cisco-ai-skill-scanner 1.0.0__tar.gz → 1.0.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (242) hide show
  1. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.github/ISSUE_TEMPLATE/bug_report.md +1 -1
  2. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.github/ISSUE_TEMPLATE/feature_request.md +2 -2
  3. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.github/PULL_REQUEST_TEMPLATE.md +3 -3
  4. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.github/workflows/python-tests.yml +6 -1
  5. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.gitignore +15 -0
  6. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/CODEOWNERS +1 -1
  7. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/CONTRIBUTING.md +4 -1
  8. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/PKG-INFO +28 -13
  9. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/README.md +26 -11
  10. cisco_ai_skill_scanner-1.0.2/SECURITY.md +57 -0
  11. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/TESTING.md +4 -4
  12. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/aidefense-analyzer.md +11 -11
  13. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/api-rationale.md +6 -6
  14. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/api-server.md +54 -43
  15. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/architecture.md +8 -8
  16. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/behavioral-analyzer.md +49 -32
  17. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/binary-handling.md +2 -2
  18. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/developing.md +7 -7
  19. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/llm-analyzer.md +9 -10
  20. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/meta-analyzer.md +9 -9
  21. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/quickstart.md +20 -20
  22. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/remote-skills-analysis.md +18 -18
  23. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/threat-taxonomy.md +29 -29
  24. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/EVALUATION_GUIDE.md +1 -1
  25. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/README.md +1 -1
  26. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/__init__.py +1 -1
  27. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/benchmark_runner.py +6 -6
  28. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/eval_runner.py +8 -8
  29. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/backdoor/magic-string-trigger/process.py +2 -2
  30. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/behavioral-analysis/multi-file-exfiltration/analyze.py +1 -1
  31. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/behavioral-analysis/multi-file-exfiltration/reporter.py +2 -2
  32. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/data-exfiltration/environment-secrets/get_info.py +1 -1
  33. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/obfuscation/base64-payload/process.py +1 -1
  34. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/prompt-injection/jailbreak-override/SKILL.md +1 -1
  35. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/safe-skills/simple-math/SKILL.md +1 -1
  36. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/test_skills/malicious/exfiltrator/analyze.py +1 -1
  37. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/test_skills/malicious/prompt-injection/SKILL.md +2 -1
  38. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/update_expected_findings.py +3 -3
  39. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/examples/__init__.py +1 -1
  40. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/examples/advanced_scanning.py +8 -8
  41. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/examples/api_usage.py +4 -4
  42. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/examples/basic_scan.py +2 -2
  43. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/examples/batch_scanning.py +4 -4
  44. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/examples/behavioral_analyzer_example.py +3 -3
  45. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/examples/integration_example.py +5 -5
  46. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/examples/llm_analyzer_example.py +5 -5
  47. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/examples/programmatic_usage.py +5 -5
  48. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/pyproject.toml +7 -7
  49. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/scripts/pre-commit-hook.sh +15 -15
  50. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/__init__.py +8 -4
  51. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/_version.py +2 -2
  52. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/api/__init__.py +1 -1
  53. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/api/api.py +4 -4
  54. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/api/api_cli.py +8 -8
  55. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/api/api_server.py +7 -7
  56. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/api/router.py +3 -3
  57. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/cli/__init__.py +1 -1
  58. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/cli/cli.py +71 -13
  59. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/config/__init__.py +3 -3
  60. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/config/config.py +2 -2
  61. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/config/config_parser.py +9 -9
  62. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/config/constants.py +2 -2
  63. cisco_ai_skill_scanner-1.0.2/skill_scanner/config/yara_modes.py +314 -0
  64. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/__init__.py +1 -1
  65. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/__init__.py +3 -3
  66. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/aidefense_analyzer.py +3 -3
  67. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/behavioral/__init__.py +1 -1
  68. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/behavioral/alignment/alignment_llm_client.py +1 -1
  69. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/behavioral/alignment/alignment_prompt_builder.py +2 -2
  70. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/behavioral_analyzer.py +1 -1
  71. cisco_ai_skill_scanner-1.0.0/skillanalyzer/core/analyzers/cross_skill_analyzer.py → cisco_ai_skill_scanner-1.0.2/skill_scanner/core/analyzers/cross_skill_scanner.py +5 -5
  72. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/llm_analyzer.py +4 -4
  73. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/llm_prompt_builder.py +2 -2
  74. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/meta_analyzer.py +52 -20
  75. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/static.py +185 -35
  76. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/trigger_analyzer.py +2 -2
  77. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/exceptions.py +10 -10
  78. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/loader.py +4 -4
  79. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/models.py +7 -6
  80. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/reporters/markdown_reporter.py +11 -5
  81. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/reporters/sarif_reporter.py +2 -2
  82. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/reporters/table_reporter.py +2 -2
  83. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/rules/yara_scanner.py +1 -1
  84. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/scanner.py +2 -2
  85. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/context_extractor.py +88 -14
  86. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/dataflow/__init__.py +1 -1
  87. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/interprocedural/call_graph_analyzer.py +2 -2
  88. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/parser/python_parser.py +5 -5
  89. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/data/__init__.py +1 -1
  90. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/data/prompts/boilerplate_protection_rule_prompt.md +5 -5
  91. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/data/prompts/code_alignment_threat_analysis_prompt.md +128 -53
  92. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/data/prompts/llm_response_schema.json +3 -3
  93. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/data/prompts/skill_meta_analysis_prompt.md +16 -15
  94. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/data/prompts/skill_threat_analysis_prompt.md +53 -17
  95. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/data/prompts/unified_response_schema.md +1 -1
  96. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/data/rules/signatures.yaml +143 -37
  97. cisco_ai_skill_scanner-1.0.2/skill_scanner/data/yara_rules/autonomy_abuse_generic.yara +66 -0
  98. cisco_ai_skill_scanner-1.0.0/skillanalyzer/data/yara_rules/skill_discovery_abuse.yara → cisco_ai_skill_scanner-1.0.2/skill_scanner/data/yara_rules/capability_inflation_generic.yara +7 -4
  99. cisco_ai_skill_scanner-1.0.2/skill_scanner/data/yara_rules/code_execution_generic.yara +76 -0
  100. cisco_ai_skill_scanner-1.0.0/skillanalyzer/data/yara_rules/coercive_injection.yara → cisco_ai_skill_scanner-1.0.2/skill_scanner/data/yara_rules/coercive_injection_generic.yara +2 -2
  101. cisco_ai_skill_scanner-1.0.2/skill_scanner/data/yara_rules/command_injection_generic.yara +77 -0
  102. cisco_ai_skill_scanner-1.0.0/skillanalyzer/data/yara_rules/credential_harvesting.yara → cisco_ai_skill_scanner-1.0.2/skill_scanner/data/yara_rules/credential_harvesting_generic.yara +25 -4
  103. cisco_ai_skill_scanner-1.0.0/skillanalyzer/data/yara_rules/transitive_trust_abuse.yara → cisco_ai_skill_scanner-1.0.2/skill_scanner/data/yara_rules/indirect_prompt_injection_generic.yara +8 -5
  104. cisco_ai_skill_scanner-1.0.0/skillanalyzer/data/yara_rules/prompt_injection.yara → cisco_ai_skill_scanner-1.0.2/skill_scanner/data/yara_rules/prompt_injection_generic.yara +2 -2
  105. cisco_ai_skill_scanner-1.0.0/skillanalyzer/data/yara_rules/unicode_steganography.yara → cisco_ai_skill_scanner-1.0.2/skill_scanner/data/yara_rules/prompt_injection_unicode_steganography.yara +23 -17
  106. cisco_ai_skill_scanner-1.0.2/skill_scanner/data/yara_rules/script_injection_generic.yara +82 -0
  107. cisco_ai_skill_scanner-1.0.0/skillanalyzer/data/yara_rules/sql_injection.yara → cisco_ai_skill_scanner-1.0.2/skill_scanner/data/yara_rules/sql_injection_generic.yara +22 -8
  108. cisco_ai_skill_scanner-1.0.2/skill_scanner/data/yara_rules/system_manipulation_generic.yara +79 -0
  109. cisco_ai_skill_scanner-1.0.2/skill_scanner/data/yara_rules/tool_chaining_abuse_generic.yara +72 -0
  110. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/hooks/__init__.py +1 -1
  111. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/hooks/pre_commit.py +16 -16
  112. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/threats/__init__.py +25 -3
  113. cisco_ai_skill_scanner-1.0.2/skill_scanner/threats/cisco_ai_taxonomy.py +274 -0
  114. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/threats/threats.py +28 -99
  115. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/utils/__init__.py +1 -1
  116. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/utils/command_utils.py +1 -1
  117. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/utils/di_container.py +1 -1
  118. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/utils/logging_config.py +7 -7
  119. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/__init__.py +1 -1
  120. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/behavioral/test_behavioral_analyzer.py +6 -6
  121. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/behavioral/test_enhanced_behavioral.py +15 -15
  122. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/static_analysis/test_static_analyzer.py +3 -3
  123. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_aidefense_analyzer.py +3 -3
  124. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_api_endpoints.py +2 -2
  125. cisco_ai_skill_scanner-1.0.2/tests/test_api_server_config.py +313 -0
  126. cisco_ai_skill_scanner-1.0.2/tests/test_cli_custom_rules.py +285 -0
  127. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_cli_formats.py +1 -1
  128. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_config.py +17 -17
  129. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_integration.py +10 -10
  130. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_llm_analyzer.py +9 -9
  131. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_loader.py +3 -3
  132. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_meta_analyzer.py +48 -36
  133. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_models.py +1 -1
  134. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_reporters.py +4 -4
  135. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_scanner.py +2 -2
  136. cisco_ai_skill_scanner-1.0.2/tests/test_taxonomy_validation.py +323 -0
  137. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_threats.py +1 -1
  138. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_virustotal_analyzer.py +3 -3
  139. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_virustotal_benign.py +3 -3
  140. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/test_virustotal_upload.py +4 -4
  141. cisco_ai_skill_scanner-1.0.2/tests/test_yara_modes.py +200 -0
  142. cisco_ai_skill_scanner-1.0.2/tests/test_yara_true_positives.py +259 -0
  143. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/uv.lock +1 -2
  144. cisco_ai_skill_scanner-1.0.0/SECURITY.md +0 -109
  145. cisco_ai_skill_scanner-1.0.0/skillanalyzer/data/yara_rules/autonomy_abuse.yara +0 -66
  146. cisco_ai_skill_scanner-1.0.0/skillanalyzer/data/yara_rules/code_execution.yara +0 -61
  147. cisco_ai_skill_scanner-1.0.0/skillanalyzer/data/yara_rules/command_injection.yara +0 -54
  148. cisco_ai_skill_scanner-1.0.0/skillanalyzer/data/yara_rules/script_injection.yara +0 -83
  149. cisco_ai_skill_scanner-1.0.0/skillanalyzer/data/yara_rules/system_manipulation.yara +0 -65
  150. cisco_ai_skill_scanner-1.0.0/skillanalyzer/data/yara_rules/tool_chaining_abuse.yara +0 -60
  151. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.cursor/rules/codeguard-0-additional-cryptography.mdc +0 -0
  152. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.cursor/rules/codeguard-0-framework-and-languages.mdc +0 -0
  153. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.cursor/rules/codeguard-0-iac-security.mdc +0 -0
  154. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.cursor/rules/codeguard-0-mobile-apps.mdc +0 -0
  155. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.cursor/rules/codeguard-0-supply-chain-security.mdc +0 -0
  156. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.cursor/rules/codeguard-1-crypto-algorithms.mdc +0 -0
  157. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.cursor/rules/codeguard-1-digital-certificates.mdc +0 -0
  158. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.cursor/rules/codeguard-1-hardcoded-credentials.mdc +0 -0
  159. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.env.example +0 -0
  160. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.github/workflows/integration-tests.yml +0 -0
  161. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.github/workflows/release.yml +0 -0
  162. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.pre-commit-config.yaml +0 -0
  163. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.windsurf/rules/codeguard-0-additional-cryptography.md +0 -0
  164. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.windsurf/rules/codeguard-0-framework-and-languages.md +0 -0
  165. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.windsurf/rules/codeguard-0-iac-security.md +0 -0
  166. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.windsurf/rules/codeguard-0-mobile-apps.md +0 -0
  167. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.windsurf/rules/codeguard-0-supply-chain-security.md +0 -0
  168. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.windsurf/rules/codeguard-1-crypto-algorithms.md +0 -0
  169. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.windsurf/rules/codeguard-1-digital-certificates.md +0 -0
  170. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.windsurf/rules/codeguard-1-hardcoded-credentials.md +0 -0
  171. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/CODE_OF_CONDUCT.md +0 -0
  172. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/LICENSE +0 -0
  173. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/HOW_EVAL_WORKS.md +0 -0
  174. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/backdoor/magic-string-trigger/SKILL.md +0 -0
  175. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/backdoor/magic-string-trigger/_expected.json +0 -0
  176. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/behavioral-analysis/multi-file-exfiltration/SKILL.md +0 -0
  177. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/behavioral-analysis/multi-file-exfiltration/_expected.json +0 -0
  178. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/behavioral-analysis/multi-file-exfiltration/collector.py +0 -0
  179. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/behavioral-analysis/multi-file-exfiltration/encoder.py +0 -0
  180. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/command-injection/eval-execution/SKILL.md +0 -0
  181. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/command-injection/eval-execution/_expected.json +0 -0
  182. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/command-injection/eval-execution/calculate.py +0 -0
  183. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/data-exfiltration/environment-secrets/SKILL.md +0 -0
  184. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/data-exfiltration/environment-secrets/_expected.json +0 -0
  185. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/obfuscation/base64-payload/SKILL.md +0 -0
  186. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/obfuscation/base64-payload/_expected.json +0 -0
  187. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/path-traversal/file-reader/SKILL.md +0 -0
  188. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/path-traversal/file-reader/_expected.json +0 -0
  189. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/path-traversal/file-reader/read.py +0 -0
  190. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/prompt-injection/jailbreak-override/_expected.json +0 -0
  191. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/resource-exhaustion/infinite-loop/SKILL.md +0 -0
  192. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/resource-exhaustion/infinite-loop/_expected.json +0 -0
  193. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/resource-exhaustion/infinite-loop/analyze.py +0 -0
  194. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/safe-skills/simple-math/_expected.json +0 -0
  195. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/safe-skills/simple-math/math_ops.py +0 -0
  196. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/safe-skills-2/file-validator/SKILL.md +0 -0
  197. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/safe-skills-2/file-validator/_expected.json +0 -0
  198. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/safe-skills-2/file-validator/validate.py +0 -0
  199. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/sql-injection/database-query/SKILL.md +0 -0
  200. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/sql-injection/database-query/_expected.json +0 -0
  201. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/skills/sql-injection/database-query/query.py +0 -0
  202. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/test_skills/malicious/eicar-test/SKILL.md +0 -0
  203. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/test_skills/malicious/eicar-test/_expected.json +0 -0
  204. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/test_skills/malicious/eicar-test/assets/test-binary.bin +0 -0
  205. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/test_skills/malicious/exfiltrator/SKILL.md +0 -0
  206. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/test_skills/malicious/exfiltrator/_expected.json +0 -0
  207. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/test_skills/safe/simple-formatter/SKILL.md +0 -0
  208. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/test_skills/safe/simple-formatter/_expected.json +0 -0
  209. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/evals/test_skills/safe/simple-formatter/formatter.py +0 -0
  210. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/base.py +0 -0
  211. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/behavioral/alignment/__init__.py +0 -0
  212. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/behavioral/alignment/alignment_orchestrator.py +0 -0
  213. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/behavioral/alignment/alignment_response_validator.py +0 -0
  214. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/behavioral/alignment/threat_vulnerability_classifier.py +0 -0
  215. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/llm_provider_config.py +0 -0
  216. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/llm_request_handler.py +0 -0
  217. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/llm_response_parser.py +0 -0
  218. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/analyzers/virustotal_analyzer.py +0 -0
  219. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/reporters/__init__.py +0 -0
  220. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/reporters/json_reporter.py +0 -0
  221. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/rules/__init__.py +0 -0
  222. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/rules/patterns.py +0 -0
  223. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/__init__.py +0 -0
  224. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/cfg/__init__.py +0 -0
  225. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/cfg/builder.py +0 -0
  226. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/dataflow/forward_analysis.py +0 -0
  227. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/interprocedural/__init__.py +0 -0
  228. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/interprocedural/cross_file_analyzer.py +0 -0
  229. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/parser/__init__.py +0 -0
  230. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/semantic/__init__.py +0 -0
  231. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/semantic/name_resolver.py +0 -0
  232. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/semantic/type_analyzer.py +0 -0
  233. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/taint/__init__.py +0 -0
  234. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/taint/tracker.py +0 -0
  235. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/core/static_analysis/types/__init__.py +0 -0
  236. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/utils/file_utils.py +0 -0
  237. {cisco_ai_skill_scanner-1.0.0/skillanalyzer → cisco_ai_skill_scanner-1.0.2/skill_scanner}/utils/logging_utils.py +0 -0
  238. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/behavioral/README.md +0 -0
  239. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/behavioral/__init__.py +0 -0
  240. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/conftest.py +0 -0
  241. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/static_analysis/README.md +0 -0
  242. {cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/tests/static_analysis/__init__.py +0 -0
{cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.github/ISSUE_TEMPLATE/bug_report.md RENAMED
@@ -13,7 +13,7 @@ A clear and concise description of the bug.
13
13
  ## Steps to Reproduce
14
14
 
15
15
  1. Install version: [e.g., 0.2.0]
16
- 2. Run command: `skill-analyzer scan ...`
16
+ 2. Run command: `skill-scanner scan ...`
17
17
  3. Observe error: [describe what happened]
18
18
 
19
19
  ## Expected Behavior
{cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.github/ISSUE_TEMPLATE/feature_request.md RENAMED
@@ -29,7 +29,7 @@ Describe a specific scenario where this feature would be useful.
29
29
  **Example:**
30
30
  ```bash
31
31
  # How the feature would be used
32
- skill-analyzer scan /path/to/skill --your-new-feature
32
+ skill-scanner scan /path/to/skill --your-new-feature
33
33
  ```
34
34
 
35
35
  ## Benefits
@@ -53,4 +53,4 @@ Screenshots, mockups, links to similar features in other tools, etc.
53
53
  - [ ] I have searched existing issues/PRs for similar requests
54
54
  - [ ] I have described a clear use case
55
55
  - [ ] I have considered implementation complexity
56
- - [ ] This aligns with the project's goals (security scanning for Claude Skills)
56
+ - [ ] This aligns with the project's goals (security scanning for Agent Skills)
{cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.github/PULL_REQUEST_TEMPLATE.md RENAMED
@@ -41,7 +41,7 @@ Describe manual testing performed:
41
41
 
42
42
  ```bash
43
43
  # Commands run for testing
44
- skill-analyzer scan examples/test-skill
44
+ skill-scanner scan examples/test-skill
45
45
  ```
46
46
 
47
47
  **Results:**
@@ -71,8 +71,8 @@ skill-analyzer scan examples/test-skill
71
71
  - [ ] No eval/exec on user input without sanitization
72
72
 
73
73
  ### Testing
74
- - [ ] Tests pass: `pytest tests/ -q`
75
- - [ ] Benchmark passes: `python evals/benchmark_runner.py`
74
+ - [ ] Tests pass: `uv run pre-commit run --all-files`
75
+ - [ ] Benchmark passes: `uv run python evals/benchmark_runner.py`
76
76
  - [ ] No regressions in existing functionality
77
77
  - [ ] Edge cases covered
78
78
 
{cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.github/workflows/python-tests.yml RENAMED
@@ -13,6 +13,11 @@ jobs:
13
13
  - name: Checkout code
14
14
  uses: actions/checkout@v4
15
15
 
16
+ - name: Set up Go
17
+ uses: actions/setup-go@v5
18
+ with:
19
+ go-version: "1.22"
20
+
16
21
  - name: Set up Python for uv
17
22
  uses: astral-sh/setup-uv@v6.7.0
18
23
 
@@ -79,7 +84,7 @@ jobs:
79
84
  run: |
80
85
  uv run pytest tests/ \
81
86
  --ignore=tests/test_llm_analyzer.py \
82
- -v --tb=short --cov=skillanalyzer --cov-report=xml
87
+ -v --tb=short --cov=skill_scanner --cov-report=xml
83
88
 
84
89
  - name: Upload coverage to Codecov
85
90
  uses: codecov/codecov-action@v4
{cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/.gitignore RENAMED
@@ -5,6 +5,8 @@ __pycache__/
5
5
  *.so
6
6
  .Python
7
7
  build/
8
+ # Auto-generated version file (hatch-vcs)
9
+ skill_scanner/_version.py
8
10
  develop-eggs/
9
11
  dist/
10
12
  downloads/
@@ -81,3 +83,16 @@ Thumbs.db
81
83
  # Local environment files
82
84
  .env.local
83
85
  .env.*.local
86
+
87
+ # Local benchmark and analysis data
88
+ .local_benchmark/
89
+
90
+ # Agent/AI tool configs (user-specific)
91
+ .agent/
92
+ .agents/
93
+ .claude/
94
+ .codex/
95
+ .cursor/skills/
96
+
97
+ # Jupyter notebooks (local analysis)
98
+ *.ipynb
{cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/CODEOWNERS RENAMED
@@ -1,3 +1,3 @@
1
1
  # CODEOWNERS
2
2
  # The first matching pattern takes precedence.
3
- * @cisco-ai-defense/skill-analyzer-reviewers
3
+ * @cisco-ai-defense/skill-scanner-reviewers
{cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/CONTRIBUTING.md RENAMED
@@ -17,6 +17,7 @@ in any real-time space e.g., Slack, Discord, etc.
17
17
  ## Development Setup
18
18
 
19
19
  See [docs/developing.md](/docs/developing.md) for complete environment setup instructions, including:
20
+
20
21
  - Installing prerequisites (Python 3.10+, uv)
21
22
  - Cloning and configuring the repository
22
23
  - Installing dependencies and pre-commit hooks
@@ -48,6 +49,8 @@ major version release.
48
49
  ### Pull Request Checklist
49
50
 
50
51
  - [ ] All pre-commit hooks pass (`uv run pre-commit run --all-files`)
52
+ - [ ] All unit tests pass (`uv run pytest tests/`)
53
+ - [ ] All benchmarks pass without significant regressions (`uv run python evals/benchmark_runner.py`)
51
54
  - [ ] Tests added/updated for changes (see [TESTING.md](/TESTING.md))
52
55
  - [ ] Documentation updated if needed
53
56
  - [ ] Commit messages follow conventional format (e.g., `feat:`, `fix:`, `docs:`)
@@ -62,7 +65,7 @@ you can do:
62
65
  _[Reporting Issues](#reporting-issues)_ section, providing feedback to the
63
66
  issue's author on what might be missing.
64
67
  - Review and update the existing content of our
65
- [Wiki](https://github.com/cisco-ai-defense/skill-scanner/wiki) with up-to-date
68
+ [Wiki](https://deepwiki.com/cisco-ai-defense/skill-scanner) with up-to-date
66
69
  instructions and code samples.
67
70
  - Review existing pull requests, and testing patches against real existing
68
71
  applications that use `skill-scanner`.
{cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/PKG-INFO RENAMED
@@ -1,7 +1,7 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: cisco-ai-skill-scanner
3
- Version: 1.0.0
4
- Summary: Security scanner for Claude Skills and Codex Skills packages - Detects prompt injection, data exfiltration, and malicious code
3
+ Version: 1.0.2
4
+ Summary: Security scanner for Agent Skills packages - Detects prompt injection, data exfiltration, and malicious code
5
5
  Project-URL: Homepage, https://github.com/cisco-ai-defense/skill-scanner
6
6
  Project-URL: Documentation, https://github.com/cisco-ai-defense/skill-scanner#readme
7
7
  Project-URL: Repository, https://github.com/cisco-ai-defense/skill-scanner
@@ -68,14 +68,14 @@ Description-Content-Type: text/markdown
68
68
 
69
69
  A security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. Combines **pattern-based detection** (YAML + YARA), **LLM-as-a-judge**, and **behavioral dataflow analysis** for comprehensive threat detection.
70
70
 
71
- Supports [Anthropic Claude Skills](https://docs.anthropic.com/en/docs/agents-and-tools/claude-skills), [OpenAI Codex Skills](https://openai.github.io/codex/), and [Cursor Agent Skills](https://docs.cursor.com/context/rules) formats following the [Agent Skills specification](https://agentskills.io).
71
+ Supports [OpenAI Codex Skills](https://openai.github.io/codex/) and [Cursor Agent Skills](https://docs.cursor.com/context/rules) formats following the [Agent Skills specification](https://agentskills.io).
72
72
 
73
73
  ---
74
74
 
75
75
  ## Highlights
76
76
 
77
77
  - **Multi-Engine Detection** - Static analysis, behavioral dataflow, LLM semantic analysis, and cloud-based scanning
78
- - **False Positive Filtering** - Meta-analyzer achieves ~65% noise reduction while maintaining 100% threat detection
78
+ - **False Positive Filtering** - Meta-analyzer significantly reduces noise while preserving detection capability
79
79
  - **CI/CD Ready** - SARIF output for GitHub Code Scanning, exit codes for build failures
80
80
  - **Extensible** - Plugin architecture for custom analyzers
81
81
 
@@ -151,29 +151,41 @@ export AI_DEFENSE_API_KEY="your_aidefense_api_key"
151
151
 
152
152
  ```bash
153
153
  # Scan a single skill (static analyzer only)
154
- skill-analyzer scan /path/to/skill
154
+ skill-scanner scan /path/to/skill
155
155
 
156
156
  # Scan with behavioral analyzer (dataflow analysis)
157
- skill-analyzer scan /path/to/skill --use-behavioral
157
+ skill-scanner scan /path/to/skill --use-behavioral
158
158
 
159
159
  # Scan with all engines
160
- skill-analyzer scan /path/to/skill --use-behavioral --use-llm --use-aidefense
160
+ skill-scanner scan /path/to/skill --use-behavioral --use-llm --use-aidefense
161
161
 
162
162
  # Scan with meta-analyzer for false positive filtering
163
- skill-analyzer scan /path/to/skill --use-llm --enable-meta
163
+ skill-scanner scan /path/to/skill --use-llm --enable-meta
164
164
 
165
165
  # Scan multiple skills recursively
166
- skill-analyzer scan-all /path/to/skills --recursive --use-behavioral
166
+ skill-scanner scan-all /path/to/skills --recursive --use-behavioral
167
167
 
168
168
  # CI/CD: Fail build if threats found
169
- skill-analyzer scan-all ./skills --fail-on-findings --format sarif --output results.sarif
169
+ skill-scanner scan-all ./skills --fail-on-findings --format sarif --output results.sarif
170
+
171
+ # Use custom YARA rules
172
+ skill-scanner scan /path/to/skill --custom-rules /path/to/my-rules/
173
+
174
+ # Disable specific noisy rules
175
+ skill-scanner scan /path/to/skill --disable-rule YARA_script_injection --disable-rule MANIFEST_MISSING_LICENSE
176
+
177
+ # Strict mode (more findings, higher FP rate)
178
+ skill-scanner scan /path/to/skill --yara-mode strict
179
+
180
+ # Permissive mode (fewer findings, may miss some threats)
181
+ skill-scanner scan /path/to/skill --yara-mode permissive
170
182
  ```
171
183
 
172
184
  ### Python SDK
173
185
 
174
186
  ```python
175
- from skillanalyzer import SkillScanner
176
- from skillanalyzer.core.analyzers import StaticAnalyzer, BehavioralAnalyzer
187
+ from skill_scanner import SkillScanner
188
+ from skill_scanner.core.analyzers import StaticAnalyzer, BehavioralAnalyzer
177
189
 
178
190
  # Create scanner with analyzers
179
191
  scanner = SkillScanner(analyzers=[
@@ -215,13 +227,16 @@ print(f"Findings: {len(result.findings)}")
215
227
  | `--format` | Output: `summary`, `json`, `markdown`, `table`, `sarif` |
216
228
  | `--output PATH` | Save report to file |
217
229
  | `--fail-on-findings` | Exit with error if HIGH/CRITICAL found |
230
+ | `--yara-mode` | Detection mode: `strict`, `balanced` (default), `permissive` |
231
+ | `--custom-rules PATH` | Use custom YARA rules from directory |
232
+ | `--disable-rule RULE` | Disable specific rule (can repeat) |
218
233
 
219
234
  ---
220
235
 
221
236
  ## Example Output
222
237
 
223
238
  ```
224
- $ skill-analyzer scan ./my-skill --use-behavioral
239
+ $ skill-scanner scan ./my-skill --use-behavioral
225
240
 
226
241
  ============================================================
227
242
  Skill: my-skill
{cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/README.md RENAMED
@@ -10,14 +10,14 @@
10
10
 
11
11
  A security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. Combines **pattern-based detection** (YAML + YARA), **LLM-as-a-judge**, and **behavioral dataflow analysis** for comprehensive threat detection.
12
12
 
13
- Supports [Anthropic Claude Skills](https://docs.anthropic.com/en/docs/agents-and-tools/claude-skills), [OpenAI Codex Skills](https://openai.github.io/codex/), and [Cursor Agent Skills](https://docs.cursor.com/context/rules) formats following the [Agent Skills specification](https://agentskills.io).
13
+ Supports [OpenAI Codex Skills](https://openai.github.io/codex/) and [Cursor Agent Skills](https://docs.cursor.com/context/rules) formats following the [Agent Skills specification](https://agentskills.io).
14
14
 
15
15
  ---
16
16
 
17
17
  ## Highlights
18
18
 
19
19
  - **Multi-Engine Detection** - Static analysis, behavioral dataflow, LLM semantic analysis, and cloud-based scanning
20
- - **False Positive Filtering** - Meta-analyzer achieves ~65% noise reduction while maintaining 100% threat detection
20
+ - **False Positive Filtering** - Meta-analyzer significantly reduces noise while preserving detection capability
21
21
  - **CI/CD Ready** - SARIF output for GitHub Code Scanning, exit codes for build failures
22
22
  - **Extensible** - Plugin architecture for custom analyzers
23
23
 
@@ -93,29 +93,41 @@ export AI_DEFENSE_API_KEY="your_aidefense_api_key"
93
93
 
94
94
  ```bash
95
95
  # Scan a single skill (static analyzer only)
96
- skill-analyzer scan /path/to/skill
96
+ skill-scanner scan /path/to/skill
97
97
 
98
98
  # Scan with behavioral analyzer (dataflow analysis)
99
- skill-analyzer scan /path/to/skill --use-behavioral
99
+ skill-scanner scan /path/to/skill --use-behavioral
100
100
 
101
101
  # Scan with all engines
102
- skill-analyzer scan /path/to/skill --use-behavioral --use-llm --use-aidefense
102
+ skill-scanner scan /path/to/skill --use-behavioral --use-llm --use-aidefense
103
103
 
104
104
  # Scan with meta-analyzer for false positive filtering
105
- skill-analyzer scan /path/to/skill --use-llm --enable-meta
105
+ skill-scanner scan /path/to/skill --use-llm --enable-meta
106
106
 
107
107
  # Scan multiple skills recursively
108
- skill-analyzer scan-all /path/to/skills --recursive --use-behavioral
108
+ skill-scanner scan-all /path/to/skills --recursive --use-behavioral
109
109
 
110
110
  # CI/CD: Fail build if threats found
111
- skill-analyzer scan-all ./skills --fail-on-findings --format sarif --output results.sarif
111
+ skill-scanner scan-all ./skills --fail-on-findings --format sarif --output results.sarif
112
+
113
+ # Use custom YARA rules
114
+ skill-scanner scan /path/to/skill --custom-rules /path/to/my-rules/
115
+
116
+ # Disable specific noisy rules
117
+ skill-scanner scan /path/to/skill --disable-rule YARA_script_injection --disable-rule MANIFEST_MISSING_LICENSE
118
+
119
+ # Strict mode (more findings, higher FP rate)
120
+ skill-scanner scan /path/to/skill --yara-mode strict
121
+
122
+ # Permissive mode (fewer findings, may miss some threats)
123
+ skill-scanner scan /path/to/skill --yara-mode permissive
112
124
  ```
113
125
 
114
126
  ### Python SDK
115
127
 
116
128
  ```python
117
- from skillanalyzer import SkillScanner
118
- from skillanalyzer.core.analyzers import StaticAnalyzer, BehavioralAnalyzer
129
+ from skill_scanner import SkillScanner
130
+ from skill_scanner.core.analyzers import StaticAnalyzer, BehavioralAnalyzer
119
131
 
120
132
  # Create scanner with analyzers
121
133
  scanner = SkillScanner(analyzers=[
@@ -157,13 +169,16 @@ print(f"Findings: {len(result.findings)}")
157
169
  | `--format` | Output: `summary`, `json`, `markdown`, `table`, `sarif` |
158
170
  | `--output PATH` | Save report to file |
159
171
  | `--fail-on-findings` | Exit with error if HIGH/CRITICAL found |
172
+ | `--yara-mode` | Detection mode: `strict`, `balanced` (default), `permissive` |
173
+ | `--custom-rules PATH` | Use custom YARA rules from directory |
174
+ | `--disable-rule RULE` | Disable specific rule (can repeat) |
160
175
 
161
176
  ---
162
177
 
163
178
  ## Example Output
164
179
 
165
180
  ```
166
- $ skill-analyzer scan ./my-skill --use-behavioral
181
+ $ skill-scanner scan ./my-skill --use-behavioral
167
182
 
168
183
  ============================================================
169
184
  Skill: my-skill
cisco_ai_skill_scanner-1.0.2/SECURITY.md ADDED
@@ -0,0 +1,57 @@
1
+ # Security Policies and Procedures
2
+
3
+ This document outlines security procedures and general policies for the
4
+ `skill-scanner` project.
5
+
6
+ - [Disclosing a security issue](#disclosing-a-security-issue)
7
+ - [Vulnerability management](#vulnerability-management)
8
+ - [Suggesting changes](#suggesting-changes)
9
+
10
+ ## Disclosing a security issue
11
+
12
+ The `skill-scanner` maintainers take all security issues in the project
13
+ seriously. Thank you for improving the security of `skill-scanner`. We
14
+ appreciate your dedication to responsible disclosure and will make every effort
15
+ to acknowledge your contributions.
16
+
17
+ `skill-scanner` leverages GitHub's private vulnerability reporting.
18
+
19
+ To learn more about this feature and how to submit a vulnerability report,
20
+ review [GitHub's documentation on private reporting](https://docs.github.com/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability).
21
+
22
+ Here are some helpful details to include in your report:
23
+
24
+ - a detailed description of the issue
25
+ - the steps required to reproduce the issue
26
+ - versions of the project that may be affected by the issue
27
+ - if known, any mitigations for the issue
28
+
29
+ A maintainer will acknowledge the report within three (3) business days, and
30
+ will send a more detailed response within an additional three (3) business days
31
+ indicating the next steps in handling your report.
32
+
33
+ If you've been unable to successfully draft a vulnerability report via GitHub
34
+ or have not received a response during the alloted response window, please
35
+ reach out via the [Cisco Open security contact email](mailto:oss-security@cisco.com).
36
+
37
+ After the initial reply to your report, the maintainers will endeavor to keep
38
+ you informed of the progress towards a fix and full announcement, and may ask
39
+ for additional information or guidance.
40
+
41
+ ## Vulnerability management
42
+
43
+ When the maintainers receive a disclosure report, they will assign it to a
44
+ primary handler.
45
+
46
+ This person will coordinate the fix and release process, which involves the
47
+ following steps:
48
+
49
+ - confirming the issue
50
+ - determining affected versions of the project
51
+ - auditing code to find any potential similar problems
52
+ - preparing fixes for all releases under maintenance
53
+
54
+ ## Suggesting changes
55
+
56
+ If you have suggestions on how this process could be improved please submit an
57
+ issue or pull request.
{cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/TESTING.md RENAMED
@@ -1,6 +1,6 @@
1
1
  # Testing Guide
2
2
 
3
- This document covers testing requirements and procedures for contributing to the Skill Analyzer.
3
+ This document covers testing requirements and procedures for contributing to the Skill Scanner.
4
4
 
5
5
  ## Quick Reference
6
6
 
@@ -9,7 +9,7 @@ This document covers testing requirements and procedures for contributing to the
9
9
  uv run pytest tests/ -v
10
10
 
11
11
  # Run tests with coverage
12
- uv run pytest tests/ --cov=skillanalyzer --cov-report=html
12
+ uv run pytest tests/ --cov=skill_scanner --cov-report=html
13
13
 
14
14
  # Run evaluation benchmark
15
15
  uv run python evals/benchmark_runner.py
@@ -103,7 +103,7 @@ For detailed evaluation documentation, see [evals/README.md](/evals/README.md).
103
103
 
104
104
  ```bash
105
105
  # Generate HTML coverage report
106
- uv run pytest tests/ --cov=skillanalyzer --cov-report=html
106
+ uv run pytest tests/ --cov=skill_scanner --cov-report=html
107
107
 
108
108
  # View report (opens in browser)
109
109
  open htmlcov/index.html # macOS
@@ -123,7 +123,7 @@ xdg-open htmlcov/index.html # Linux
123
123
  ```python
124
124
  # tests/test_example.py
125
125
  import pytest
126
- from skillanalyzer.core.scanner import SkillScanner
126
+ from skill_scanner.core.scanner import SkillScanner
127
127
 
128
128
  class TestExampleFeature:
129
129
  """Tests for example feature."""
{cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/aidefense-analyzer.md RENAMED
@@ -2,7 +2,7 @@
2
2
 
3
3
  ## Overview
4
4
 
5
- The AI Defense Analyzer integrates with Cisco AI Defense API to provide enterprise-grade security scanning for Claude Skills. It analyzes prompts, instructions, markdown content, and code files for threats including prompt injection, data exfiltration, and malicious patterns.
5
+ The AI Defense Analyzer integrates with Cisco AI Defense API to provide enterprise-grade security scanning for Agent Skills. It analyzes prompts, instructions, markdown content, and code files for threats including prompt injection, data exfiltration, and malicious patterns.
6
6
 
7
7
  ## Features
8
8
 
@@ -56,23 +56,23 @@ echo "AI_DEFENSE_API_KEY=your_key" >> .env
56
56
 
57
57
  ```bash
58
58
  # Enable AI Defense analyzer
59
- skill-analyzer scan /path/to/skill --use-aidefense
59
+ skill-scanner scan /path/to/skill --use-aidefense
60
60
 
61
61
  # Provide API key directly
62
- skill-analyzer scan /path/to/skill --use-aidefense --aidefense-api-key your_key
62
+ skill-scanner scan /path/to/skill --use-aidefense --aidefense-api-key your_key
63
63
 
64
64
  # Combine with other analyzers
65
- skill-analyzer scan /path/to/skill --use-behavioral --use-llm --use-aidefense
65
+ skill-scanner scan /path/to/skill --use-behavioral --use-llm --use-aidefense
66
66
 
67
67
  # Scan multiple skills
68
- skill-analyzer scan-all /path/to/skills --recursive --use-aidefense
68
+ skill-scanner scan-all /path/to/skills --recursive --use-aidefense
69
69
  ```
70
70
 
71
71
  ### Python API
72
72
 
73
73
  ```python
74
- from skillanalyzer.core.analyzers import AIDefenseAnalyzer
75
- from skillanalyzer.core.loader import load_skill
74
+ from skill_scanner.core.analyzers import AIDefenseAnalyzer
75
+ from skill_scanner.core.loader import load_skill
76
76
 
77
77
  # Initialize analyzer with default rules
78
78
  analyzer = AIDefenseAnalyzer(
@@ -82,7 +82,7 @@ analyzer = AIDefenseAnalyzer(
82
82
  )
83
83
 
84
84
  # Initialize with custom rules
85
- from skillanalyzer.core.analyzers.aidefense_analyzer import DEFAULT_ENABLED_RULES
85
+ from skill_scanner.core.analyzers.aidefense_analyzer import DEFAULT_ENABLED_RULES
86
86
 
87
87
  custom_rules = [
88
88
  {"rule_name": "Prompt Injection"},
@@ -112,8 +112,8 @@ findings = asyncio.run(scan_skill())
112
112
  ### Integration with Scanner
113
113
 
114
114
  ```python
115
- from skillanalyzer import SkillScanner
116
- from skillanalyzer.core.analyzers import StaticAnalyzer, AIDefenseAnalyzer
115
+ from skill_scanner import SkillScanner
116
+ from skill_scanner.core.analyzers import StaticAnalyzer, AIDefenseAnalyzer
117
117
 
118
118
  # Combine analyzers
119
119
  analyzers = [
@@ -169,7 +169,7 @@ For comprehensive coverage, combine AI Defense with other analyzers:
169
169
 
170
170
  ```bash
171
171
  # Maximum coverage
172
- skill-analyzer scan /path/to/skill \
172
+ skill-scanner scan /path/to/skill \
173
173
  --use-behavioral \
174
174
  --use-llm \
175
175
  --use-aidefense \
{cisco_ai_skill_scanner-1.0.0 → cisco_ai_skill_scanner-1.0.2}/docs/api-rationale.md RENAMED
@@ -1,8 +1,8 @@
1
1
  # API Server Rationale
2
2
 
3
- ## Question: Is an API Server Necessary for Skill Analyzer?
3
+ ## Question: Is an API Server Necessary for Skill Scanner?
4
4
 
5
- Unlike MCP Scanner, which scans **remote MCP servers** (HTTP/SSE/stdio connections), Skill Analyzer scans **local skill packages** (files/directories). This raises the question: is an API server necessary?
5
+ Unlike MCP Scanner, which scans **remote MCP servers** (HTTP/SSE/stdio connections), Skill Scanner scans **local skill packages** (files/directories). While an API server is less critical for Skill Scanner, it can provide additional support for CI/CD integration, web interfaces, service integrations, and batch processing. Read below for more details.
6
6
 
7
7
  ## Analysis
8
8
 
@@ -13,12 +13,12 @@ Unlike MCP Scanner, which scans **remote MCP servers** (HTTP/SSE/stdio connectio
13
13
  - API server enables scanning servers you don't control
14
14
  - Essential for the use case (scanning external services)
15
15
 
16
- **Skill Analyzer:**
16
+ **Skill Scanner:**
17
17
  - Scans **local** skill packages (files/directories)
18
18
  - Skills are **always local** - there are no remote skills (unlike MCP servers)
19
19
  - Skills are distributed as ZIP files or directories that users install locally
20
20
  - Can be scanned directly via CLI or Python SDK
21
- - **Key Point**: Remote Claude Skills do not exist - skills are local file packages
21
+ - **Key Point**: Remote skills do not exist - skills are local file packages
22
22
 
23
23
  ### Use Cases Where API is Valuable
24
24
 
@@ -95,9 +95,9 @@ Despite skills being local files, an API server provides value for:
95
95
 
96
96
  ## Conclusion
97
97
 
98
- **Critical Finding**: Remote Claude Skills **do not exist**. Skills are local file packages that users install on their machines, not remote services like MCP servers.
98
+ **Critical Finding**: Remote skills **do not exist**. Skills are local file packages that users install on their machines, not remote services like MCP servers.
99
99
 
100
- While the API server is **less critical** for Skill Analyzer than for MCP Scanner (since there are no remote skills to scan), it still provides value for:
100
+ While the API server is **less critical** for Skill Scanner than for MCP Scanner (since there are no remote skills to scan), it still provides value for:
101
101
  - CI/CD integration (uploading skill ZIP files)
102
102
  - Web interfaces (uploading skill packages)
103
103
  - Service integrations (HTTP-based workflows)