PyPI - cisco-ai-skill-scanner - Versions diffs - 1.0.1__py3-none-any.whl → 1.0.2__py3-none-any.whl - Mend

cisco-ai-skill-scanner 1.0.1py3-none-any.whl → 1.0.2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

{cisco_ai_skill_scanner-1.0.1.dist-info → cisco_ai_skill_scanner-1.0.2.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cisco-ai-skill-scanner
-Version: 1.0.1
+Version: 1.0.2
 Summary: Security scanner for Agent Skills packages - Detects prompt injection, data exfiltration, and malicious code
 Project-URL: Homepage, https://github.com/cisco-ai-defense/skill-scanner
 Project-URL: Documentation, https://github.com/cisco-ai-defense/skill-scanner#readme
@@ -167,6 +167,18 @@ skill-scanner scan-all /path/to/skills --recursive --use-behavioral
 # CI/CD: Fail build if threats found
 skill-scanner scan-all ./skills --fail-on-findings --format sarif --output results.sarif
+# Use custom YARA rules
+skill-scanner scan /path/to/skill --custom-rules /path/to/my-rules/
+# Disable specific noisy rules
+skill-scanner scan /path/to/skill --disable-rule YARA_script_injection --disable-rule MANIFEST_MISSING_LICENSE
+# Strict mode (more findings, higher FP rate)
+skill-scanner scan /path/to/skill --yara-mode strict
+# Permissive mode (fewer findings, may miss some threats)
+skill-scanner scan /path/to/skill --yara-mode permissive
 ```
 ### Python SDK
@@ -215,6 +227,9 @@ print(f"Findings: {len(result.findings)}")
 | `--format` | Output: `summary`, `json`, `markdown`, `table`, `sarif` |
 | `--output PATH` | Save report to file |
 | `--fail-on-findings` | Exit with error if HIGH/CRITICAL found |
+| `--yara-mode` | Detection mode: `strict`, `balanced` (default), `permissive` |
+| `--custom-rules PATH` | Use custom YARA rules from directory |
+| `--disable-rule RULE` | Disable specific rule (can repeat) |
 ---

{cisco_ai_skill_scanner-1.0.1.dist-info → cisco_ai_skill_scanner-1.0.2.dist-info}/RECORD RENAMED Viewed

@@ -1,33 +1,34 @@
 skill_scanner/__init__.py,sha256=QuGYhgc529C5Cjtk3Th5t7-Qkx9kxOv6E2GK6soGZQw,1383
-skill_scanner/_version.py,sha256=JvmBpae6cHui8lSCsCcZQAxzawN2NERHGsr-rIUeJMo,704
+skill_scanner/_version.py,sha256=ZTgKq8LPNy3l9uR2ke-VtLhvvl5l71frQ9wO76n1L5k,704
 skill_scanner/api/__init__.py,sha256=vhuGqXgBx70izjHQOa-cWm3cbHlKhkpEiRjpusQ49vo,746
 skill_scanner/api/api.py,sha256=5fFYh1e1JE06pNtZw-7zMcQMc791ubNlck0VjWzskq8,1027
-skill_scanner/api/api_cli.py,sha256=wMJHSrQWWSg5idCLaWa-irPqhigtt_o1QVukMKvpfGY,2372
-skill_scanner/api/api_server.py,sha256=cjN2P4xHXitKAI9aLztn9bKcFyVxm-2rpsy1OaVxwQo,21110
+skill_scanner/api/api_cli.py,sha256=NcBQyhW1YtFi97A7btNMyC3wtBxk07dRsZdOhFNKt-Q,2378
+skill_scanner/api/api_server.py,sha256=liHVVSOaLoYOYBGyg3DWKJSVPMZF7L26uPvLKrtg9R4,21112
 skill_scanner/api/router.py,sha256=3u5qPWO48iF09oIm-3oxYkqqO4hT50jCaNQTr2TBfYc,17411
 skill_scanner/cli/__init__.py,sha256=UOFAWN8z8nMviFLHiFrtlcHn4eGbbRZc4B2q8yWlTno,755
-skill_scanner/cli/cli.py,sha256=rnV2C2X-lNqSxPM3rNJ6J9Gde1kap9IAiBnOtpmCbXY,35485
+skill_scanner/cli/cli.py,sha256=AFFJbsZ7GnA4bYUbivgqbjTWlWiwWU4oMGy96WBybkE,37747
 skill_scanner/config/__init__.py,sha256=S0hMvyq3Vi0wWET74XmbPQmBTBkLXtqFca5PcTYosUM,837
 skill_scanner/config/config.py,sha256=SvK9lvTNjpygc80pamDaGDtOhh99qGBG3EJiFKfEVzc,4698
 skill_scanner/config/config_parser.py,sha256=kGPawiniy35fyUoJvnwRsJsgtIiAjSXHhE3joUcZtn8,3772
 skill_scanner/config/constants.py,sha256=re2KkOtvSnxSJgkamdIU0fjdQ-fUSHX1eQSEfKDXjTA,2512
+skill_scanner/config/yara_modes.py,sha256=1jgdVdLWC_oSJPuk4BCeUZU9lm9X7NwiDjTXeSCeGpw,11425
 skill_scanner/core/__init__.py,sha256=fC3n7lJs_G8CFz2Vg1gfGFe6b0pBiCUs7MRW4kCM1CY,822
 skill_scanner/core/exceptions.py,sha256=F4k2RDXIxrrnNsAsHn7wR277i2dNOXdK-NK0r-m3nF0,2007
 skill_scanner/core/loader.py,sha256=cIU7e5MZHxryr-7UiGwI76eM0Zbm-LrmRGI0mP1_17A,13541
-skill_scanner/core/models.py,sha256=vWAhDpAm4y8Flqp18cH4R4Vh8eOKNHrAHmsx68jXyOk,10551
+skill_scanner/core/models.py,sha256=Zkp_CUHfXpWLSY_ceXLqazdIIqMJqaicWzxIQW0HgSk,10591
 skill_scanner/core/scanner.py,sha256=zAtM3Hbs_NNbYV7iq-9W2BURO-H23uRJ-E14S2h_wek,14830
 skill_scanner/core/analyzers/__init__.py,sha256=tctB8Q30gA5V4pdR5yoSpxyIKJZkFTJwowUq6UwddQo,2132
 skill_scanner/core/analyzers/aidefense_analyzer.py,sha256=ws61J3KJsz1DiuucBPCdsWN8ACI_iurtDQzWtFqfCA8,36468
 skill_scanner/core/analyzers/base.py,sha256=4BN6dHLn2Q9hQMLAJTSJXsl6tZgfCqqBxZO9icuu70Q,1374
 skill_scanner/core/analyzers/behavioral_analyzer.py,sha256=dvdTdwUKHqnmEa1nsChcdlJ0V_WvcZrGyHX5uYe0clI,19076
 skill_scanner/core/analyzers/cross_skill_scanner.py,sha256=MTedSXhLagZeXEtvkPV8m_48GqoHMWkh9rR9FR9puLQ,18934
-skill_scanner/core/analyzers/llm_analyzer.py,sha256=6_b0DYTPSA0opLNnQzyuAoVfxgI8PFkEhJEeB-Ajd3w,17835
+skill_scanner/core/analyzers/llm_analyzer.py,sha256=biH2g_hych5dAecQL7bKi3GsW9P_nPGerRiEeoOLr2I,17963
 skill_scanner/core/analyzers/llm_prompt_builder.py,sha256=28OCgMUE0T-A6GkF5sUY0qPFvaKC1jhB6jPjVPbePsw,10160
 skill_scanner/core/analyzers/llm_provider_config.py,sha256=pbVx7N9OCohjIWjENMq-kiy6_svTn4IYvQfPxlR0M_Y,8488
 skill_scanner/core/analyzers/llm_request_handler.py,sha256=nz_gjnDTr0dT2GbfQMqKR6-n63x38AcB5G4UnPHLY9s,11679
 skill_scanner/core/analyzers/llm_response_parser.py,sha256=wO5ovd4se-KqIPwdZX-r0_tozaJEDUx7Q7yajKntPwk,2682
-skill_scanner/core/analyzers/meta_analyzer.py,sha256=oIMmRfIsS-LUa7qyTpS8HTrGu0TqpUbrrV6gUa5dugU,33371
-skill_scanner/core/analyzers/static.py,sha256=JAUYefYH1Oa3qnFmk78Sw7OuzcCwC1d8BFX6Hoh0wtM,45208
+skill_scanner/core/analyzers/meta_analyzer.py,sha256=9nFZFinooTuKaAO-CM_HTJxopw2GPxnn5ZXvJ2ZORCU,35017
+skill_scanner/core/analyzers/static.py,sha256=5mDPHbiD5jHxjGenfX68owXY6DqEkqaKRADkLpTQn48,51979
 skill_scanner/core/analyzers/trigger_analyzer.py,sha256=bmJjaGdSqsAyvOIehHbMjLrDWysd7YV9J9TXgMvTEe0,12268
 skill_scanner/core/analyzers/virustotal_analyzer.py,sha256=V7nG-fR2GhfdZhh8JVNvM6gOqRyUGsuxHN1yNRvmw6M,15988
 skill_scanner/core/analyzers/behavioral/__init__.py,sha256=aTuJyqDbylHE2Ags_LaYLbbOkkJxkTDP--VBU-KMPgs,1069
@@ -39,14 +40,14 @@ skill_scanner/core/analyzers/behavioral/alignment/alignment_response_validator.p
 skill_scanner/core/analyzers/behavioral/alignment/threat_vulnerability_classifier.py,sha256=DCXnbs9Fa2ajFT0We4sOo6nxIk7O_Pc0z01fGMDHsRg,7227
 skill_scanner/core/reporters/__init__.py,sha256=XCqeM_kiS1uvcwymDreueQ2KOzMhG5_4vQgxzReJS4w,943
 skill_scanner/core/reporters/json_reporter.py,sha256=JLlPTbs8ncMJHAXZk7iBWCHdL5Qn2PqHOQldHeH2ZGE,1798
-skill_scanner/core/reporters/markdown_reporter.py,sha256=SPLztJIhOVi0knocvSCCByWdsXWp3rQ1E63VGHaxgm8,7840
+skill_scanner/core/reporters/markdown_reporter.py,sha256=khOEHC2mshwu97EF3KW2f00l-VvHpq0_HkVzCsWAKm8,8064
 skill_scanner/core/reporters/sarif_reporter.py,sha256=8BUUerHX-gpE-5HYAipfCLH3GdlVuul43ZItHDAB7Bw,8289
 skill_scanner/core/reporters/table_reporter.py,sha256=sotaDM2VzaX4vCR-OrF3GyIX_yv7wWhzS_doyc1I1XE,7044
 skill_scanner/core/rules/__init__.py,sha256=zGlTBVjihqxgg0BKmhdGkyeCzSvRjVEASjBh-M0sn_8,680
 skill_scanner/core/rules/patterns.py,sha256=OuJ6mPlQVy9R8g1Pn9ozWIC8iWfDEuQamdDW5Uu8200,5833
 skill_scanner/core/rules/yara_scanner.py,sha256=U-qYrb92n3664cTt7ynRTMVGGsxhfrSU0OOYV-BnxKc,5326
 skill_scanner/core/static_analysis/__init__.py,sha256=meZnZQj7ChgHek6fIrfd-YInolXCqI37HTUTlQWEm7w,930
-skill_scanner/core/static_analysis/context_extractor.py,sha256=bUOmrkwzUxAVD1_64TZt4eHOhzH42db1W39VPibdmk8,29785
+skill_scanner/core/static_analysis/context_extractor.py,sha256=v3UUugDuC4WHGnHc2gcHLa6awlVpQZIBhCmCxFsuBes,32264
 skill_scanner/core/static_analysis/cfg/__init__.py,sha256=jkvx12ZGddbRVu_0b04Bamr7JX084yD6BLxgOUEHT1w,816
 skill_scanner/core/static_analysis/cfg/builder.py,sha256=Tm1GZ56rfOoNx-3WLmn2MNov2KzPKN-QZgJbBG-9D2c,14932
 skill_scanner/core/static_analysis/dataflow/__init__.py,sha256=eVdTh0JOvQvtKG96gqs_1VvIU0_sRNkV6sXZz6X9o7I,833
@@ -64,37 +65,38 @@ skill_scanner/core/static_analysis/taint/tracker.py,sha256=1WExA8NAV62X5Az64grI4
 skill_scanner/core/static_analysis/types/__init__.py,sha256=XluM6BlZ8ECfdAD-231ONJn13UeDdAGmirPAVc0zePk,937
 skill_scanner/data/__init__.py,sha256=eeZz0MhPMEV-PAx8Eqpbb4ey6EHbXT5g8j-DC4427A4,969
 skill_scanner/data/prompts/boilerplate_protection_rule_prompt.md,sha256=DNXYx13Mcbn2q9hw4msTDDbq_VcYCiVkqBZVFSNfzOg,1471
-skill_scanner/data/prompts/code_alignment_threat_analysis_prompt.md,sha256=OzOOFVCbhSHFYCd4Xg3_q0tIlOe32YRFOje-lZTyYws,25406
-skill_scanner/data/prompts/llm_response_schema.json,sha256=nBPlsOtuqv0zwIns4YY7uZsaAM0uPZ7mkcqe8tNDHl8,2971
-skill_scanner/data/prompts/skill_meta_analysis_prompt.md,sha256=aufAuj71GtMq9jwZfQoXAaZj0x43BAeBhC-fahc3bk4,13926
-skill_scanner/data/prompts/skill_threat_analysis_prompt.md,sha256=sg38JO8PvmxlpPudqzmUhGdv66A6d_Bj4dPiGVc_g8U,11629
+skill_scanner/data/prompts/code_alignment_threat_analysis_prompt.md,sha256=j5U3YVKMM5HOndCl3cc_4CA190zBj9Z9tP8rLqz-M7c,25686
+skill_scanner/data/prompts/llm_response_schema.json,sha256=xIxrWgPMWqL130AuV0-QkQIHAfQTK-NeJVPrsSIzL2s,3076
+skill_scanner/data/prompts/skill_meta_analysis_prompt.md,sha256=_3jbZVKOiJx47V2d6rQ4sc4MpKFC9oN_7-c7_LxPUs8,14179
+skill_scanner/data/prompts/skill_threat_analysis_prompt.md,sha256=ycE_a43c7qhUT6HwbP8zoKwTTNx3Nx4FyPuxicJ6r5I,11813
 skill_scanner/data/prompts/unified_response_schema.md,sha256=-f1EDpKzxjMMFFxXlakS3rORyLtD1_2XiuNwnty1nQs,3571
-skill_scanner/data/rules/signatures.yaml,sha256=EfP_gQk2tTNLNTaJK1si_yfg6XpmxGDGSaQCqpTnxvs,16465
-skill_scanner/data/yara_rules/autonomy_abuse.yara,sha256=5rbbKXvdWrrIi29T_nBhOQB9erUO8vqK_6TjWok-V2U,2581
-skill_scanner/data/yara_rules/code_execution.yara,sha256=mdXAEqi_Upphzt-NhGascbdG5hu8-UDEiRMfq0lgvWc,1896
-skill_scanner/data/yara_rules/coercive_injection.yara,sha256=3QNzoiHDyhk1zUXHv7_COtCBSsr-bb--H4wKeNRCbBM,5359
-skill_scanner/data/yara_rules/command_injection.yara,sha256=gwZ531smAPzLU1iodtX1JuZOyM_2RwKtBj_SfKjt_20,2163
-skill_scanner/data/yara_rules/credential_harvesting.yara,sha256=7W0pSKpW2KAmek1qP_DpjMHKuswv5L36tWusjuEl6Pc,5643
-skill_scanner/data/yara_rules/prompt_injection.yara,sha256=q5tT7-L__x9RCjdAbFLcs9mSs8gZOmPPzjbdNKRwIHE,2715
-skill_scanner/data/yara_rules/script_injection.yara,sha256=pzVPd7b9WNAS5iw8ZMoUgojKSBlEeSTLHLBho8UiMmA,3100
-skill_scanner/data/yara_rules/skill_discovery_abuse.yara,sha256=l1a2YESrARelhByvKxKaOdohKntMqxYGVcusp-1ZZCk,2452
-skill_scanner/data/yara_rules/sql_injection.yara,sha256=pWq3ccqEvQtWz4fU8dQOkhCgVl6US9SZJDfuBU_YCY4,3691
-skill_scanner/data/yara_rules/system_manipulation.yara,sha256=XoO17sZrarzdC58yyHaIz8z36x5xyxzmQXBnkYdoYfM,2231
-skill_scanner/data/yara_rules/tool_chaining_abuse.yara,sha256=1SyF3_j3VJysDvn1uKkuP9G7F4EhMYXMrq7Xcn1UURI,2255
-skill_scanner/data/yara_rules/transitive_trust_abuse.yara,sha256=8YMYbM5qwn-pqn8EFHJwpKvWyk__n9vEI7bH_MLzF2k,2772
-skill_scanner/data/yara_rules/unicode_steganography.yara,sha256=5UxTvcy8CeWJLrPeldgJ9rY5gfODlC9bTNOkCauuOJA,2650
+skill_scanner/data/rules/signatures.yaml,sha256=GY41ZCvc2HIInwSnIYKLyHTK36J2hdOFyT-wRUhB3GU,19451
+skill_scanner/data/yara_rules/autonomy_abuse_generic.yara,sha256=epgJRIj_qOYSZSsOQi4Tnv99T8rqbltNbZhECczRQXw,3097
+skill_scanner/data/yara_rules/capability_inflation_generic.yara,sha256=RkDaqDtkcLULxr1Vb0XQ-5Q1BMwErkYcKx-sH6u0f1I,2610
+skill_scanner/data/yara_rules/code_execution_generic.yara,sha256=c5W7h5Vl4rLgAabL9As4IkmNSbf4aAbzIH4kiaSYce4,3057
+skill_scanner/data/yara_rules/coercive_injection_generic.yara,sha256=LQcfpAuzY1zC9N_xT-qfi72fCJm7mY0C2l89eFdTMKE,5363
+skill_scanner/data/yara_rules/command_injection_generic.yara,sha256=vl1a4yYXloJk4lMFHbCmj16l0Th9IRDHu4_zH168sFY,3318
+skill_scanner/data/yara_rules/credential_harvesting_generic.yara,sha256=iwgBlMt85i3VOrDkBMfHvwtO6PhF1Igh6m3Uj3CBOEI,7192
+skill_scanner/data/yara_rules/indirect_prompt_injection_generic.yara,sha256=AHGYsEu6pRbNkpsb_sGOKaYSzpIR809ixxjxxRjaWY0,2977
+skill_scanner/data/yara_rules/prompt_injection_generic.yara,sha256=OJMKzA1D6QXEEoogMnIeGp6NT308N5OY78uWjJBoODI,2752
+skill_scanner/data/yara_rules/prompt_injection_unicode_steganography.yara,sha256=yALtLuRpoCu9toc5Wk3Av_W4GiWDFmpVNYaF2k3IAyk,3048
+skill_scanner/data/yara_rules/script_injection_generic.yara,sha256=C4k3okg0APx0s4qxwSJc0swhp9AfAsACggnl-LYIoJg,3513
+skill_scanner/data/yara_rules/sql_injection_generic.yara,sha256=Eu3EhTgYFGaOTjujMjwsjvnPrBihnfvq_9URCwDYyME,4642
+skill_scanner/data/yara_rules/system_manipulation_generic.yara,sha256=hY1XmpYoKD6Eywwa51lL1DUXjwV7h1WRXk4TWYWzbic,3136
+skill_scanner/data/yara_rules/tool_chaining_abuse_generic.yara,sha256=-sLNCZePTzk49exbQAorTCqKu-1bWWRD7oI6i2mj7kk,2867
 skill_scanner/hooks/__init__.py,sha256=W7_Xr71Edm6eHKz9_vZgpERbr0Wx2cyTxPn4YJaGg6o,739
 skill_scanner/hooks/pre_commit.py,sha256=dtajQcyAlSaH15J1O9HHQ67xrGj2P6M2pHN6MZ0htwY,13207
-skill_scanner/threats/__init__.py,sha256=9qlA659fV2Ngl-nV3INIrbVDvXzevHy0F9YAmu_kPWE,875
-skill_scanner/threats/threats.py,sha256=egFsT1crNlWQH3szG8yYIURMXXGh7GJnH3wI8w05nfI,21449
+skill_scanner/threats/__init__.py,sha256=TpqVYCcjQGGpcsTR_1iIvrTT55Sd1ed15sVfGVfZJwk,1320
+skill_scanner/threats/cisco_ai_taxonomy.py,sha256=pXBPgwqfFgKN8Jax3aue66v306aETX6bOSgoRu-zUMg,12910
+skill_scanner/threats/threats.py,sha256=7r0V0HJFWI7m-PMoZECnwK3ANKyTzTYM3bEUG2tgUH8,17981
 skill_scanner/utils/__init__.py,sha256=mmzKMNaDQ3EtmD2zr_68gMatm4OETbVNtEXuVESxzJs,906
 skill_scanner/utils/command_utils.py,sha256=74rojYVuVWpv-HVdW0qTIzq0ySPdpBuyNTdIQZDakUM,4291
 skill_scanner/utils/di_container.py,sha256=O3aaQVKcu4t1YUXl9iCZxjSBXnvgddlTgmEp0De_g04,4585
 skill_scanner/utils/file_utils.py,sha256=LT2xwrbqIWaYC-BYAL9zpF6a2xk6QNUVzItvGGJcBn8,2043
 skill_scanner/utils/logging_config.py,sha256=8LJwRCVM-oED_6KRDvtjaL8cvEoR88seX1pDyILeQV4,2939
 skill_scanner/utils/logging_utils.py,sha256=CLdOYmQdJejiLbcECTT2CbDU27PJ327AFMmeuVfCy94,1902
-cisco_ai_skill_scanner-1.0.1.dist-info/METADATA,sha256=Ph3EsZ9hjAj9CbQGa8Cew3SM1iF3RfHowlfVifp_37I,9166
-cisco_ai_skill_scanner-1.0.1.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-cisco_ai_skill_scanner-1.0.1.dist-info/entry_points.txt,sha256=Qpg94wQPc6kWF_KQ-jf2tL_wCJ3aJfZ4V4vsYz50GIw,175
-cisco_ai_skill_scanner-1.0.1.dist-info/licenses/LICENSE,sha256=b4va5sK_CWxpeDnOO2MF0MKqsiwU-3YblMmWKnmuWZg,653
-cisco_ai_skill_scanner-1.0.1.dist-info/RECORD,,
+cisco_ai_skill_scanner-1.0.2.dist-info/METADATA,sha256=EzizoVjYbxLZk_xxnyv052t5bNdvd7APCYXzbDd-Xh8,9827
+cisco_ai_skill_scanner-1.0.2.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+cisco_ai_skill_scanner-1.0.2.dist-info/entry_points.txt,sha256=Qpg94wQPc6kWF_KQ-jf2tL_wCJ3aJfZ4V4vsYz50GIw,175
+cisco_ai_skill_scanner-1.0.2.dist-info/licenses/LICENSE,sha256=b4va5sK_CWxpeDnOO2MF0MKqsiwU-3YblMmWKnmuWZg,653
+cisco_ai_skill_scanner-1.0.2.dist-info/RECORD,,

skill_scanner/_version.py CHANGED Viewed

@@ -28,7 +28,7 @@ version_tuple: VERSION_TUPLE
 commit_id: COMMIT_ID
 __commit_id__: COMMIT_ID
-__version__ = version = '1.0.1'
-__version_tuple__ = version_tuple = (1, 0, 1)
+__version__ = version = '1.0.2'
+__version_tuple__ = version_tuple = (1, 0, 2)
 __commit_id__ = commit_id = None

skill_scanner/api/api_cli.py CHANGED Viewed

@@ -39,11 +39,11 @@ Examples:
   skill-scanner-api --reload
   # Custom host and port
-  skill-scanner-api --host 0.0.0.0 --port 9000
+  skill-scanner-api --host localhost --port 9000
         """,
     )
-    parser.add_argument("--host", default="0.0.0.0", help="Host to bind to (default: 0.0.0.0)")
+    parser.add_argument("--host", default="localhost", help="Host to bind to (default: localhost)")
     parser.add_argument("--port", type=int, default=8000, help="Port to bind to (default: 8000)")

skill_scanner/api/api_server.py CHANGED Viewed

@@ -616,7 +616,7 @@ async def list_analyzers():
 # Entry point for running the server
-def run_server(host: str = "0.0.0.0", port: int = 8000, reload: bool = False):
+def run_server(host: str = "localhost", port: int = 8000, reload: bool = False):
     """
     Run the API server.

skill_scanner/cli/cli.py CHANGED Viewed

@@ -62,8 +62,19 @@ def scan_command(args):
         print(f"Error: Directory does not exist: {skill_dir}", file=sys.stderr)
         return 1
+    # Get YARA mode and custom rules from args
+    yara_mode = getattr(args, "yara_mode", "balanced")
+    custom_rules_path = getattr(args, "custom_rules", None)
+    disabled_rules = set(getattr(args, "disabled_rules", None) or [])
     # Create scanner with configured analyzers
-    analyzers = [StaticAnalyzer()]
+    analyzers = [
+        StaticAnalyzer(
+            yara_mode=yara_mode,
+            custom_yara_rules_path=custom_rules_path,
+            disabled_rules=disabled_rules,
+        )
+    ]
     # Helper to print status messages - go to stderr when JSON output to avoid breaking parsing
     is_json_output = getattr(args, "format", "summary") == "json"
@@ -273,8 +284,19 @@ def scan_all_command(args):
         print(f"Error: Directory does not exist: {skills_dir}", file=sys.stderr)
         return 1
+    # Get YARA mode and custom rules from args
+    yara_mode = getattr(args, "yara_mode", "balanced")
+    custom_rules_path = getattr(args, "custom_rules", None)
+    disabled_rules = set(getattr(args, "disabled_rules", None) or [])
     # Create scanner with configured analyzers
-    analyzers = [StaticAnalyzer()]
+    analyzers = [
+        StaticAnalyzer(
+            yara_mode=yara_mode,
+            custom_yara_rules_path=custom_rules_path,
+            disabled_rules=disabled_rules,
+        )
+    ]
     # Helper to print status messages - go to stderr when JSON output to avoid breaking parsing
     is_json_output = getattr(args, "format", "summary") == "json"
@@ -728,6 +750,24 @@ Examples:
         action="store_true",
         help="Enable meta-analysis for false positive filtering and finding prioritization (requires 2+ analyzers including LLM)",
     )
+    scan_parser.add_argument(
+        "--yara-mode",
+        choices=["strict", "balanced", "permissive"],
+        default="balanced",
+        help="YARA detection mode: strict (max security, more FPs), balanced (default), permissive (fewer FPs, may miss threats)",
+    )
+    scan_parser.add_argument(
+        "--custom-rules",
+        metavar="PATH",
+        help="Path to directory containing custom YARA rules (.yara files) to use instead of built-in rules",
+    )
+    scan_parser.add_argument(
+        "--disable-rule",
+        action="append",
+        metavar="RULE_NAME",
+        dest="disabled_rules",
+        help="Disable a specific rule by name (can be used multiple times). Example: --disable-rule YARA_script_injection",
+    )
     # Scan-all command
     scan_all_parser = subparsers.add_parser("scan-all", help="Scan multiple skill packages")
@@ -783,6 +823,24 @@ Examples:
         action="store_true",
         help="Enable meta-analysis for false positive filtering and finding prioritization (requires 2+ analyzers including LLM)",
     )
+    scan_all_parser.add_argument(
+        "--yara-mode",
+        choices=["strict", "balanced", "permissive"],
+        default="balanced",
+        help="YARA detection mode: strict (max security, more FPs), balanced (default), permissive (fewer FPs, may miss threats)",
+    )
+    scan_all_parser.add_argument(
+        "--custom-rules",
+        metavar="PATH",
+        help="Path to directory containing custom YARA rules (.yara files) to use instead of built-in rules",
+    )
+    scan_all_parser.add_argument(
+        "--disable-rule",
+        action="append",
+        metavar="RULE_NAME",
+        dest="disabled_rules",
+        help="Disable a specific rule by name (can be used multiple times). Example: --disable-rule YARA_script_injection",
+    )
     # List analyzers command
     subparsers.add_parser("list-analyzers", help="List available analyzers")

skill_scanner/config/yara_modes.py ADDED Viewed

@@ -0,0 +1,314 @@
+# Copyright 2026 Cisco Systems, Inc. and its affiliates
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+"""
+YARA Mode Configuration System
+Provides configurable detection modes to balance false positives vs true positives:
+- STRICT: Maximum security, higher false positives acceptable
+- BALANCED: Default mode, good tradeoff between FP and TP
+- PERMISSIVE: Minimize false positives, may miss some threats
+- CUSTOM: User-defined thresholds
+Each mode configures:
+- Rule-specific thresholds
+- Post-processing filters
+- Enabled/disabled rule sets
+"""
+from dataclasses import dataclass, field
+from enum import Enum
+from typing import Optional
+class YaraMode(Enum):
+    """YARA detection mode presets."""
+    STRICT = "strict"
+    BALANCED = "balanced"
+    PERMISSIVE = "permissive"
+    CUSTOM = "custom"
+@dataclass
+class UnicodeStegConfig:
+    """Configuration for unicode steganography detection."""
+    # Zero-width character thresholds
+    zerowidth_threshold_with_decode: int = 50  # When dangerous code is present
+    zerowidth_threshold_alone: int = 200  # Without dangerous code context
+    # Enable/disable specific patterns
+    detect_rtl_override: bool = True
+    detect_ltl_override: bool = True
+    detect_line_separators: bool = True
+    detect_unicode_tags: bool = True
+    detect_variation_selectors: bool = True
+@dataclass
+class CredentialHarvestingConfig:
+    """Configuration for credential harvesting detection."""
+    # Placeholder filtering
+    filter_placeholder_patterns: bool = True
+    # Specific API key patterns
+    detect_ai_api_keys: bool = True
+    detect_aws_keys: bool = True
+    detect_ssh_keys: bool = True
+    detect_env_exfiltration: bool = True
+@dataclass
+class ToolChainingConfig:
+    """Configuration for tool chaining abuse detection."""
+    # Post-filter settings
+    filter_api_documentation: bool = True
+    filter_generic_http_verbs: bool = True
+    filter_email_field_mentions: bool = True
+    # Pattern detection
+    detect_read_send: bool = True
+    detect_collect_exfil: bool = True
+    detect_env_network: bool = True
+@dataclass
+class YaraModeConfig:
+    """Complete YARA mode configuration."""
+    mode: YaraMode = YaraMode.BALANCED
+    description: str = ""
+    # Rule-specific configs
+    unicode_steg: UnicodeStegConfig = field(default_factory=UnicodeStegConfig)
+    credential_harvesting: CredentialHarvestingConfig = field(default_factory=CredentialHarvestingConfig)
+    tool_chaining: ToolChainingConfig = field(default_factory=ToolChainingConfig)
+    # Global settings
+    enabled_rules: set[str] = field(default_factory=set)  # Empty = all enabled
+    disabled_rules: set[str] = field(default_factory=set)
+    @classmethod
+    def strict(cls) -> "YaraModeConfig":
+        """
+        STRICT mode: Maximum security, accept higher FP rate.
+        Use when:
+        - Scanning untrusted/external skills
+        - Security audit requirements
+        - Compliance scanning
+        """
+        return cls(
+            mode=YaraMode.STRICT,
+            description="Maximum security - flags more potential threats",
+            unicode_steg=UnicodeStegConfig(
+                zerowidth_threshold_with_decode=20,  # Lower threshold
+                zerowidth_threshold_alone=100,
+            ),
+            credential_harvesting=CredentialHarvestingConfig(
+                filter_placeholder_patterns=False,  # Don't filter - flag for review
+            ),
+            tool_chaining=ToolChainingConfig(
+                filter_api_documentation=False,
+                filter_generic_http_verbs=False,
+            ),
+        )
+    @classmethod
+    def balanced(cls) -> "YaraModeConfig":
+        """
+        BALANCED mode: Default - good tradeoff between FP and TP.
+        Use when:
+        - Regular skill scanning
+        - CI/CD pipeline integration
+        - Development workflow
+        """
+        return cls(
+            mode=YaraMode.BALANCED,
+            description="Balanced detection - default mode",
+            unicode_steg=UnicodeStegConfig(
+                zerowidth_threshold_with_decode=50,
+                zerowidth_threshold_alone=200,
+            ),
+            credential_harvesting=CredentialHarvestingConfig(
+                filter_placeholder_patterns=True,
+            ),
+            tool_chaining=ToolChainingConfig(
+                filter_api_documentation=True,
+                filter_generic_http_verbs=True,
+                filter_email_field_mentions=True,
+            ),
+        )
+    @classmethod
+    def permissive(cls) -> "YaraModeConfig":
+        """
+        PERMISSIVE mode: Minimize false positives.
+        Use when:
+        - Scanning trusted/internal skills
+        - High FP rate is disrupting workflow
+        - Focus on critical threats only
+        """
+        return cls(
+            mode=YaraMode.PERMISSIVE,
+            description="Minimal false positives - may miss some threats",
+            unicode_steg=UnicodeStegConfig(
+                zerowidth_threshold_with_decode=100,  # Higher threshold
+                zerowidth_threshold_alone=500,
+                detect_line_separators=False,  # Common in some content
+            ),
+            credential_harvesting=CredentialHarvestingConfig(
+                filter_placeholder_patterns=True,
+            ),
+            tool_chaining=ToolChainingConfig(
+                filter_api_documentation=True,
+                filter_generic_http_verbs=True,
+                filter_email_field_mentions=True,
+            ),
+            # Disable noisier rules
+            disabled_rules={
+                "capability_inflation_generic",
+                "indirect_prompt_injection_generic",
+            },
+        )
+    @classmethod
+    def custom(
+        cls,
+        unicode_steg: UnicodeStegConfig | None = None,
+        credential_harvesting: CredentialHarvestingConfig | None = None,
+        tool_chaining: ToolChainingConfig | None = None,
+        enabled_rules: set[str] | None = None,
+        disabled_rules: set[str] | None = None,
+    ) -> "YaraModeConfig":
+        """
+        CUSTOM mode: User-defined configuration.
+        Args:
+            unicode_steg: Unicode steganography config
+            credential_harvesting: Credential harvesting config
+            tool_chaining: Tool chaining config
+            enabled_rules: Set of rule names to enable (empty = all)
+            disabled_rules: Set of rule names to disable
+        """
+        return cls(
+            mode=YaraMode.CUSTOM,
+            description="Custom user-defined configuration",
+            unicode_steg=unicode_steg or UnicodeStegConfig(),
+            credential_harvesting=credential_harvesting or CredentialHarvestingConfig(),
+            tool_chaining=tool_chaining or ToolChainingConfig(),
+            enabled_rules=enabled_rules or set(),
+            disabled_rules=disabled_rules or set(),
+        )
+    @classmethod
+    def from_mode_name(cls, mode_name: str) -> "YaraModeConfig":
+        """Create config from mode name string."""
+        mode_map = {
+            "strict": cls.strict,
+            "balanced": cls.balanced,
+            "permissive": cls.permissive,
+        }
+        if mode_name.lower() in mode_map:
+            return mode_map[mode_name.lower()]()
+        raise ValueError(f"Unknown mode: {mode_name}. Use: strict, balanced, permissive, or custom")
+    def is_rule_enabled(self, rule_name: str) -> bool:
+        """Check if a specific rule is enabled in this mode."""
+        # If enabled_rules is specified, only those are allowed
+        if self.enabled_rules and rule_name not in self.enabled_rules:
+            return False
+        # Check if explicitly disabled
+        if rule_name in self.disabled_rules:
+            return False
+        return True
+    def to_dict(self) -> dict:
+        """Convert config to dictionary for serialization."""
+        return {
+            "mode": self.mode.value,
+            "description": self.description,
+            "unicode_steg": {
+                "zerowidth_threshold_with_decode": self.unicode_steg.zerowidth_threshold_with_decode,
+                "zerowidth_threshold_alone": self.unicode_steg.zerowidth_threshold_alone,
+                "detect_rtl_override": self.unicode_steg.detect_rtl_override,
+                "detect_ltl_override": self.unicode_steg.detect_ltl_override,
+                "detect_line_separators": self.unicode_steg.detect_line_separators,
+                "detect_unicode_tags": self.unicode_steg.detect_unicode_tags,
+                "detect_variation_selectors": self.unicode_steg.detect_variation_selectors,
+            },
+            "credential_harvesting": {
+                "filter_placeholder_patterns": self.credential_harvesting.filter_placeholder_patterns,
+                "detect_ai_api_keys": self.credential_harvesting.detect_ai_api_keys,
+                "detect_aws_keys": self.credential_harvesting.detect_aws_keys,
+                "detect_ssh_keys": self.credential_harvesting.detect_ssh_keys,
+                "detect_env_exfiltration": self.credential_harvesting.detect_env_exfiltration,
+            },
+            "tool_chaining": {
+                "filter_api_documentation": self.tool_chaining.filter_api_documentation,
+                "filter_generic_http_verbs": self.tool_chaining.filter_generic_http_verbs,
+                "filter_email_field_mentions": self.tool_chaining.filter_email_field_mentions,
+                "detect_read_send": self.tool_chaining.detect_read_send,
+                "detect_collect_exfil": self.tool_chaining.detect_collect_exfil,
+                "detect_env_network": self.tool_chaining.detect_env_network,
+            },
+            "enabled_rules": list(self.enabled_rules),
+            "disabled_rules": list(self.disabled_rules),
+        }
+# Default mode
+DEFAULT_YARA_MODE = YaraModeConfig.balanced()
+# Mode descriptions for CLI/API documentation
+MODE_DESCRIPTIONS = {
+    "strict": """
+STRICT Mode - Maximum Security
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+• Lower detection thresholds
+• Minimal post-processing filters
+• Flags more potential threats
+• Higher false positive rate acceptable
+Use for: Untrusted skills, security audits, compliance
+""",
+    "balanced": """
+BALANCED Mode - Default
+━━━━━━━━━━━━━━━━━━━━━━━
+• Moderate detection thresholds
+• Context-aware post-processing
+• Good tradeoff between FP and TP
+• Suitable for most use cases
+Use for: Regular scanning, CI/CD, development
+""",
+    "permissive": """
+PERMISSIVE Mode - Minimal False Positives
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+• Higher detection thresholds
+• Aggressive filtering
+• Focus on critical threats only
+• May miss some edge-case threats
+Use for: Trusted skills, high FP disruption
+""",
+}

skill_scanner/core/analyzers/llm_analyzer.py CHANGED Viewed

@@ -277,12 +277,12 @@ class LLMAnalyzer(BaseAnalyzer):
 When selecting AITech codes for findings, use these mappings:
 - AITech-1.1: Direct prompt injection in SKILL.md (jailbreak, instruction override)
-- AITech-1.2: Indirect prompt injection (transitive trust, following untrusted content)
-- AITech-2.1: Social engineering (deceptive descriptions/metadata)
+- AITech-1.2: Indirect prompt injection - instruction manipulation (embedding malicious instructions in external sources)
+- AITech-4.3: Protocol manipulation - capability inflation (skill discovery abuse, keyword baiting, over-broad claims)
 - AITech-8.2: Data exfiltration/exposure (unauthorized access, credential theft, hardcoded secrets)
 - AITech-9.1: Model/agentic manipulation (command injection, code injection, SQL injection, obfuscation)
 - AITech-12.1: Tool exploitation (tool poisoning, shadowing, unauthorized use)
-- AITech-13.3: Availability disruption (resource abuse, DoS, infinite loops)
+- AITech-13.1: Disruption of Availability (resource abuse, DoS, infinite loops) - AISubtech-13.1.1: Compute Exhaustion
 - AITech-15.1: Harmful/misleading content (deceptive content, misinformation)
 The structured output schema will enforce these exact codes.""",

cisco-ai-skill-scanner 1.0.1__py3-none-any.whl → 1.0.2__py3-none-any.whl

cisco-ai-skill-scanner 1.0.1py3-none-any.whl → 1.0.2py3-none-any.whl