npm test && npm run audit:check",
+        prepublishOnly: "npm run build && npm test && npm run audit:check"
       },
       keywords: [
         "mcp",
@@ -94,9 +97,12 @@ var require_package = __commonJS({
         ora: "^8.1.0"
       },
       devDependencies: {
+        "@eslint/js": "^10.0.1",
         "@types/node": "^20.11.0",
+        eslint: "^10.0.3",
         tsup: "^8.0.0",
         typescript: "^5.4.0",
+        "typescript-eslint": "^8.56.1",
         vitest: "^2.0.0"
       }
     };
@@ -720,6 +726,7 @@ var OBFUSCATION_PATTERNS = [
     category: "obfuscation",
     severity: "high",
     title: "Zero-width characters detected",
+    // eslint-disable-next-line no-misleading-character-class -- intentional: detecting zero-width unicode
     pattern: /[\u200B\u200C\u200D\uFEFF\u2060\u2061\u2062\u2063\u2064]/,
     description: "Tool description contains invisible zero-width Unicode characters that may hide content.",
     recommendation: "Strip zero-width characters and inspect the resulting text."
@@ -1073,6 +1080,7 @@ var INSTRUCTION_INJECTION_PATTERNS = [
     category: "instruction-injection",
     severity: "medium",
     title: "Invisible unicode directives",
+    // eslint-disable-next-line no-misleading-character-class -- intentional: detecting invisible unicode clusters
     pattern: /[\u200B\u200C\u200D\uFEFF\u2060-\u2064\u00AD]{3,}/,
     description: "Skill file contains clusters of invisible Unicode characters that may hide instructions from visual review.",
     recommendation: "Strip invisible characters and inspect the resulting content."
@@ -1277,13 +1285,61 @@ var SKILL_EXFILTRATION_PATTERNS = [
     recommendation: "Review why this skill needs access to all environment variables."
   }
 ];
+var LOCATION_PATTERNS = [
+  {
+    id: "SK-060",
+    category: "location-privacy",
+    severity: "high",
+    title: "Browser geolocation access",
+    pattern: /(?:navigator\s*\.\s*geolocation|getCurrentPosition|watchPosition|GeolocationPosition|geolocation\s*\.\s*(?:get|watch|clear))/i,
+    description: "Skill accesses browser geolocation API, which reveals the user's precise physical location.",
+    recommendation: "Verify this skill genuinely needs location data. Geolocation exposes latitude/longitude \u2014 high privacy risk if exfiltrated."
+  },
+  {
+    id: "SK-061",
+    category: "location-privacy",
+    severity: "high",
+    title: "Mobile/native geolocation library",
+    pattern: /(?:@react-native-community\/geolocation|expo-location|react-native-geolocation|Geolocation\.requestAuthorization|CLLocationManager|LocationManager|FusedLocationProvider|ACCESS_FINE_LOCATION|ACCESS_COARSE_LOCATION|requestLocationPermission)/i,
+    description: "Skill uses a native mobile geolocation library to access device GPS coordinates.",
+    recommendation: "Mobile location APIs provide high-precision GPS data. Ensure this skill has a legitimate need for physical location and does not transmit it externally."
+  },
+  {
+    id: "SK-062",
+    category: "location-privacy",
+    severity: "critical",
+    title: "Location data exfiltration",
+    pattern: /(?:(?:send|post|upload|transmit|exfiltrate|forward|share|log|track|record)\s+(?:the\s+)?(?:user(?:'s)?\s+)?(?:location|coordinates?|gps|lat(?:itude)?|lng|lon(?:gitude)?|geo(?:location)?|position|whereabouts))|(?:(?:location|coordinates?|gps|lat(?:itude)?|lng|lon(?:gitude)?|geo(?:location)?|position)\s+(?:to|via|through|using)\s+(?:https?|api|endpoint|server|webhook|url))/i,
+    description: "Skill instructs the agent to send location data to an external endpoint. This is a location exfiltration pattern.",
+    recommendation: "CRITICAL: Do NOT install. This skill attempts to exfiltrate physical location data \u2014 a severe privacy violation."
+  },
+  {
+    id: "SK-063",
+    category: "location-privacy",
+    severity: "medium",
+    title: "IP-based geolocation lookup",
+    pattern: /(?:ip-api\.com|ipinfo\.io|ipgeolocation|ip2location|geoip|maxmind|freegeoip|geolite|ip\s*(?:to|2)\s*(?:geo|location))|(?:(?:get|fetch|lookup|resolve)\s+(?:the\s+)?(?:user(?:'s)?\s+)?(?:location|city|country|region|timezone)\s+(?:from|via|using)\s+(?:ip|IP))/i,
+    description: "Skill performs IP-based geolocation to approximate the user's physical location without explicit GPS access.",
+    recommendation: "IP geolocation bypasses browser permission prompts. Verify this skill needs approximate location and isn't using it to fingerprint or track users."
+  },
+  {
+    id: "SK-064",
+    category: "location-privacy",
+    severity: "medium",
+    title: "Geofencing or location boundary check",
+    pattern: /(?:geofenc(?:e|ing)|location\s*(?:boundary|fence|perimeter|zone|radius|range)|within\s+(?:\d+\s*)?(?:meters?|miles?|km|kilometers?)\s+of|haversine|vincenty|h3\s*(?:cell|index|resolution|boundary)|(?:enter|exit|cross)(?:ing|ed)?\s+(?:the\s+)?(?:geo)?fence)/i,
+    description: "Skill implements geofencing or location boundary detection, which requires continuous location monitoring.",
+    recommendation: "Geofencing requires persistent location tracking. Review whether the boundary checks are appropriate and data isn't being logged or exfiltrated."
+  }
+];
 var ALL_SKILL_PATTERNS = [
   ...INSTRUCTION_INJECTION_PATTERNS,
   ...MALWARE_DELIVERY_PATTERNS,
   ...STEALTH_PATTERNS,
   ...SAFETY_BYPASS_PATTERNS,
   ...PERSISTENCE_PATTERNS,
-  ...SKILL_EXFILTRATION_PATTERNS
+  ...SKILL_EXFILTRATION_PATTERNS,
+  ...LOCATION_PATTERNS
 ];
 
 // src/scanner/skill-scanner.ts
@@ -1351,7 +1407,7 @@ function analyzeStructure(skill) {
   let codeMatch;
   while ((codeMatch = codeBlockPattern.exec(content)) !== null) {
     const codeBlock = codeMatch[1];
-    if (/rm\s+-rf\s+[\/~]|rm\s+-rf\s+\$\{?HOME/.test(codeBlock)) {
+    if (/rm\s+-rf\s+[/~]|rm\s+-rf\s+\$\{?HOME/.test(codeBlock)) {
       findings.push({
         id: "SK-061",
         category: "permission-abuse",
@@ -3633,6 +3689,7 @@ var SECRET_PATTERNS = [
     provider: "cryptographic",
     severity: "critical",
     pattern: /-----BEGIN PGP PRIVATE KEY BLOCK-----/,
+    // nosemgrep: detected-pgp-private-key-block — this is a detection pattern, not an actual key
     description: "PGP/GPG private key embedded in source.",
     recommendation: "Remove and revoke the key at your keyserver."
   },
@@ -5165,7 +5222,7 @@ async function runScan(options) {
     if (options.output) {
       await (0, import_promises5.writeFile)(options.output, jsonOutput);
     } else {
-      await new Promise((resolve, reject) => {
+      await new Promise((resolve, _reject) => {
         const ok = process.stdout.write(jsonOutput + "\n");
         if (ok) resolve();
         else process.stdout.once("drain", resolve);