cisco-ai-skill-scanner 1.0.0__py3-none-any.whl → 1.0.2__py3-none-any.whl

{cisco_ai_skill_scanner-1.0.0.dist-info → cisco_ai_skill_scanner-1.0.2.dist-info}/METADATA

@@ -1,7 +1,7 @@
 Metadata-Version: 2.4
 Name: cisco-ai-skill-scanner
-Version: 1.0.0
-Summary: Security scanner for Claude Skills and Codex Skills packages - Detects prompt injection, data exfiltration, and malicious code
+Version: 1.0.2
+Summary: Security scanner for Agent Skills packages - Detects prompt injection, data exfiltration, and malicious code
 Project-URL: Homepage, https://github.com/cisco-ai-defense/skill-scanner
 Project-URL: Documentation, https://github.com/cisco-ai-defense/skill-scanner#readme
 Project-URL: Repository, https://github.com/cisco-ai-defense/skill-scanner
@@ -68,14 +68,14 @@ Description-Content-Type: text/markdown
 
 A security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. Combines **pattern-based detection** (YAML + YARA), **LLM-as-a-judge**, and **behavioral dataflow analysis** for comprehensive threat detection.
 
-Supports [Anthropic Claude Skills](https://docs.anthropic.com/en/docs/agents-and-tools/claude-skills), [OpenAI Codex Skills](https://openai.github.io/codex/), and [Cursor Agent Skills](https://docs.cursor.com/context/rules) formats following the [Agent Skills specification](https://agentskills.io).
+Supports [OpenAI Codex Skills](https://openai.github.io/codex/) and [Cursor Agent Skills](https://docs.cursor.com/context/rules) formats following the [Agent Skills specification](https://agentskills.io).
 
 ---
 
 ## Highlights
 
 - **Multi-Engine Detection** - Static analysis, behavioral dataflow, LLM semantic analysis, and cloud-based scanning
-- **False Positive Filtering** - Meta-analyzer achieves ~65% noise reduction while maintaining 100% threat detection
+- **False Positive Filtering** - Meta-analyzer significantly reduces noise while preserving detection capability
 - **CI/CD Ready** - SARIF output for GitHub Code Scanning, exit codes for build failures
 - **Extensible** - Plugin architecture for custom analyzers
 
@@ -151,29 +151,41 @@ export AI_DEFENSE_API_KEY="your_aidefense_api_key"
 
 ```bash
 # Scan a single skill (static analyzer only)
-skill-analyzer scan /path/to/skill
+skill-scanner scan /path/to/skill
 
 # Scan with behavioral analyzer (dataflow analysis)
-skill-analyzer scan /path/to/skill --use-behavioral
+skill-scanner scan /path/to/skill --use-behavioral
 
 # Scan with all engines
-skill-analyzer scan /path/to/skill --use-behavioral --use-llm --use-aidefense
+skill-scanner scan /path/to/skill --use-behavioral --use-llm --use-aidefense
 
 # Scan with meta-analyzer for false positive filtering
-skill-analyzer scan /path/to/skill --use-llm --enable-meta
+skill-scanner scan /path/to/skill --use-llm --enable-meta
 
 # Scan multiple skills recursively
-skill-analyzer scan-all /path/to/skills --recursive --use-behavioral
+skill-scanner scan-all /path/to/skills --recursive --use-behavioral
 
 # CI/CD: Fail build if threats found
-skill-analyzer scan-all ./skills --fail-on-findings --format sarif --output results.sarif
+skill-scanner scan-all ./skills --fail-on-findings --format sarif --output results.sarif
+
+# Use custom YARA rules
+skill-scanner scan /path/to/skill --custom-rules /path/to/my-rules/
+
+# Disable specific noisy rules
+skill-scanner scan /path/to/skill --disable-rule YARA_script_injection --disable-rule MANIFEST_MISSING_LICENSE
+
+# Strict mode (more findings, higher FP rate)
+skill-scanner scan /path/to/skill --yara-mode strict
+
+# Permissive mode (fewer findings, may miss some threats)
+skill-scanner scan /path/to/skill --yara-mode permissive
 ```
 
 ### Python SDK
 
 ```python
-from skillanalyzer import SkillScanner
-from skillanalyzer.core.analyzers import StaticAnalyzer, BehavioralAnalyzer
+from skill_scanner import SkillScanner
+from skill_scanner.core.analyzers import StaticAnalyzer, BehavioralAnalyzer
 
 # Create scanner with analyzers
 scanner = SkillScanner(analyzers=[
@@ -215,13 +227,16 @@ print(f"Findings: {len(result.findings)}")
 | `--format` | Output: `summary`, `json`, `markdown`, `table`, `sarif` |
 | `--output PATH` | Save report to file |
 | `--fail-on-findings` | Exit with error if HIGH/CRITICAL found |
+| `--yara-mode` | Detection mode: `strict`, `balanced` (default), `permissive` |
+| `--custom-rules PATH` | Use custom YARA rules from directory |
+| `--disable-rule RULE` | Disable specific rule (can repeat) |
 
 ---
 
 ## Example Output
 
 ```
-$ skill-analyzer scan ./my-skill --use-behavioral
+$ skill-scanner scan ./my-skill --use-behavioral
 
 ============================================================
 Skill: my-skill

cisco_ai_skill_scanner-1.0.2.dist-info/RECORD

@@ -0,0 +1,102 @@
+skill_scanner/__init__.py,sha256=QuGYhgc529C5Cjtk3Th5t7-Qkx9kxOv6E2GK6soGZQw,1383
+skill_scanner/_version.py,sha256=ZTgKq8LPNy3l9uR2ke-VtLhvvl5l71frQ9wO76n1L5k,704
+skill_scanner/api/__init__.py,sha256=vhuGqXgBx70izjHQOa-cWm3cbHlKhkpEiRjpusQ49vo,746
+skill_scanner/api/api.py,sha256=5fFYh1e1JE06pNtZw-7zMcQMc791ubNlck0VjWzskq8,1027
+skill_scanner/api/api_cli.py,sha256=NcBQyhW1YtFi97A7btNMyC3wtBxk07dRsZdOhFNKt-Q,2378
+skill_scanner/api/api_server.py,sha256=liHVVSOaLoYOYBGyg3DWKJSVPMZF7L26uPvLKrtg9R4,21112
+skill_scanner/api/router.py,sha256=3u5qPWO48iF09oIm-3oxYkqqO4hT50jCaNQTr2TBfYc,17411
+skill_scanner/cli/__init__.py,sha256=UOFAWN8z8nMviFLHiFrtlcHn4eGbbRZc4B2q8yWlTno,755
+skill_scanner/cli/cli.py,sha256=AFFJbsZ7GnA4bYUbivgqbjTWlWiwWU4oMGy96WBybkE,37747
+skill_scanner/config/__init__.py,sha256=S0hMvyq3Vi0wWET74XmbPQmBTBkLXtqFca5PcTYosUM,837
+skill_scanner/config/config.py,sha256=SvK9lvTNjpygc80pamDaGDtOhh99qGBG3EJiFKfEVzc,4698
+skill_scanner/config/config_parser.py,sha256=kGPawiniy35fyUoJvnwRsJsgtIiAjSXHhE3joUcZtn8,3772
+skill_scanner/config/constants.py,sha256=re2KkOtvSnxSJgkamdIU0fjdQ-fUSHX1eQSEfKDXjTA,2512
+skill_scanner/config/yara_modes.py,sha256=1jgdVdLWC_oSJPuk4BCeUZU9lm9X7NwiDjTXeSCeGpw,11425
+skill_scanner/core/__init__.py,sha256=fC3n7lJs_G8CFz2Vg1gfGFe6b0pBiCUs7MRW4kCM1CY,822
+skill_scanner/core/exceptions.py,sha256=F4k2RDXIxrrnNsAsHn7wR277i2dNOXdK-NK0r-m3nF0,2007
+skill_scanner/core/loader.py,sha256=cIU7e5MZHxryr-7UiGwI76eM0Zbm-LrmRGI0mP1_17A,13541
+skill_scanner/core/models.py,sha256=Zkp_CUHfXpWLSY_ceXLqazdIIqMJqaicWzxIQW0HgSk,10591
+skill_scanner/core/scanner.py,sha256=zAtM3Hbs_NNbYV7iq-9W2BURO-H23uRJ-E14S2h_wek,14830
+skill_scanner/core/analyzers/__init__.py,sha256=tctB8Q30gA5V4pdR5yoSpxyIKJZkFTJwowUq6UwddQo,2132
+skill_scanner/core/analyzers/aidefense_analyzer.py,sha256=ws61J3KJsz1DiuucBPCdsWN8ACI_iurtDQzWtFqfCA8,36468
+skill_scanner/core/analyzers/base.py,sha256=4BN6dHLn2Q9hQMLAJTSJXsl6tZgfCqqBxZO9icuu70Q,1374
+skill_scanner/core/analyzers/behavioral_analyzer.py,sha256=dvdTdwUKHqnmEa1nsChcdlJ0V_WvcZrGyHX5uYe0clI,19076
+skill_scanner/core/analyzers/cross_skill_scanner.py,sha256=MTedSXhLagZeXEtvkPV8m_48GqoHMWkh9rR9FR9puLQ,18934
+skill_scanner/core/analyzers/llm_analyzer.py,sha256=biH2g_hych5dAecQL7bKi3GsW9P_nPGerRiEeoOLr2I,17963
+skill_scanner/core/analyzers/llm_prompt_builder.py,sha256=28OCgMUE0T-A6GkF5sUY0qPFvaKC1jhB6jPjVPbePsw,10160
+skill_scanner/core/analyzers/llm_provider_config.py,sha256=pbVx7N9OCohjIWjENMq-kiy6_svTn4IYvQfPxlR0M_Y,8488
+skill_scanner/core/analyzers/llm_request_handler.py,sha256=nz_gjnDTr0dT2GbfQMqKR6-n63x38AcB5G4UnPHLY9s,11679
+skill_scanner/core/analyzers/llm_response_parser.py,sha256=wO5ovd4se-KqIPwdZX-r0_tozaJEDUx7Q7yajKntPwk,2682
+skill_scanner/core/analyzers/meta_analyzer.py,sha256=9nFZFinooTuKaAO-CM_HTJxopw2GPxnn5ZXvJ2ZORCU,35017
+skill_scanner/core/analyzers/static.py,sha256=5mDPHbiD5jHxjGenfX68owXY6DqEkqaKRADkLpTQn48,51979
+skill_scanner/core/analyzers/trigger_analyzer.py,sha256=bmJjaGdSqsAyvOIehHbMjLrDWysd7YV9J9TXgMvTEe0,12268
+skill_scanner/core/analyzers/virustotal_analyzer.py,sha256=V7nG-fR2GhfdZhh8JVNvM6gOqRyUGsuxHN1yNRvmw6M,15988
+skill_scanner/core/analyzers/behavioral/__init__.py,sha256=aTuJyqDbylHE2Ags_LaYLbbOkkJxkTDP--VBU-KMPgs,1069
+skill_scanner/core/analyzers/behavioral/alignment/__init__.py,sha256=nB2KWYnDu6I4yGiaewEyySzG4w96hElXiQBqJFfGmP4,1832
+skill_scanner/core/analyzers/behavioral/alignment/alignment_llm_client.py,sha256=mRocjOvf8jM2UQ-_TzcHRQDVkEeoPXu87GjwKiuZ2Yw,8645
+skill_scanner/core/analyzers/behavioral/alignment/alignment_orchestrator.py,sha256=zfkjFz-DDwUEOGDBpJ8cAZi5bH-VP_d_1bJTF1z0Si4,9478
+skill_scanner/core/analyzers/behavioral/alignment/alignment_prompt_builder.py,sha256=oAGvbIBmCP6APYwYXKsVyh0jWBgaiM5N6Bo5YoHbJT8,18041
+skill_scanner/core/analyzers/behavioral/alignment/alignment_response_validator.py,sha256=lu0gPPRbJkZJlkguqwUeSVl43HpMFypICXH_4s8Zjbo,4556
+skill_scanner/core/analyzers/behavioral/alignment/threat_vulnerability_classifier.py,sha256=DCXnbs9Fa2ajFT0We4sOo6nxIk7O_Pc0z01fGMDHsRg,7227
+skill_scanner/core/reporters/__init__.py,sha256=XCqeM_kiS1uvcwymDreueQ2KOzMhG5_4vQgxzReJS4w,943
+skill_scanner/core/reporters/json_reporter.py,sha256=JLlPTbs8ncMJHAXZk7iBWCHdL5Qn2PqHOQldHeH2ZGE,1798
+skill_scanner/core/reporters/markdown_reporter.py,sha256=khOEHC2mshwu97EF3KW2f00l-VvHpq0_HkVzCsWAKm8,8064
+skill_scanner/core/reporters/sarif_reporter.py,sha256=8BUUerHX-gpE-5HYAipfCLH3GdlVuul43ZItHDAB7Bw,8289
+skill_scanner/core/reporters/table_reporter.py,sha256=sotaDM2VzaX4vCR-OrF3GyIX_yv7wWhzS_doyc1I1XE,7044
+skill_scanner/core/rules/__init__.py,sha256=zGlTBVjihqxgg0BKmhdGkyeCzSvRjVEASjBh-M0sn_8,680
+skill_scanner/core/rules/patterns.py,sha256=OuJ6mPlQVy9R8g1Pn9ozWIC8iWfDEuQamdDW5Uu8200,5833
+skill_scanner/core/rules/yara_scanner.py,sha256=U-qYrb92n3664cTt7ynRTMVGGsxhfrSU0OOYV-BnxKc,5326
+skill_scanner/core/static_analysis/__init__.py,sha256=meZnZQj7ChgHek6fIrfd-YInolXCqI37HTUTlQWEm7w,930
+skill_scanner/core/static_analysis/context_extractor.py,sha256=v3UUugDuC4WHGnHc2gcHLa6awlVpQZIBhCmCxFsuBes,32264
+skill_scanner/core/static_analysis/cfg/__init__.py,sha256=jkvx12ZGddbRVu_0b04Bamr7JX084yD6BLxgOUEHT1w,816
+skill_scanner/core/static_analysis/cfg/builder.py,sha256=Tm1GZ56rfOoNx-3WLmn2MNov2KzPKN-QZgJbBG-9D2c,14932
+skill_scanner/core/static_analysis/dataflow/__init__.py,sha256=eVdTh0JOvQvtKG96gqs_1VvIU0_sRNkV6sXZz6X9o7I,833
+skill_scanner/core/static_analysis/dataflow/forward_analysis.py,sha256=haHWJVz-SZxZpZoEwAsNOum-67ldppe_YBRMZOSJqz0,30747
+skill_scanner/core/static_analysis/interprocedural/__init__.py,sha256=dFIglo65HpWMJ80ejB4tjv54MaNeSymQ5eowD5QGZic,798
+skill_scanner/core/static_analysis/interprocedural/call_graph_analyzer.py,sha256=3azYWJ8A5-I39gc5zK4Iz6g0AAUX_uos4CNh1sVQNQA,14060
+skill_scanner/core/static_analysis/interprocedural/cross_file_analyzer.py,sha256=neP8pdyGhCUHJQmmTXfm0X_CFHlTHh7e3RU7HVJ0UVY,7472
+skill_scanner/core/static_analysis/parser/__init__.py,sha256=AXCg1HHVzyjswGJl4TNFhzwMKxgin8JY2EK00RVv9_Y,769
+skill_scanner/core/static_analysis/parser/python_parser.py,sha256=Imlv4PO6XZKQpdCRZ6jV5uBAySuBN6XnHAqH4LEvvGE,13773
+skill_scanner/core/static_analysis/semantic/__init__.py,sha256=7HS7lJ4APpyfWLTUQ_24aJkrLX2MQTcc4erYFtLKm3o,877
+skill_scanner/core/static_analysis/semantic/name_resolver.py,sha256=TEJQkEaTvkL7dnAZwNbcLALPVw85Qc3FS5jfr4CYEsQ,6218
+skill_scanner/core/static_analysis/semantic/type_analyzer.py,sha256=NXEOZO8-vYZ97SQJ5Gu_YLWFDMDhtvtuixVwYGarmDM,5942
+skill_scanner/core/static_analysis/taint/__init__.py,sha256=71JejlK110K2r3LXNIJOLGCZ7I5Q7cEn8XvfCCoEexA,809
+skill_scanner/core/static_analysis/taint/tracker.py,sha256=1WExA8NAV62X5Az64grI41LkkyMNQ7kFS8Mzf6Id1NI,7182
+skill_scanner/core/static_analysis/types/__init__.py,sha256=XluM6BlZ8ECfdAD-231ONJn13UeDdAGmirPAVc0zePk,937
+skill_scanner/data/__init__.py,sha256=eeZz0MhPMEV-PAx8Eqpbb4ey6EHbXT5g8j-DC4427A4,969
+skill_scanner/data/prompts/boilerplate_protection_rule_prompt.md,sha256=DNXYx13Mcbn2q9hw4msTDDbq_VcYCiVkqBZVFSNfzOg,1471
+skill_scanner/data/prompts/code_alignment_threat_analysis_prompt.md,sha256=j5U3YVKMM5HOndCl3cc_4CA190zBj9Z9tP8rLqz-M7c,25686
+skill_scanner/data/prompts/llm_response_schema.json,sha256=xIxrWgPMWqL130AuV0-QkQIHAfQTK-NeJVPrsSIzL2s,3076
+skill_scanner/data/prompts/skill_meta_analysis_prompt.md,sha256=_3jbZVKOiJx47V2d6rQ4sc4MpKFC9oN_7-c7_LxPUs8,14179
+skill_scanner/data/prompts/skill_threat_analysis_prompt.md,sha256=ycE_a43c7qhUT6HwbP8zoKwTTNx3Nx4FyPuxicJ6r5I,11813
+skill_scanner/data/prompts/unified_response_schema.md,sha256=-f1EDpKzxjMMFFxXlakS3rORyLtD1_2XiuNwnty1nQs,3571
+skill_scanner/data/rules/signatures.yaml,sha256=GY41ZCvc2HIInwSnIYKLyHTK36J2hdOFyT-wRUhB3GU,19451
+skill_scanner/data/yara_rules/autonomy_abuse_generic.yara,sha256=epgJRIj_qOYSZSsOQi4Tnv99T8rqbltNbZhECczRQXw,3097
+skill_scanner/data/yara_rules/capability_inflation_generic.yara,sha256=RkDaqDtkcLULxr1Vb0XQ-5Q1BMwErkYcKx-sH6u0f1I,2610
+skill_scanner/data/yara_rules/code_execution_generic.yara,sha256=c5W7h5Vl4rLgAabL9As4IkmNSbf4aAbzIH4kiaSYce4,3057
+skill_scanner/data/yara_rules/coercive_injection_generic.yara,sha256=LQcfpAuzY1zC9N_xT-qfi72fCJm7mY0C2l89eFdTMKE,5363
+skill_scanner/data/yara_rules/command_injection_generic.yara,sha256=vl1a4yYXloJk4lMFHbCmj16l0Th9IRDHu4_zH168sFY,3318
+skill_scanner/data/yara_rules/credential_harvesting_generic.yara,sha256=iwgBlMt85i3VOrDkBMfHvwtO6PhF1Igh6m3Uj3CBOEI,7192
+skill_scanner/data/yara_rules/indirect_prompt_injection_generic.yara,sha256=AHGYsEu6pRbNkpsb_sGOKaYSzpIR809ixxjxxRjaWY0,2977
+skill_scanner/data/yara_rules/prompt_injection_generic.yara,sha256=OJMKzA1D6QXEEoogMnIeGp6NT308N5OY78uWjJBoODI,2752
+skill_scanner/data/yara_rules/prompt_injection_unicode_steganography.yara,sha256=yALtLuRpoCu9toc5Wk3Av_W4GiWDFmpVNYaF2k3IAyk,3048
+skill_scanner/data/yara_rules/script_injection_generic.yara,sha256=C4k3okg0APx0s4qxwSJc0swhp9AfAsACggnl-LYIoJg,3513
+skill_scanner/data/yara_rules/sql_injection_generic.yara,sha256=Eu3EhTgYFGaOTjujMjwsjvnPrBihnfvq_9URCwDYyME,4642
+skill_scanner/data/yara_rules/system_manipulation_generic.yara,sha256=hY1XmpYoKD6Eywwa51lL1DUXjwV7h1WRXk4TWYWzbic,3136
+skill_scanner/data/yara_rules/tool_chaining_abuse_generic.yara,sha256=-sLNCZePTzk49exbQAorTCqKu-1bWWRD7oI6i2mj7kk,2867
+skill_scanner/hooks/__init__.py,sha256=W7_Xr71Edm6eHKz9_vZgpERbr0Wx2cyTxPn4YJaGg6o,739
+skill_scanner/hooks/pre_commit.py,sha256=dtajQcyAlSaH15J1O9HHQ67xrGj2P6M2pHN6MZ0htwY,13207
+skill_scanner/threats/__init__.py,sha256=TpqVYCcjQGGpcsTR_1iIvrTT55Sd1ed15sVfGVfZJwk,1320
+skill_scanner/threats/cisco_ai_taxonomy.py,sha256=pXBPgwqfFgKN8Jax3aue66v306aETX6bOSgoRu-zUMg,12910
+skill_scanner/threats/threats.py,sha256=7r0V0HJFWI7m-PMoZECnwK3ANKyTzTYM3bEUG2tgUH8,17981
+skill_scanner/utils/__init__.py,sha256=mmzKMNaDQ3EtmD2zr_68gMatm4OETbVNtEXuVESxzJs,906
+skill_scanner/utils/command_utils.py,sha256=74rojYVuVWpv-HVdW0qTIzq0ySPdpBuyNTdIQZDakUM,4291
+skill_scanner/utils/di_container.py,sha256=O3aaQVKcu4t1YUXl9iCZxjSBXnvgddlTgmEp0De_g04,4585
+skill_scanner/utils/file_utils.py,sha256=LT2xwrbqIWaYC-BYAL9zpF6a2xk6QNUVzItvGGJcBn8,2043
+skill_scanner/utils/logging_config.py,sha256=8LJwRCVM-oED_6KRDvtjaL8cvEoR88seX1pDyILeQV4,2939
+skill_scanner/utils/logging_utils.py,sha256=CLdOYmQdJejiLbcECTT2CbDU27PJ327AFMmeuVfCy94,1902
+cisco_ai_skill_scanner-1.0.2.dist-info/METADATA,sha256=EzizoVjYbxLZk_xxnyv052t5bNdvd7APCYXzbDd-Xh8,9827
+cisco_ai_skill_scanner-1.0.2.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+cisco_ai_skill_scanner-1.0.2.dist-info/entry_points.txt,sha256=Qpg94wQPc6kWF_KQ-jf2tL_wCJ3aJfZ4V4vsYz50GIw,175
+cisco_ai_skill_scanner-1.0.2.dist-info/licenses/LICENSE,sha256=b4va5sK_CWxpeDnOO2MF0MKqsiwU-3YblMmWKnmuWZg,653
+cisco_ai_skill_scanner-1.0.2.dist-info/RECORD,,

cisco_ai_skill_scanner-1.0.2.dist-info/entry_points.txt

@@ -0,0 +1,4 @@
+[console_scripts]
+skill-scanner = skill_scanner.cli.cli:main
+skill-scanner-api = skill_scanner.api.api_cli:main
+skill-scanner-pre-commit = skill_scanner.hooks.pre_commit:main

{skillanalyzer → skill_scanner}/__init__.py

@@ -15,15 +15,19 @@
 # SPDX-License-Identifier: Apache-2.0
 
 """
-Claude Skill Analyzer - Security scanner for Claude Skills packages.
+Skill Scanner - Security scanner for agent skills packages.
 """
 
-__version__ = "0.2.0"
+try:
+    from ._version import __version__
+except ImportError:
+    __version__ = "0.0.0+unknown"
+
 __author__ = "Cisco Systems, Inc."
 
 # Core exports
 from .config.config import Config
-from .config.constants import SkillAnalyzerConstants
+from .config.constants import SkillScannerConstants
 from .core.loader import SkillLoader, load_skill
 from .core.models import Finding, Report, ScanResult, Severity, Skill, ThreatCategory
 from .core.scanner import SkillScanner, scan_directory, scan_skill
@@ -41,5 +45,5 @@ __all__ = [
     "SkillLoader",
     "load_skill",
     "Config",
-    "SkillAnalyzerConstants",
+    "SkillScannerConstants",
 ]

{skillanalyzer → skill_scanner}/_version.py

@@ -28,7 +28,7 @@ version_tuple: VERSION_TUPLE
 commit_id: COMMIT_ID
 __commit_id__: COMMIT_ID
 
-__version__ = version = '1.0.0'
-__version_tuple__ = version_tuple = (1, 0, 0)
+__version__ = version = '1.0.2'
+__version_tuple__ = version_tuple = (1, 0, 2)
 
 __commit_id__ = commit_id = None

{skillanalyzer → skill_scanner}/api/__init__.py

@@ -15,7 +15,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 """
-REST API server for Claude Skill Analyzer.
+REST API server for Skill Scanner.
 
 Matches MCP Scanner's API structure.
 """

{skillanalyzer → skill_scanner}/api/api.py

@@ -14,9 +14,9 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-"""API module for Skill Analyzer.
+"""API module for Skill Scanner.
 
-This module provides a FastAPI application for scanning Claude Skills packages.
+This module provides a FastAPI application for scanning agent skills packages.
 """
 
 from fastapi import FastAPI
@@ -24,8 +24,8 @@ from fastapi import FastAPI
 from .router import router as api_router
 
 app = FastAPI(
-    title="Claude Skill Analyzer API",
-    description="Security scanning API for Claude Skills packages",
+    title="Skill Scanner API",
+    description="Security scanning API for agent skills packages",
     version="0.2.0",
     docs_url="/docs",
     redoc_url="/redoc",

{skillanalyzer → skill_scanner}/api/api_cli.py

@@ -25,25 +25,25 @@ import sys
 def main():
     """Main entry point for API server CLI."""
     parser = argparse.ArgumentParser(
-        description="Claude Skill Analyzer API Server",
+        description="Skill Scanner API Server",
         formatter_class=argparse.RawDescriptionHelpFormatter,
         epilog="""
 Examples:
   # Start server on default port
-  skill-analyzer-api
+  skill-scanner-api
 
   # Start on custom port
-  skill-analyzer-api --port 8080
+  skill-scanner-api --port 8080
 
   # Start with auto-reload for development
-  skill-analyzer-api --reload
+  skill-scanner-api --reload
 
   # Custom host and port
-  skill-analyzer-api --host 0.0.0.0 --port 9000
+  skill-scanner-api --host localhost --port 9000
         """,
     )
 
-    parser.add_argument("--host", default="0.0.0.0", help="Host to bind to (default: 0.0.0.0)")
+    parser.add_argument("--host", default="localhost", help="Host to bind to (default: localhost)")
 
     parser.add_argument("--port", type=int, default=8000, help="Port to bind to (default: 8000)")
 
@@ -58,14 +58,14 @@ Examples:
         print("Install with: pip install fastapi uvicorn python-multipart", file=sys.stderr)
         return 1
 
-    print("Starting Claude Skill Analyzer API Server...")
+    print("Starting Skill Scanner API Server...")
     print(f"Server: http://{args.host}:{args.port}")
     print(f"Docs: http://{args.host}:{args.port}/docs")
     print(f"Health: http://{args.host}:{args.port}/health")
     print()
 
     try:
-        uvicorn.run("skillanalyzer.api.api:app", host=args.host, port=args.port, reload=args.reload)
+        uvicorn.run("skill_scanner.api.api:app", host=args.host, port=args.port, reload=args.reload)
     except KeyboardInterrupt:
         print("\nShutting down server...")
         return 0

{skillanalyzer → skill_scanner}/api/api_server.py

@@ -15,7 +15,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 """
-REST API server for Claude Skill Analyzer (Phase 4).
+REST API server for Skill Scanner.
 
 Provides HTTP endpoints for skill scanning, similar to MCP Scanner's API server.
 """
@@ -126,8 +126,8 @@ class BatchScanRequest(BaseModel):
 
 # Create FastAPI app
 app = FastAPI(
-    title="Claude Skill Analyzer API",
-    description="Security scanning API for Claude Skills packages",
+    title="Skill Scanner API",
+    description="Security scanning API for agent skills packages",
     version="0.2.0",
     docs_url="/docs",
     redoc_url="/redoc",
@@ -140,7 +140,7 @@ scan_results_cache = {}
 @app.get("/", response_model=dict)
 async def root():
     """Root endpoint."""
-    return {"service": "Claude Skill Analyzer API", "version": "0.2.0", "docs": "/docs", "health": "/health"}
+    return {"service": "Skill Scanner API", "version": "0.2.0", "docs": "/docs", "health": "/health"}
 
 
 @app.get("/health", response_model=HealthResponse)
@@ -309,7 +309,7 @@ async def scan_uploaded_skill(
         raise HTTPException(status_code=400, detail="File must be a ZIP archive")
 
     # Create temporary directory
-    temp_dir = Path(tempfile.mkdtemp(prefix="skill_analyzer_"))
+    temp_dir = Path(tempfile.mkdtemp(prefix="skill_scanner_"))
 
     try:
         # Save uploaded file
@@ -616,7 +616,7 @@ async def list_analyzers():
 
 
 # Entry point for running the server
-def run_server(host: str = "0.0.0.0", port: int = 8000, reload: bool = False):
+def run_server(host: str = "localhost", port: int = 8000, reload: bool = False):
     """
     Run the API server.
 
@@ -627,7 +627,7 @@ def run_server(host: str = "0.0.0.0", port: int = 8000, reload: bool = False):
     """
     import uvicorn
 
-    uvicorn.run("skillanalyzer.api_server:app", host=host, port=port, reload=reload)
+    uvicorn.run("skill_scanner.api.api_server:app", host=host, port=port, reload=reload)
 
 
 if __name__ == "__main__":

{skillanalyzer → skill_scanner}/api/router.py

@@ -14,7 +14,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-"""API router for Skill Analyzer endpoints."""
+"""API router for Skill Scanner endpoints."""
 
 import shutil
 import tempfile
@@ -123,7 +123,7 @@ class BatchScanRequest(BaseModel):
 @router.get("/", response_model=dict)
 async def root():
     """Root endpoint."""
-    return {"service": "Claude Skill Analyzer API", "version": "0.2.0", "docs": "/docs", "health": "/health"}
+    return {"service": "Skill Scanner API", "version": "0.2.0", "docs": "/docs", "health": "/health"}
 
 
 @router.get("/health", response_model=HealthResponse)
@@ -282,7 +282,7 @@ async def scan_uploaded_skill(
     if not file.filename or not file.filename.endswith(".zip"):
         raise HTTPException(status_code=400, detail="File must be a ZIP archive")
 
-    temp_dir = Path(tempfile.mkdtemp(prefix="skill_analyzer_"))
+    temp_dir = Path(tempfile.mkdtemp(prefix="skill_scanner_"))
 
     try:
         zip_path = temp_dir / file.filename

{skillanalyzer → skill_scanner}/cli/__init__.py

@@ -15,7 +15,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 """
-Command-line interface for Claude Skill Analyzer.
+Command-line interface for Skill Scanner.
 
 Matches MCP Scanner's CLI structure.
 """

{skillanalyzer → skill_scanner}/cli/cli.py

@@ -15,7 +15,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 """
-Command-line interface for the Claude Skill Analyzer.
+Command-line interface for the Skill Scanner.
 """
 
 import argparse
@@ -62,8 +62,19 @@ def scan_command(args):
         print(f"Error: Directory does not exist: {skill_dir}", file=sys.stderr)
         return 1
 
+    # Get YARA mode and custom rules from args
+    yara_mode = getattr(args, "yara_mode", "balanced")
+    custom_rules_path = getattr(args, "custom_rules", None)
+    disabled_rules = set(getattr(args, "disabled_rules", None) or [])
+
     # Create scanner with configured analyzers
-    analyzers = [StaticAnalyzer()]
+    analyzers = [
+        StaticAnalyzer(
+            yara_mode=yara_mode,
+            custom_yara_rules_path=custom_rules_path,
+            disabled_rules=disabled_rules,
+        )
+    ]
 
     # Helper to print status messages - go to stderr when JSON output to avoid breaking parsing
     is_json_output = getattr(args, "format", "summary") == "json"
@@ -273,8 +284,19 @@ def scan_all_command(args):
         print(f"Error: Directory does not exist: {skills_dir}", file=sys.stderr)
         return 1
 
+    # Get YARA mode and custom rules from args
+    yara_mode = getattr(args, "yara_mode", "balanced")
+    custom_rules_path = getattr(args, "custom_rules", None)
+    disabled_rules = set(getattr(args, "disabled_rules", None) or [])
+
     # Create scanner with configured analyzers
-    analyzers = [StaticAnalyzer()]
+    analyzers = [
+        StaticAnalyzer(
+            yara_mode=yara_mode,
+            custom_yara_rules_path=custom_rules_path,
+            disabled_rules=disabled_rules,
+        )
+    ]
 
     # Helper to print status messages - go to stderr when JSON output to avoid breaking parsing
     is_json_output = getattr(args, "format", "summary") == "json"
@@ -623,7 +645,7 @@ def generate_multi_skill_summary(report) -> str:
     """Generate a simple summary for multiple skills."""
     lines = []
     lines.append("=" * 60)
-    lines.append("Claude Skills Security Scan Report")
+    lines.append("Agent Skills Security Scan Report")
     lines.append("=" * 60)
     lines.append(f"Skills Scanned: {report.total_skills_scanned}")
     lines.append(f"Safe Skills: {report.safe_count}")
@@ -648,33 +670,33 @@ def generate_multi_skill_summary(report) -> str:
 def main():
     """Main CLI entry point."""
     parser = argparse.ArgumentParser(
-        description="Claude Skill Analyzer - Security scanner for Claude Skills packages",
+        description="Skill Scanner - Security scanner for agent skills packages",
         formatter_class=argparse.RawDescriptionHelpFormatter,
         epilog="""
 Examples:
   # Scan a single skill
-  skill-analyzer scan /path/to/skill
+  skill-scanner scan /path/to/skill
 
   # Scan with behavioral analysis (dataflow tracking)
-  skill-analyzer scan /path/to/skill --use-behavioral
+  skill-scanner scan /path/to/skill --use-behavioral
 
   # Scan with all engines (static + behavioral + LLM)
-  skill-analyzer scan /path/to/skill --use-behavioral --use-llm
+  skill-scanner scan /path/to/skill --use-behavioral --use-llm
 
   # Scan with JSON output
-  skill-analyzer scan /path/to/skill --format json
+  skill-scanner scan /path/to/skill --format json
 
   # Scan all skills in a directory
-  skill-analyzer scan-all /path/to/skills
+  skill-scanner scan-all /path/to/skills
 
   # Scan recursively with all engines
-  skill-analyzer scan-all /path/to/skills --recursive --use-behavioral --use-llm
+  skill-scanner scan-all /path/to/skills --recursive --use-behavioral --use-llm
 
   # List available analyzers
-  skill-analyzer list-analyzers
+  skill-scanner list-analyzers
 
   # Validate rule signatures
-  skill-analyzer validate-rules
+  skill-scanner validate-rules
         """,
     )
 
@@ -728,6 +750,24 @@ Examples:
         action="store_true",
         help="Enable meta-analysis for false positive filtering and finding prioritization (requires 2+ analyzers including LLM)",
     )
+    scan_parser.add_argument(
+        "--yara-mode",
+        choices=["strict", "balanced", "permissive"],
+        default="balanced",
+        help="YARA detection mode: strict (max security, more FPs), balanced (default), permissive (fewer FPs, may miss threats)",
+    )
+    scan_parser.add_argument(
+        "--custom-rules",
+        metavar="PATH",
+        help="Path to directory containing custom YARA rules (.yara files) to use instead of built-in rules",
+    )
+    scan_parser.add_argument(
+        "--disable-rule",
+        action="append",
+        metavar="RULE_NAME",
+        dest="disabled_rules",
+        help="Disable a specific rule by name (can be used multiple times). Example: --disable-rule YARA_script_injection",
+    )
 
     # Scan-all command
     scan_all_parser = subparsers.add_parser("scan-all", help="Scan multiple skill packages")
@@ -783,6 +823,24 @@ Examples:
         action="store_true",
         help="Enable meta-analysis for false positive filtering and finding prioritization (requires 2+ analyzers including LLM)",
     )
+    scan_all_parser.add_argument(
+        "--yara-mode",
+        choices=["strict", "balanced", "permissive"],
+        default="balanced",
+        help="YARA detection mode: strict (max security, more FPs), balanced (default), permissive (fewer FPs, may miss threats)",
+    )
+    scan_all_parser.add_argument(
+        "--custom-rules",
+        metavar="PATH",
+        help="Path to directory containing custom YARA rules (.yara files) to use instead of built-in rules",
+    )
+    scan_all_parser.add_argument(
+        "--disable-rule",
+        action="append",
+        metavar="RULE_NAME",
+        dest="disabled_rules",
+        help="Disable a specific rule by name (can be used multiple times). Example: --disable-rule YARA_script_injection",
+    )
 
     # List analyzers command
     subparsers.add_parser("list-analyzers", help="List available analyzers")

{skillanalyzer → skill_scanner}/config/__init__.py

@@ -15,12 +15,12 @@
 # SPDX-License-Identifier: Apache-2.0
 
 """
-Configuration management for Claude Skill Analyzer.
+Configuration management for Skill Scanner.
 
 Mirrors MCP Scanner's config structure.
 """
 
 from .config import Config
-from .constants import SkillAnalyzerConstants
+from .constants import SkillScannerConstants
 
-__all__ = ["Config", "SkillAnalyzerConstants"]
+__all__ = ["Config", "SkillScannerConstants"]

{skillanalyzer → skill_scanner}/config/config.py

@@ -15,7 +15,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 """
-Configuration class for Claude Skill Analyzer.
+Configuration class for Skill Scanner.
 
 Based on MCP Scanner's Config structure.
 """
@@ -28,7 +28,7 @@ from pathlib import Path
 @dataclass
 class Config:
     """
-    Configuration for Claude Skill Analyzer.
+    Configuration for Skill Scanner.
 
     Mirrors MCP Scanner's Config class structure.
     """