Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ tmp/
temp/
.skillspector/
.provider-test-missing-keys
.pr-review-work/

# API Keys (never commit!)
.env.local
Expand Down
1 change: 1 addition & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -152,3 +152,4 @@ docker-build:
# Build and smoke test the Docker image
docker-smoke: docker-build
tests/docker/smoke.sh

2 changes: 1 addition & 1 deletion docs/B.3.1-mcp-least-privilege.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# B.3.1: MCP Least-Privilege Analysis (LP1 -- LP4)

**Author:** Nir Paz | **Date:** 2026-03-30 | **Status:** Implemented
**Author:** Nir Paz | **Date:** 2026-03-30 | **Status:** Implemented
**Component:** `src/skillspector/nodes/analyzers/mcp_least_privilege.py`

---
Expand Down
2 changes: 1 addition & 1 deletion docs/B.3.2-mcp-tool-poisoning.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# B.3.2: MCP Tool-Poisoning Detection (TP1 -- TP4)

**Author:** Nir Paz | **Date:** 2026-03-30 | **Status:** Implemented
**Author:** Nir Paz | **Date:** 2026-03-30 | **Status:** Implemented
**Component:** `src/skillspector/nodes/analyzers/mcp_tool_poisoning.py`

---
Expand Down
2 changes: 1 addition & 1 deletion docs/SC4-osv-live-vulnerability-lookups.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# SC4: Live Vulnerability Lookups via OSV.dev

**Author:** Nraghavan | **Date:** 2026-03-17 | **Status:** Implemented
**Author:** Nraghavan | **Date:** 2026-03-17 | **Status:** Implemented
**Component:** `static_patterns_supply_chain.py` (SC4 rule), `osv_client.py`

---
Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "hatchling.build"

[project]
name = "skillspector"
version = "2.3.7"
version = "2.3.9"
description = "SkillSpector: Security scanner for AI agent skills (Claude Code, Cursor, and similar). Scans skills for vulnerabilities, malicious patterns, and security risks before installation. Supports Git repos, URLs, zips, and local directories; runs static pattern checks and optional LLM semantic analysis; outputs terminal, JSON, and Markdown reports with risk scoring."
readme = "README.md"
license = "Apache-2.0"
Expand Down
2 changes: 1 addition & 1 deletion src/skillspector/nodes/analyzers/mcp_least_privilege.py
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,7 @@ def node(state: SkillspectorState) -> AnalyzerNodeResponse:
)

# --- LP4: Over-declared permissions (only when permissions field is set) ---
for perm in (permissions or []):
for perm in permissions or []:
perm_lower = perm.strip().lower()
# Skip wildcard entries themselves
if perm_lower in _WILDCARD_PERMS:
Expand Down
1 change: 1 addition & 0 deletions tests/integration/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,4 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

1 change: 1 addition & 0 deletions tests/unit/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,4 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

123 changes: 121 additions & 2 deletions uv.lock

Large diffs are not rendered by default.

Loading