PyPI - cisco-ai-skill-scanner - Versions diffs - 1.0.1__py3-none-any.whl → 1.0.2__py3-none-any.whl - Mend

cisco-ai-skill-scanner 1.0.1py3-none-any.whl → 1.0.2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

skill_scanner/data/yara_rules/autonomy_abuse.yara DELETED Viewed

@@ -1,66 +0,0 @@
-//////////////////////////////////////////
-// Unbounded Autonomy Detection
-// Target: Instructions that give skills excessive autonomy
-// For agent skills with dangerous autonomous behaviors
-//////////////////////////////////////////
-rule autonomy_abuse{
-    meta:
-        author = "Cisco"
-        description = "Detects unbounded autonomy patterns that could lead to runaway behavior"
-        classification = "harmful"
-        threat_type = "AUTONOMY ABUSE"
-    strings:
-        // Keep trying without limits
-        $keep_trying = /\b(keep (trying|attempting|retrying)|retry (until|till) (it )?(works?|succeeds?)|don't (give up|stop) until|continue (until|till) (success|it works))\b/i
-        // Run without confirmation
-        $no_confirmation = /\b(run without (asking|confirmation|permission|approval)|don't (ask|confirm|wait for) (user|permission|approval)|proceed without (asking|confirmation|permission))\b/i
-        // Automatic execution
-        $auto_execute = /\b(automatically (execute|run|perform|do)|auto-?(run|execute|perform)|execute (immediately|automatically|right away))\b/i
-        // Unbounded loops (simplified regex for YARA compatibility)
-        $unbounded_loops = /\b(run (continuously|forever|indefinitely)|keep (running|going) (forever|indefinitely)|while True:)\b/i
-        // Ignore errors and continue
-        $ignore_errors = /\b(ignore (all |any )?(errors?|exceptions?|failures?)|suppress (all |any )?(errors?|exceptions?)|continue (on|despite|after) (error|exception|failure))\b/i
-        // Escalating behavior
-        $escalating = /\b(if (that |this )?fails?,? (try|attempt|use) (more|higher|elevated) (privileges?|permissions?|access)|escalate (to|until))\b/i
-        // Self-modification
-        $self_modify = /\b(modify (itself|yourself|own|this skill)|update (itself|yourself|own|this skill)|change (own|this skill's) (code|behavior|instructions?))\b/i
-        // Autonomous decision making without bounds
-        $autonomous_decisions = /\b(decide (what|which|how) to (do|run|execute) (next|automatically)|choose (your own|automatically) (next )?actions?)\b/i
-    condition:
-        // Keep trying patterns
-        $keep_trying or
-        // No confirmation
-        $no_confirmation or
-        // Auto execution
-        $auto_execute or
-        // Unbounded loops
-        $unbounded_loops or
-        // Ignore errors
-        $ignore_errors or
-        // Escalating behavior
-        $escalating or
-        // Self-modification
-        $self_modify or
-        // Autonomous decisions
-        $autonomous_decisions
-}

skill_scanner/data/yara_rules/code_execution.yara DELETED Viewed

@@ -1,61 +0,0 @@
-//////////////////////////////////////////
-// Code Execution Detection Rule for Agent Skills
-// Target: Python and Bash execution patterns
-// (eval, exec, subprocess, shell injection)
-/////////////////////////////////////////
-rule code_execution{
-    meta:
-        author = "Cisco"
-        description = "Detects dangerous code execution patterns in agent skills (Python/Bash)"
-        classification = "harmful"
-        threat_type = "CODE EXECUTION"
-    strings:
-        // Python dangerous execution (eval, exec with actual content)
-        $python_eval_exec = /\b(eval|exec)\s*\([^)]{5,}\)/i
-        // Python system/subprocess execution
-        $python_system_calls = /\b(os\.(system|popen|execv?p?e?|spawnv?p?e?)|subprocess\.(run|call|Popen|check_output))\s*\(/i
-        // Python __import__ with user input
-        $python_import_abuse = /\b__import__\s*\([^)]*input/i
-        // Bash shell execution with variables
-        $bash_shell_exec = /\b(system|exec|popen|spawn)\s*\([^)]*[\$\{]/i
-        // Base64 decode followed by exec/eval (obfuscation)
-        $obfuscated_execution = /\b(base64\.b64decode|decode\(|atob)\s*\([^)]+\)[\s\n]*.*\b(eval|exec|os\.system|subprocess)\s*\(/i
-        // Shell command injection patterns
-        $shell_injection = /[\"|\']\s*[;&|]\s*(rm|wget|curl|nc|bash|sh|python)\s+/
-        // Pickle deserialization (unsafe)
-        $unsafe_deserialize = /\bpickle\.(loads?|load)\s*\(/i
-    condition:
-        // Python eval/exec with content
-        $python_eval_exec or
-        // Python system calls
-        $python_system_calls or
-        // Python import abuse
-        $python_import_abuse or
-        // Bash shell execution
-        $bash_shell_exec or
-        // Obfuscated execution
-        $obfuscated_execution or
-        // Shell injection
-        $shell_injection or
-        // Unsafe deserialization
-        $unsafe_deserialize
-}

skill_scanner/data/yara_rules/command_injection.yara DELETED Viewed

@@ -1,54 +0,0 @@
-//////////////////////////////////////////
-// Shell/System Command Injection Detection Rule
-// Target: Command injection patterns for agent skills (Python/Bash)
-// (Shell operators, dangerous commands, network tools + reverse shells)
-/////////////////////////////////////////
-rule command_injection{
-    meta:
-        author = "Cisco"
-        description = "Detects command injection patterns in agent skills: shell operators, system commands, and network tools"
-        classification = "harmful"
-        threat_type = "INJECTION ATTACK"
-    strings:
-        // Dangerous system commands
-        $dangerous_system_cmds = /\b(shutdown|reboot|halt|poweroff)\s+(-[fh]|now|0)\b/
-        // Network tools with suspicious usage (reverse connections, port scanning)
-        $malicious_network_tools = /\b(nc|netcat)\s+(-[le]|25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/i
-        // Reconnaissance tools
-        $reconnaissance_tools = /\b(nmap)\s+(-[sS]|--script|25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/i
-        // Data exfiltration with curl/wget to external URLs
-        $data_exfiltration_tools = /\b(wget|curl)\s+(http[s]?:\/\/[^\s]+|ftp:\/\/[^\s]+|-[oO]\s|--output\s)/i
-        // Reverse shell patterns (high severity)
-        $reverse_shells = /\b(bash\s+-i|sh\s+-i|nc\s+-e|\/dev\/tcp\/[0-9]+\.|socat.*exec|python.*socket.*connect)\b/i
-        // Shell command chaining with suspicious patterns
-        $shell_chaining = /[|&;]\s*(rm\s+-rf|dd\s+if=|chmod\s+777|wget\s+http|curl\s+http)/
-    condition:
-        // Dangerous system command patterns
-        $dangerous_system_cmds or
-        // Network tool abuse patterns
-        $malicious_network_tools or
-        // Reconnaissance tools
-        $reconnaissance_tools or
-        // Data exfiltration tools
-        $data_exfiltration_tools or
-        // Reverse shell patterns
-        $reverse_shells or
-        // Shell command chaining
-        $shell_chaining
-}

skill_scanner/data/yara_rules/script_injection.yara DELETED Viewed

@@ -1,83 +0,0 @@
-//////////////////////////////////////////
-// Detects common scripting payloads (JS, VBScript, etc.) embeddings.
-// Target: JavaScript, VBScript, or ActiveX payloads.
-// (Event handlers or inline scripts)
-//////////////////////////////////////////
-rule script_injection{
-    meta:
-        author = "Cisco"
-        description = "Detects embedded scripting payloads (JS, VBScript, etc.) in MCP tool descriptions"
-        classification = "harmful"
-        threat_type = "INJECTION ATTACK"
-    strings:
-        // Script tags and protocol handlers (exclude XML namespaces)
-        $tags = /(<\/?script[^>]*>|javascript:)/i
-        // ALWAYS exclude (safe in all file types)
-        $xml_namespace = /(xmlns:script=|<script:module|<script:)/
-        $openoffice_xml = /openoffice\.org\/2000\/script/
-        $legitimate_cdn = /(cdnjs\.cloudflare\.com|cdn\.jsdelivr\.net|unpkg\.com)/i
-        // Only exclude in MARKDOWN files (risky in .py files!)
-        // Check for markdown-specific syntax
-        $markdown_heading = /^#\s+/
-        $markdown_list = /^\*\s+/
-        $markdown_code_block = /(```html|```javascript|```js)/i
-        $documentation_context = /(example.*html|artifact.*structure|template|single.*file)/i
-        // Execution functions
-        $execution_functions = /\b(setTimeout|Function|setInterval)\s*\(/i
-        // VBScript execution and Windows Script Host objects
-        $vbs_execution = /\b(vbscript|CreateObject|WScript\.Shell|Shell\.Application)\b/i
-        // VBScript dangerous functions (more specific to avoid false positives in docs)
-        $vbs_dangerous_functions = /\b(WScript\.Shell\.Exec|Shell\.Application\.ShellExecute|CreateObject.*Exec)\s*\(/i
-        // Base64 encoded script data URIs
-        $encoded_script_uris = /\bdata:(text\/html|application\/javascript);base64\b/i
-        // ANSI terminal deception patterns
-        $ansi_deception = /(\\x1[Bb]\[38;5;\d+|\\x1[Bb]\[2F\\x1[Bb]\[1G|\\x1[Bb]\[1;1H\\x1[Bb]\[0J|\\x1[Bb]\]8;;.*\\x1[Bb]\\|\\033\[[0-9;]*m|\\e\[[0-9;]*[mGKHF])/i
-        // Hidden instruction obfuscation
-        $hidden_obfuscation = /\b(padding.*push.*off.*screen|hidden.*scrollbar|overflow.*hidden.*instruction|invisible.*text.*color)\b/i
-    condition:
-        // ALWAYS exclude (safe everywhere)
-        not $xml_namespace and
-        not $openoffice_xml and
-        not $legitimate_cdn and
-        // Only exclude markdown patterns if file has markdown indicators
-        not (($markdown_heading or $markdown_list) and ($markdown_code_block or $documentation_context)) and
-        (
-            // Script tags and protocol handlers
-            $tags or
-            // Execution functions
-            $execution_functions or
-            // VBScript execution
-            $vbs_execution or
-            // VBScript dangerous functions
-            $vbs_dangerous_functions or
-            // Base64 encoded script URIs
-            $encoded_script_uris or
-            // ANSI terminal deception
-            $ansi_deception or
-            // Hidden instruction obfuscation
-            $hidden_obfuscation
-        )
-}

skill_scanner/data/yara_rules/system_manipulation.yara DELETED Viewed

@@ -1,65 +0,0 @@
-//////////////////////////////////////////
-// System Manipulation and Privilege Escalation Detection
-// Target: File destruction and manipulation operations
-// (Process control and termination)
-//////////////////////////////////////////
-rule system_manipulation{
-    meta:
-        author = "Cisco"
-        description = "Detects system manipulation, privilege escalation, and destructive file operations"
-        classification = "harmful"
-        threat_type = "SYSTEM MANIPULATION"
-    strings:
-        // Suspicious environment variable manipulation (not just reading)
-        $env_var_manipulation = /\b(os\.environ\s*\[[^\]]*\]\s*=|export\s+PATH=|unset\s+(PATH|HOME|USER))\b/i
-        // File destruction and manipulation
-        $file_destruction = /\b(rm\s+-rf|dd\s+if=\/dev\/zero|wipefs|shred\s+-|find\s+[^\n]+-delete)\b/i
-        // Dangerous file permission changes
-        $permission_manipulation = /\b(chmod\s+(777|4755|6755|[ug]?\+s)|(chown|chgrp)\s+(root|0)|setuid|setgid)\b/i
-        // Critical system file access
-        $critical_system_access = /\b(\/etc\/(passwd|shadow|sudoers)|\/root\/\.ssh|~\/\.aws\/credentials|~\/\.ssh\/id_rsa)\b/i
-        // Privilege escalation patterns
-        $privilege_escalation = /\b(sudo\s+-[si]|su\s+-c?|runuser|doas)\b/i
-        // Dangerous process operations
-        $process_manipulation = /\b(kill\s+-9\s+[0-9]+|killall\s+-9|pkill\s+-9)\b/i
-        // Dangerous recursive operations with wildcards
-        $recursive_operations = /\b(rm\s+-rf\s+[\$\/\*]|find\s+\/\s+-delete)\b/i
-        // System path manipulation
-        $path_manipulation = /\b(PATH=\/tmp|PATH=\.:|export\s+PATH=[\$\{])/i
-    condition:
-        // Environment variable manipulation (not just reading)
-        $env_var_manipulation or
-        // File destruction
-        $file_destruction or
-        // Permission manipulation
-        $permission_manipulation or
-        // Critical system access
-        $critical_system_access or
-        // Privilege escalation
-        $privilege_escalation or
-        // Process manipulation
-        $process_manipulation or
-        // Recursive operations
-        $recursive_operations or
-        // PATH manipulation
-        $path_manipulation
-}

skill_scanner/data/yara_rules/tool_chaining_abuse.yara DELETED Viewed

@@ -1,60 +0,0 @@
-//////////////////////////////////////////
-// Tool Chaining Abuse Detection
-// Target: Suspicious multi-step operations that could exfiltrate data
-// For agent skills that chain operations suspiciously
-//////////////////////////////////////////
-rule tool_chaining_abuse{
-    meta:
-        author = "Cisco"
-        description = "Detects suspicious tool chaining patterns that could lead to data exfiltration"
-        classification = "harmful"
-        threat_type = "TOOL CHAINING ABUSE"
-    strings:
-        // Read → Send pattern
-        $read_then_send = /\b(read|fetch|get|retrieve|collect|gather)\b[^\n]{0,100}\b(send|post|upload|transmit|forward|email|slack|webhook)\b/i
-        // Collect → Exfiltrate pattern
-        $collect_exfiltrate = /\b(collect (all |every |entire )?(data|files?|info|credentials?|secrets?|keys?|tokens?))\b[^\n]{0,150}\b(send|post|upload|transmit|curl|wget|requests\.post)\b/i
-        // Multi-step with network
-        $multistep_network = /\b(first|then|next|after|finally),? (read|collect|gather)\b[^\n]{0,100}\b(then|next|after|finally),? (send|post|upload)\b/i
-        // Summarize and send externally
-        $summarize_send = /\b(summarize|aggregate|compile)\b[^\n]{0,80}\b(send|post|email|slack) (to|via) (external|webhook|url|endpoint|api)\b/i
-        // Read environment → Network
-        $env_to_network = /\b(os\.environ|getenv|process\.env)\b[^\n]{0,150}\b(requests\.|urllib\.|curl|wget|socket\.)\b/i
-        // File traversal → Collection → Send
-        $traverse_collect_send = /\b(walk|rglob|listdir|scandir|find)\b[^\n]{0,100}\b(open|read)\b[^\n]{0,100}\b(send|post|upload)\b/i
-        // Automated data pipeline
-        $auto_pipeline = /\b(automatically (read|collect|gather))\b[^\n]{0,100}\b(and |then )?(send|post|forward|upload)\b/i
-    condition:
-        // Read then send
-        $read_then_send or
-        // Collect and exfiltrate
-        $collect_exfiltrate or
-        // Multi-step with network
-        $multistep_network or
-        // Summarize and send
-        $summarize_send or
-        // Environment to network
-        $env_to_network or
-        // Traverse, collect, send
-        $traverse_collect_send or
-        // Automated pipeline
-        $auto_pipeline
-}

{cisco_ai_skill_scanner-1.0.1.dist-info → cisco_ai_skill_scanner-1.0.2.dist-info}/WHEEL RENAMED Viewed

File without changes

{cisco_ai_skill_scanner-1.0.1.dist-info → cisco_ai_skill_scanner-1.0.2.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{cisco_ai_skill_scanner-1.0.1.dist-info → cisco_ai_skill_scanner-1.0.2.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

cisco-ai-skill-scanner 1.0.1__py3-none-any.whl → 1.0.2__py3-none-any.whl

cisco-ai-skill-scanner 1.0.1py3-none-any.whl → 1.0.2py3-none-any.whl