cisco-ai-skill-scanner 1.0.0__py3-none-any.whl

skillanalyzer/config/__init__.py

@@ -0,0 +1,26 @@
+# Copyright 2026 Cisco Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+Configuration management for Claude Skill Analyzer.
+
+Mirrors MCP Scanner's config structure.
+"""
+
+from .config import Config
+from .constants import SkillAnalyzerConstants
+
+__all__ = ["Config", "SkillAnalyzerConstants"]

skillanalyzer/config/config.py

@@ -0,0 +1,149 @@
+# Copyright 2026 Cisco Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+Configuration class for Claude Skill Analyzer.
+
+Based on MCP Scanner's Config structure.
+"""
+
+import os
+from dataclasses import dataclass
+from pathlib import Path
+
+
+@dataclass
+class Config:
+    """
+    Configuration for Claude Skill Analyzer.
+
+    Mirrors MCP Scanner's Config class structure.
+    """
+
+    # LLM Configuration
+    llm_provider_api_key: str | None = None
+    llm_model: str = "claude-3-5-sonnet-20241022"
+    llm_base_url: str | None = None
+    llm_api_version: str | None = None
+    llm_max_tokens: int = 4000
+    llm_temperature: float = 0.0
+    llm_rate_limit_delay: float = 2.0
+    llm_max_retries: int = 3
+    llm_timeout: int = 120
+
+    # AWS Bedrock Configuration
+    aws_region_name: str = "us-east-1"
+    aws_profile_name: str | None = None
+    aws_session_token: str | None = None
+
+    # Analyzer Configuration
+    enable_static_analyzer: bool = True
+    enable_llm_analyzer: bool = False
+    enable_behavioral_analyzer: bool = False
+    enable_aidefense: bool = False
+
+    # VirusTotal Configuration
+    virustotal_api_key: str | None = None
+    virustotal_upload_files: bool = False
+
+    # AI Defense Configuration
+    aidefense_api_key: str | None = None
+
+    # Scanning Options
+    max_file_size_mb: int = 10
+    scan_timeout_seconds: int = 300
+
+    # Output Options
+    output_format: str = "summary"
+    detailed_output: bool = False
+
+    def __post_init__(self):
+        """Load configuration from environment variables if not provided."""
+
+        # LLM API key from environment
+        if self.llm_provider_api_key is None:
+            self.llm_provider_api_key = os.getenv("SKILL_SCANNER_LLM_API_KEY")
+
+        # LLM model from environment (only if still at default)
+        if self.llm_model == "claude-3-5-sonnet-20241022":
+            if env_model := os.getenv("SKILL_SCANNER_LLM_MODEL"):
+                self.llm_model = env_model
+
+        # AWS configuration from environment
+        if env_region := os.getenv("AWS_REGION"):
+            self.aws_region_name = env_region
+
+        if env_profile := os.getenv("AWS_PROFILE"):
+            self.aws_profile_name = env_profile
+
+        if env_session := os.getenv("AWS_SESSION_TOKEN"):
+            self.aws_session_token = env_session
+
+        # Analyzer toggles from environment
+        if os.getenv("ENABLE_STATIC_ANALYZER", "").lower() in ("false", "0"):
+            self.enable_static_analyzer = False
+
+        if os.getenv("ENABLE_LLM_ANALYZER", "").lower() in ("true", "1"):
+            self.enable_llm_analyzer = True
+
+        if os.getenv("ENABLE_BEHAVIORAL_ANALYZER", "").lower() in ("true", "1"):
+            self.enable_behavioral_analyzer = True
+
+        if os.getenv("ENABLE_AIDEFENSE", "").lower() in ("true", "1"):
+            self.enable_aidefense = True
+
+        # VirusTotal configuration from environment
+        if self.virustotal_api_key is None:
+            self.virustotal_api_key = os.getenv("VIRUSTOTAL_API_KEY")
+
+        if os.getenv("VIRUSTOTAL_UPLOAD_FILES", "").lower() in ("true", "1"):
+            self.virustotal_upload_files = True
+
+        # AI Defense configuration from environment
+        if self.aidefense_api_key is None:
+            self.aidefense_api_key = os.getenv("AI_DEFENSE_API_KEY")
+
+    @classmethod
+    def from_env(cls) -> "Config":
+        """
+        Create configuration from environment variables.
+
+        Returns:
+            Config instance with values from environment
+        """
+        return cls()
+
+    @classmethod
+    def from_file(cls, config_file: Path) -> "Config":
+        """
+        Load configuration from .env file.
+
+        Args:
+            config_file: Path to .env file
+
+        Returns:
+            Config instance
+        """
+        # Load .env file
+        if config_file.exists():
+            with open(config_file) as f:
+                for line in f:
+                    line = line.strip()
+                    if line and not line.startswith("#") and "=" in line:
+                        key, value = line.split("=", 1)
+                        os.environ[key.strip()] = value.strip()
+
+        return cls.from_env()

skillanalyzer/config/config_parser.py

@@ -0,0 +1,122 @@
+# Copyright 2026 Cisco Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""Configuration parser for Skill Analyzer.
+
+This module provides functionality to parse configuration files
+and environment variables for Skill Analyzer.
+"""
+
+import os
+from pathlib import Path
+
+from ..utils.logging_config import get_logger
+from .config import Config
+from .constants import SkillAnalyzerConstants
+
+logger = get_logger(__name__)
+
+
+def parse_config_from_env() -> Config:
+    """Parse configuration from environment variables.
+
+    Returns:
+        Config instance with values from environment variables.
+    """
+    config = Config()
+
+    # Parse LLM configuration - use SKILL_SCANNER_* env vars only
+    config.llm_provider_api_key = os.getenv("SKILL_SCANNER_LLM_API_KEY")
+    config.llm_model = os.getenv("SKILL_SCANNER_LLM_MODEL", "claude-3-5-sonnet-20241022")
+
+    # Parse analyzer flags
+    if os.getenv("USE_LLM_ANALYZER", "").lower() == "true":
+        config.enable_llm_analyzer = True
+    if os.getenv("USE_BEHAVIORAL_ANALYZER", "").lower() == "true":
+        config.enable_behavioral_analyzer = True
+
+    # Parse output format
+    output_format = os.getenv("OUTPUT_FORMAT", "summary").lower()
+    if output_format in ["json", "markdown", "summary", "table"]:
+        config.output_format = output_format
+
+    # Parse verbosity
+    if os.getenv("VERBOSE", "").lower() == "true":
+        config.detailed_output = True
+
+    return config
+
+
+def parse_config_file(config_path: str | None = None) -> Config:
+    """Parse configuration from a file.
+
+    Args:
+        config_path: Path to configuration file (optional).
+
+    Returns:
+        Config instance with values from file and environment.
+    """
+    config = parse_config_from_env()
+
+    if not config_path:
+        # Try to find default config file
+        default_paths = [
+            Path.home() / ".skillanalyzer" / "config.yaml",
+            Path.home() / ".skillanalyzer" / "config.json",
+            Path.cwd() / ".skillanalyzer.yaml",
+            Path.cwd() / ".skillanalyzer.json",
+        ]
+
+        for path in default_paths:
+            if path.exists():
+                config_path = str(path)
+                logger.debug(f"Found config file: {config_path}")
+                break
+
+    if config_path and Path(config_path).exists():
+        # For now, we'll parse environment variables
+        # In the future, this could parse YAML/JSON config files
+        logger.debug(f"Loading config from: {config_path}")
+        # TODO: Implement file parsing if needed
+
+    return config
+
+
+class ConfigParser:
+    """Parser for Skill Analyzer configuration files."""
+
+    def __init__(self):
+        """Initialize the config parser."""
+        self.constants = SkillAnalyzerConstants
+
+    def parse(self, config_path: str | None = None) -> Config:
+        """Parse configuration from file and environment.
+
+        Args:
+            config_path: Optional path to configuration file.
+
+        Returns:
+            Parsed Config instance.
+        """
+        return parse_config_file(config_path)
+
+    def get_default_config(self) -> Config:
+        """Get default configuration.
+
+        Returns:
+            Default Config instance.
+        """
+        return Config()

skillanalyzer/config/constants.py

@@ -0,0 +1,85 @@
+# Copyright 2026 Cisco Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+Constants for Claude Skill Analyzer.
+
+Mirrors MCP Scanner's constants structure.
+"""
+
+from pathlib import Path
+
+
+class SkillAnalyzerConstants:
+    """Constants used throughout the analyzer."""
+
+    # Version
+    VERSION = "0.2.0"
+
+    # Project paths
+    PROJECT_ROOT = Path(__file__).parent.parent.parent
+    PACKAGE_ROOT = Path(__file__).parent.parent
+
+    # Resource paths
+    DATA_DIR = PACKAGE_ROOT / "data"
+    PROMPTS_DIR = DATA_DIR / "prompts"
+    YARA_RULES_DIR = DATA_DIR / "yara_rules"
+    RULES_DIR = PACKAGE_ROOT / "core" / "rules"
+
+    # Default values
+    DEFAULT_MAX_FILE_SIZE_MB = 10
+    DEFAULT_SCAN_TIMEOUT = 300
+    DEFAULT_LLM_MODEL = "claude-3-5-sonnet-20241022"
+    DEFAULT_LLM_MAX_TOKENS = 4000
+    DEFAULT_LLM_TEMPERATURE = 0.0
+
+    # Severity levels
+    SEVERITY_CRITICAL = "CRITICAL"
+    SEVERITY_HIGH = "HIGH"
+    SEVERITY_MEDIUM = "MEDIUM"
+    SEVERITY_LOW = "LOW"
+    SEVERITY_INFO = "INFO"
+    SEVERITY_SAFE = "SAFE"
+
+    # Threat categories
+    THREAT_PROMPT_INJECTION = "prompt_injection"
+    THREAT_COMMAND_INJECTION = "command_injection"
+    THREAT_DATA_EXFILTRATION = "data_exfiltration"
+    THREAT_UNAUTHORIZED_TOOL = "unauthorized_tool_use"
+    THREAT_OBFUSCATION = "obfuscation"
+    THREAT_HARDCODED_SECRETS = "hardcoded_secrets"
+    THREAT_SOCIAL_ENGINEERING = "social_engineering"
+    THREAT_RESOURCE_ABUSE = "resource_abuse"
+
+    @classmethod
+    def get_prompts_path(cls) -> Path:
+        """Get path to prompts directory."""
+        return cls.PROMPTS_DIR
+
+    @classmethod
+    def get_rules_path(cls) -> Path:
+        """Get path to rules directory."""
+        return cls.RULES_DIR
+
+    @classmethod
+    def get_data_path(cls) -> Path:
+        """Get path to data directory."""
+        return cls.DATA_DIR
+
+    @classmethod
+    def get_yara_rules_path(cls) -> Path:
+        """Get path to YARA rules directory."""
+        return cls.YARA_RULES_DIR

skillanalyzer/core/__init__.py

@@ -0,0 +1,24 @@
+# Copyright 2026 Cisco Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+Core functionality for Claude Skill Analyzer.
+
+This module contains the core components including analyzers, scanner engine,
+and data models.
+"""
+
+__all__ = ["analyzers", "scanner", "loader", "models"]

skillanalyzer/core/analyzers/__init__.py

@@ -0,0 +1,75 @@
+# Copyright 2026 Cisco Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+Analyzer modules for detecting security vulnerabilities in Claude Skills.
+
+Structure mirrors MCP Scanner's analyzer organization.
+"""
+
+from .base import BaseAnalyzer
+
+__all__ = ["BaseAnalyzer"]
+
+# Import available analyzers (re-exported via __all__)
+try:
+    from .static import StaticAnalyzer  # noqa: F401
+
+    __all__.append("StaticAnalyzer")
+except (ImportError, ModuleNotFoundError):
+    pass
+
+try:
+    from .llm_analyzer import LLMAnalyzer, LLMProvider  # noqa: F401
+
+    __all__.extend(["LLMAnalyzer", "LLMProvider"])
+except (ImportError, ModuleNotFoundError):
+    pass
+
+try:
+    from .behavioral_analyzer import BehavioralAnalyzer  # noqa: F401
+
+    __all__.append("BehavioralAnalyzer")
+except (ImportError, ModuleNotFoundError):
+    pass
+
+try:
+    from .aidefense_analyzer import AIDefenseAnalyzer  # noqa: F401
+
+    __all__.append("AIDefenseAnalyzer")
+except (ImportError, ModuleNotFoundError):
+    pass
+
+try:
+    from .trigger_analyzer import TriggerAnalyzer  # noqa: F401
+
+    __all__.append("TriggerAnalyzer")
+except (ImportError, ModuleNotFoundError):
+    pass
+
+try:
+    from .cross_skill_analyzer import CrossSkillAnalyzer  # noqa: F401
+
+    __all__.append("CrossSkillAnalyzer")
+except (ImportError, ModuleNotFoundError):
+    pass
+
+try:
+    from .meta_analyzer import MetaAnalysisResult, MetaAnalyzer, apply_meta_analysis_to_results  # noqa: F401
+
+    __all__.extend(["MetaAnalyzer", "MetaAnalysisResult", "apply_meta_analysis_to_results"])
+except (ImportError, ModuleNotFoundError):
+    pass