cisco-ai-skill-scanner 1.0.0__py3-none-any.whl → 1.0.2__py3-none-any.whl

{skillanalyzer → skill_scanner}/config/config_parser.py

@@ -14,10 +14,10 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-"""Configuration parser for Skill Analyzer.
+"""Configuration parser for Skill Scanner.
 
 This module provides functionality to parse configuration files
-and environment variables for Skill Analyzer.
+and environment variables for Skill Scanner.
 """
 
 import os
@@ -25,7 +25,7 @@ from pathlib import Path
 
 from ..utils.logging_config import get_logger
 from .config import Config
-from .constants import SkillAnalyzerConstants
+from .constants import SkillScannerConstants
 
 logger = get_logger(__name__)
 
@@ -74,10 +74,10 @@ def parse_config_file(config_path: str | None = None) -> Config:
     if not config_path:
         # Try to find default config file
         default_paths = [
-            Path.home() / ".skillanalyzer" / "config.yaml",
-            Path.home() / ".skillanalyzer" / "config.json",
-            Path.cwd() / ".skillanalyzer.yaml",
-            Path.cwd() / ".skillanalyzer.json",
+            Path.home() / ".skill_scanner" / "config.yaml",
+            Path.home() / ".skill_scanner" / "config.json",
+            Path.cwd() / ".skill_scanner.yaml",
+            Path.cwd() / ".skill_scanner.json",
         ]
 
         for path in default_paths:
@@ -96,11 +96,11 @@ def parse_config_file(config_path: str | None = None) -> Config:
 
 
 class ConfigParser:
-    """Parser for Skill Analyzer configuration files."""
+    """Parser for Skill Scanner configuration files."""
 
     def __init__(self):
         """Initialize the config parser."""
-        self.constants = SkillAnalyzerConstants
+        self.constants = SkillScannerConstants
 
     def parse(self, config_path: str | None = None) -> Config:
         """Parse configuration from file and environment.

{skillanalyzer → skill_scanner}/config/constants.py

@@ -15,7 +15,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 """
-Constants for Claude Skill Analyzer.
+Constants for Skill Scanner.
 
 Mirrors MCP Scanner's constants structure.
 """
@@ -23,7 +23,7 @@ Mirrors MCP Scanner's constants structure.
 from pathlib import Path
 
 
-class SkillAnalyzerConstants:
+class SkillScannerConstants:
     """Constants used throughout the analyzer."""
 
     # Version

skill_scanner/config/yara_modes.py

@@ -0,0 +1,314 @@
+# Copyright 2026 Cisco Systems, Inc. and its affiliates
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+YARA Mode Configuration System
+
+Provides configurable detection modes to balance false positives vs true positives:
+- STRICT: Maximum security, higher false positives acceptable
+- BALANCED: Default mode, good tradeoff between FP and TP
+- PERMISSIVE: Minimize false positives, may miss some threats
+- CUSTOM: User-defined thresholds
+
+Each mode configures:
+- Rule-specific thresholds
+- Post-processing filters
+- Enabled/disabled rule sets
+"""
+
+from dataclasses import dataclass, field
+from enum import Enum
+from typing import Optional
+
+
+class YaraMode(Enum):
+    """YARA detection mode presets."""
+
+    STRICT = "strict"
+    BALANCED = "balanced"
+    PERMISSIVE = "permissive"
+    CUSTOM = "custom"
+
+
+@dataclass
+class UnicodeStegConfig:
+    """Configuration for unicode steganography detection."""
+
+    # Zero-width character thresholds
+    zerowidth_threshold_with_decode: int = 50  # When dangerous code is present
+    zerowidth_threshold_alone: int = 200  # Without dangerous code context
+
+    # Enable/disable specific patterns
+    detect_rtl_override: bool = True
+    detect_ltl_override: bool = True
+    detect_line_separators: bool = True
+    detect_unicode_tags: bool = True
+    detect_variation_selectors: bool = True
+
+
+@dataclass
+class CredentialHarvestingConfig:
+    """Configuration for credential harvesting detection."""
+
+    # Placeholder filtering
+    filter_placeholder_patterns: bool = True
+
+    # Specific API key patterns
+    detect_ai_api_keys: bool = True
+    detect_aws_keys: bool = True
+    detect_ssh_keys: bool = True
+    detect_env_exfiltration: bool = True
+
+
+@dataclass
+class ToolChainingConfig:
+    """Configuration for tool chaining abuse detection."""
+
+    # Post-filter settings
+    filter_api_documentation: bool = True
+    filter_generic_http_verbs: bool = True
+    filter_email_field_mentions: bool = True
+
+    # Pattern detection
+    detect_read_send: bool = True
+    detect_collect_exfil: bool = True
+    detect_env_network: bool = True
+
+
+@dataclass
+class YaraModeConfig:
+    """Complete YARA mode configuration."""
+
+    mode: YaraMode = YaraMode.BALANCED
+    description: str = ""
+
+    # Rule-specific configs
+    unicode_steg: UnicodeStegConfig = field(default_factory=UnicodeStegConfig)
+    credential_harvesting: CredentialHarvestingConfig = field(default_factory=CredentialHarvestingConfig)
+    tool_chaining: ToolChainingConfig = field(default_factory=ToolChainingConfig)
+
+    # Global settings
+    enabled_rules: set[str] = field(default_factory=set)  # Empty = all enabled
+    disabled_rules: set[str] = field(default_factory=set)
+
+    @classmethod
+    def strict(cls) -> "YaraModeConfig":
+        """
+        STRICT mode: Maximum security, accept higher FP rate.
+
+        Use when:
+        - Scanning untrusted/external skills
+        - Security audit requirements
+        - Compliance scanning
+        """
+        return cls(
+            mode=YaraMode.STRICT,
+            description="Maximum security - flags more potential threats",
+            unicode_steg=UnicodeStegConfig(
+                zerowidth_threshold_with_decode=20,  # Lower threshold
+                zerowidth_threshold_alone=100,
+            ),
+            credential_harvesting=CredentialHarvestingConfig(
+                filter_placeholder_patterns=False,  # Don't filter - flag for review
+            ),
+            tool_chaining=ToolChainingConfig(
+                filter_api_documentation=False,
+                filter_generic_http_verbs=False,
+            ),
+        )
+
+    @classmethod
+    def balanced(cls) -> "YaraModeConfig":
+        """
+        BALANCED mode: Default - good tradeoff between FP and TP.
+
+        Use when:
+        - Regular skill scanning
+        - CI/CD pipeline integration
+        - Development workflow
+        """
+        return cls(
+            mode=YaraMode.BALANCED,
+            description="Balanced detection - default mode",
+            unicode_steg=UnicodeStegConfig(
+                zerowidth_threshold_with_decode=50,
+                zerowidth_threshold_alone=200,
+            ),
+            credential_harvesting=CredentialHarvestingConfig(
+                filter_placeholder_patterns=True,
+            ),
+            tool_chaining=ToolChainingConfig(
+                filter_api_documentation=True,
+                filter_generic_http_verbs=True,
+                filter_email_field_mentions=True,
+            ),
+        )
+
+    @classmethod
+    def permissive(cls) -> "YaraModeConfig":
+        """
+        PERMISSIVE mode: Minimize false positives.
+
+        Use when:
+        - Scanning trusted/internal skills
+        - High FP rate is disrupting workflow
+        - Focus on critical threats only
+        """
+        return cls(
+            mode=YaraMode.PERMISSIVE,
+            description="Minimal false positives - may miss some threats",
+            unicode_steg=UnicodeStegConfig(
+                zerowidth_threshold_with_decode=100,  # Higher threshold
+                zerowidth_threshold_alone=500,
+                detect_line_separators=False,  # Common in some content
+            ),
+            credential_harvesting=CredentialHarvestingConfig(
+                filter_placeholder_patterns=True,
+            ),
+            tool_chaining=ToolChainingConfig(
+                filter_api_documentation=True,
+                filter_generic_http_verbs=True,
+                filter_email_field_mentions=True,
+            ),
+            # Disable noisier rules
+            disabled_rules={
+                "capability_inflation_generic",
+                "indirect_prompt_injection_generic",
+            },
+        )
+
+    @classmethod
+    def custom(
+        cls,
+        unicode_steg: UnicodeStegConfig | None = None,
+        credential_harvesting: CredentialHarvestingConfig | None = None,
+        tool_chaining: ToolChainingConfig | None = None,
+        enabled_rules: set[str] | None = None,
+        disabled_rules: set[str] | None = None,
+    ) -> "YaraModeConfig":
+        """
+        CUSTOM mode: User-defined configuration.
+
+        Args:
+            unicode_steg: Unicode steganography config
+            credential_harvesting: Credential harvesting config
+            tool_chaining: Tool chaining config
+            enabled_rules: Set of rule names to enable (empty = all)
+            disabled_rules: Set of rule names to disable
+        """
+        return cls(
+            mode=YaraMode.CUSTOM,
+            description="Custom user-defined configuration",
+            unicode_steg=unicode_steg or UnicodeStegConfig(),
+            credential_harvesting=credential_harvesting or CredentialHarvestingConfig(),
+            tool_chaining=tool_chaining or ToolChainingConfig(),
+            enabled_rules=enabled_rules or set(),
+            disabled_rules=disabled_rules or set(),
+        )
+
+    @classmethod
+    def from_mode_name(cls, mode_name: str) -> "YaraModeConfig":
+        """Create config from mode name string."""
+        mode_map = {
+            "strict": cls.strict,
+            "balanced": cls.balanced,
+            "permissive": cls.permissive,
+        }
+        if mode_name.lower() in mode_map:
+            return mode_map[mode_name.lower()]()
+        raise ValueError(f"Unknown mode: {mode_name}. Use: strict, balanced, permissive, or custom")
+
+    def is_rule_enabled(self, rule_name: str) -> bool:
+        """Check if a specific rule is enabled in this mode."""
+        # If enabled_rules is specified, only those are allowed
+        if self.enabled_rules and rule_name not in self.enabled_rules:
+            return False
+        # Check if explicitly disabled
+        if rule_name in self.disabled_rules:
+            return False
+        return True
+
+    def to_dict(self) -> dict:
+        """Convert config to dictionary for serialization."""
+        return {
+            "mode": self.mode.value,
+            "description": self.description,
+            "unicode_steg": {
+                "zerowidth_threshold_with_decode": self.unicode_steg.zerowidth_threshold_with_decode,
+                "zerowidth_threshold_alone": self.unicode_steg.zerowidth_threshold_alone,
+                "detect_rtl_override": self.unicode_steg.detect_rtl_override,
+                "detect_ltl_override": self.unicode_steg.detect_ltl_override,
+                "detect_line_separators": self.unicode_steg.detect_line_separators,
+                "detect_unicode_tags": self.unicode_steg.detect_unicode_tags,
+                "detect_variation_selectors": self.unicode_steg.detect_variation_selectors,
+            },
+            "credential_harvesting": {
+                "filter_placeholder_patterns": self.credential_harvesting.filter_placeholder_patterns,
+                "detect_ai_api_keys": self.credential_harvesting.detect_ai_api_keys,
+                "detect_aws_keys": self.credential_harvesting.detect_aws_keys,
+                "detect_ssh_keys": self.credential_harvesting.detect_ssh_keys,
+                "detect_env_exfiltration": self.credential_harvesting.detect_env_exfiltration,
+            },
+            "tool_chaining": {
+                "filter_api_documentation": self.tool_chaining.filter_api_documentation,
+                "filter_generic_http_verbs": self.tool_chaining.filter_generic_http_verbs,
+                "filter_email_field_mentions": self.tool_chaining.filter_email_field_mentions,
+                "detect_read_send": self.tool_chaining.detect_read_send,
+                "detect_collect_exfil": self.tool_chaining.detect_collect_exfil,
+                "detect_env_network": self.tool_chaining.detect_env_network,
+            },
+            "enabled_rules": list(self.enabled_rules),
+            "disabled_rules": list(self.disabled_rules),
+        }
+
+
+# Default mode
+DEFAULT_YARA_MODE = YaraModeConfig.balanced()
+
+
+# Mode descriptions for CLI/API documentation
+MODE_DESCRIPTIONS = {
+    "strict": """
+STRICT Mode - Maximum Security
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+• Lower detection thresholds
+• Minimal post-processing filters
+• Flags more potential threats
+• Higher false positive rate acceptable
+
+Use for: Untrusted skills, security audits, compliance
+""",
+    "balanced": """
+BALANCED Mode - Default
+━━━━━━━━━━━━━━━━━━━━━━━
+• Moderate detection thresholds
+• Context-aware post-processing
+• Good tradeoff between FP and TP
+• Suitable for most use cases
+
+Use for: Regular scanning, CI/CD, development
+""",
+    "permissive": """
+PERMISSIVE Mode - Minimal False Positives
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+• Higher detection thresholds
+• Aggressive filtering
+• Focus on critical threats only
+• May miss some edge-case threats
+
+Use for: Trusted skills, high FP disruption
+""",
+}

{skillanalyzer → skill_scanner}/core/__init__.py

@@ -15,7 +15,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 """
-Core functionality for Claude Skill Analyzer.
+Core functionality for Skill Scanner.
 
 This module contains the core components including analyzers, scanner engine,
 and data models.

{skillanalyzer → skill_scanner}/core/analyzers/__init__.py

@@ -15,7 +15,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 """
-Analyzer modules for detecting security vulnerabilities in Claude Skills.
+Analyzer modules for detecting security vulnerabilities in agent skills.
 
 Structure mirrors MCP Scanner's analyzer organization.
 """
@@ -61,9 +61,9 @@ except (ImportError, ModuleNotFoundError):
     pass
 
 try:
-    from .cross_skill_analyzer import CrossSkillAnalyzer  # noqa: F401
+    from .cross_skill_scanner import CrossSkillScanner  # noqa: F401
 
-    __all__.append("CrossSkillAnalyzer")
+    __all__.append("CrossSkillScanner")
 except (ImportError, ModuleNotFoundError):
     pass
 

{skillanalyzer → skill_scanner}/core/analyzers/aidefense_analyzer.py

@@ -15,7 +15,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 """
-AI Defense API analyzer for Claude Skills security scanning.
+AI Defense API analyzer for agent skills security scanning.
 
 Integrates with Cisco AI Defense API (https://api.aidefense.cisco.com) for:
 - Prompt injection detection
@@ -325,7 +325,7 @@ class AIDefenseAnalyzer(BaseAnalyzer):
                 }
             ]
             metadata = {
-                "source": "skill_analyzer",
+                "source": "skill_scanner",
                 "skill_name": skill_name,
                 "file_path": file_path,
                 "content_type": content_type,
@@ -465,7 +465,7 @@ class AIDefenseAnalyzer(BaseAnalyzer):
                 {"role": "user", "content": f"# Code Analysis for {file_path}\n```{language}\n{content[:15000]}\n```"}
             ]
             metadata = {
-                "source": "skill_analyzer",
+                "source": "skill_scanner",
                 "skill_name": skill_name,
                 "file_path": file_path,
                 "language": language,

{skillanalyzer → skill_scanner}/core/analyzers/behavioral/__init__.py

@@ -14,7 +14,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-"""Behavioral Analysis Package for Claude Skills.
+"""Behavioral Analysis Package for Agent Skills.
 
 This package provides enhanced behavioral analysis capabilities including:
 - Alignment verification between skill description and code behavior

{skillanalyzer → skill_scanner}/core/analyzers/behavioral/alignment/alignment_llm_client.py

@@ -192,7 +192,7 @@ class AlignmentLLMClient:
                     {
                         "role": "system",
                         "content": (
-                            "You are a security expert analyzing Claude Skills. "
+                            "You are a security expert analyzing agent skills. "
                             "You receive complete dataflow analysis and code context. "
                             "Analyze if the skill description accurately describes what the code actually does. "
                             "Respond ONLY with valid JSON. Do not include any markdown formatting or code blocks."

{skillanalyzer → skill_scanner}/core/analyzers/behavioral/alignment/alignment_prompt_builder.py

@@ -378,9 +378,9 @@ Parameter Flow Tracking:
         Returns:
             Embedded prompt template
         """
-        return """# Claude Skill Alignment Analysis
+        return """# Agent Skill Alignment Analysis
 
-You are a security expert analyzing Claude Skills for alignment mismatches between their
+You are a security expert analyzing agent skills for alignment mismatches between their
 described behavior and actual implementation.
 
 ## Your Task

{skillanalyzer → skill_scanner}/core/analyzers/behavioral_analyzer.py

@@ -15,7 +15,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 """
-Behavioral analyzer for Claude Skills using static dataflow analysis.
+Behavioral analyzer for agent skills using static dataflow analysis.
 
 Analyzes skill scripts using AST parsing, dataflow tracking, and description-behavior
 alignment checking. Detects threats through code analysis without execution.

skillanalyzer/core/analyzers/cross_skill_analyzer.py → skill_scanner/core/analyzers/cross_skill_scanner.py

@@ -15,7 +15,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 """
-Cross-skill analyzer for detecting coordinated attacks across multiple skills.
+Cross-skill scanner for detecting coordinated attacks across multiple skills.
 
 This analyzer looks for patterns that suggest multiple skills are working together
 to perform malicious activities, such as:
@@ -30,7 +30,7 @@ from ..models import Finding, Severity, Skill, ThreatCategory
 from .base import BaseAnalyzer
 
 
-class CrossSkillAnalyzer(BaseAnalyzer):
+class CrossSkillScanner(BaseAnalyzer):
     """
     Analyzes multiple skills together to detect coordinated attack patterns.
 
@@ -40,13 +40,13 @@ class CrossSkillAnalyzer(BaseAnalyzer):
     """
 
     def __init__(self):
-        """Initialize cross-skill analyzer."""
-        super().__init__("cross_skill_analyzer")
+        """Initialize cross-skill scanner."""
+        super().__init__("cross_skill_scanner")
         self._skills: list[Skill] = []
 
     def analyze(self, skill: Skill) -> list[Finding]:
         """
-        Analyze a single skill (no-op for cross-skill analyzer).
+        Analyze a single skill (no-op for cross-skill scanner).
 
         This analyzer only produces findings when analyzing skill sets.
         Call analyze_skill_set() instead.

{skillanalyzer → skill_scanner}/core/analyzers/llm_analyzer.py

@@ -273,16 +273,16 @@ class LLMAnalyzer(BaseAnalyzer):
             messages = [
                 {
                     "role": "system",
-                    "content": """You are a security expert analyzing Claude Skills. Follow the analysis framework provided.
+                    "content": """You are a security expert analyzing agent skills. Follow the analysis framework provided.
 
 When selecting AITech codes for findings, use these mappings:
 - AITech-1.1: Direct prompt injection in SKILL.md (jailbreak, instruction override)
-- AITech-1.2: Indirect prompt injection (transitive trust, following untrusted content)
-- AITech-2.1: Social engineering (deceptive descriptions/metadata)
+- AITech-1.2: Indirect prompt injection - instruction manipulation (embedding malicious instructions in external sources)
+- AITech-4.3: Protocol manipulation - capability inflation (skill discovery abuse, keyword baiting, over-broad claims)
 - AITech-8.2: Data exfiltration/exposure (unauthorized access, credential theft, hardcoded secrets)
 - AITech-9.1: Model/agentic manipulation (command injection, code injection, SQL injection, obfuscation)
 - AITech-12.1: Tool exploitation (tool poisoning, shadowing, unauthorized use)
-- AITech-13.3: Availability disruption (resource abuse, DoS, infinite loops)
+- AITech-13.1: Disruption of Availability (resource abuse, DoS, infinite loops) - AISubtech-13.1.1: Compute Exhaustion
 - AITech-15.1: Harmful/misleading content (deceptive content, misinformation)
 
 The structured output schema will enforce these exact codes.""",

{skillanalyzer → skill_scanner}/core/analyzers/llm_prompt_builder.py

@@ -47,7 +47,7 @@ class PromptBuilder:
                 self.protection_rules = protection_file.read_text(encoding="utf-8")
             else:
                 print(f"Warning: Protection rules file not found at {protection_file}")
-                self.protection_rules = "You are a security analyst analyzing Claude Skills."
+                self.protection_rules = "You are a security analyst analyzing agent skills."
 
             if threat_file.exists():
                 self.threat_analysis_prompt = threat_file.read_text(encoding="utf-8")
@@ -57,7 +57,7 @@ class PromptBuilder:
 
         except Exception as e:
             print(f"Warning: Failed to load prompts: {e}")
-            self.protection_rules = "You are a security analyst analyzing Claude Skills."
+            self.protection_rules = "You are a security analyst analyzing agent skills."
             self.threat_analysis_prompt = "Analyze for security threats."
 
     def build_threat_analysis_prompt(