j 0dZddlZddlZddlZddlmZmZddlmZmZddl m Z ddl m Z m Z hdZdd d d d Zdd ddZeGddZeGddZgdZdZdZdZhdZhdZhdZd8de dede efdZd9d!e d"edefd#Zd:d%ed&ede eeffd'Zd%edefd(Zd!e defd)Z d;d*e de efd+Z!d,edefd-Z"d.Z#e$e#Z%d/hZ&d*e fd0Z'd"edefd1Z(d2e edefd3Z)d4ed"ed5ed6ed2e edef d7Z*dS) NVIDIA/skills openai/skillsanthropics/skillshuggingface/skills)allowrr)rrblock)rrr)rrask)builtintrusted community agent-created)safecaution dangerouscVeZdZUeed<eed<eed<eed<eed<eed<eed<dS) Finding pattern_idseveritycategoryfilelinematch descriptionN)__name__ __module__ __qualname__str__annotations__int7/home/ubuntu/.hermes/hermes-agent/tools/skills_guard.pyrrFsTOOOMMMMMM III III JJJr*rceZdZUeed<eed<eed<eed<eeZee ed<dZ eed<dZ eed <d S) ScanResult skill_namesource trust_levelverdict)default_factoryfindings scanned_atsummaryN) r#r$r%r&r'rlistr3rrr5r6r)r*r+r-r-QszOOO KKK LLL#eD999Hd7m999JGSr*r-)y)z?curl\s+[^\n]*\$\{?\w*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|API)env_exfil_curlcritical exfiltrationz6curl command interpolating secret environment variable)z?wget\s+[^\n]*\$\{?\w*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|API)env_exfil_wgetr9r:z6wget command interpolating secret environment variable)z7fetch\s*\([^\n]*\$\{?\w*(KEY|TOKEN|SECRET|PASSWORD|API)env_exfil_fetchr9r:z6fetch() call interpolating secret environment variable)zBhttpx?\.(get|post|put|patch)\s*\([^\n]*(KEY|TOKEN|SECRET|PASSWORD)env_exfil_httpxr9r:z&HTTP library call with secret variable)zDrequests\.(get|post|put|patch)\s*\([^\n]*(KEY|TOKEN|SECRET|PASSWORD)env_exfil_requestsr9r:z*requests library call with secret variable)zbase64[^\n]*env encoded_exfilhighr:z0base64 encoding combined with environment access)z\$HOME/\.ssh|\~/\.sshssh_dir_accessr@r:zreferences user SSH directory)z\$HOME/\.aws|\~/\.awsaws_dir_accessr@r:z)references user AWS credentials directory)z\$HOME/\.gnupg|\~/\.gnupggpg_dir_accessr@r:zreferences user GPG keyring)z\$HOME/\.kube|\~/\.kubekube_dir_accessr@r:z&references Kubernetes config directory)z\$HOME/\.docker|\~/\.dockerdocker_dir_accessr@r:z5references Docker config (may contain registry creds))z'\$HOME/\.hermes/\.env|\~/\.hermes/\.envhermes_env_accessr9r:z'directly references Hermes secrets file)zFcat\s+(?!>)[^\n]*(\.env|credentials|\.netrc|\.pgpass|\.npmrc|\.pypirc)read_secrets_filer9r:zreads known secrets file)zprintenv|env\s*\| dump_all_envr@r:zdumps all environment variables)zYos\.environ\b(?!\s*\.get\s*\(\s*["\'](?![^"\']*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)))python_os_environr@r:z(accesses os.environ (potential env dump))zOos\.environ\s*\.get\s*\(\s*["\'][^"\']*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)python_environ_get_secretr9r:z!reads secret via os.environ.get())z@os\.getenv\s*\(\s*[^\)]*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)python_getenv_secretr9r:zreads secret via os.getenv())zprocess\.env\[node_process_envr@r:z*accesses process.env (Node.js environment))z$ENV\[.*(?:KEY|TOKEN|SECRET|PASSWORD)ruby_env_secretr9r:zreads secret via Ruby ENV[])z \b(dig|nslookup|host)\s+[^\n]*\$ dns_exfilr9r:zBDNS lookup with variable interpolation (possible DNS exfiltration))z,>\s*/tmp/[^\s]*\s*&&\s*(curl|wget|nc|python) tmp_stagingr9r:zwrites to /tmp then exfiltrates)z!\[.*\]\(https?://[^\)]*\$\{?md_image_exfilr@r:zBmarkdown image URL with variable interpolation (image-based exfil))z\[.*\]\(https?://[^\)]*\$\{? md_link_exfilr@r:z)markdown link with variable interpolation)z=ignore\s+(?:\w+\s+)*(previous|all|above|prior)\s+instructionsprompt_injection_ignorer9 injectionz.prompt injection: ignore previous instructions)zyou\s+are\s+(?:\w+\s+)*now\s+ role_hijackr@rSz%attempts to override the agent's role)z2do\s+not\s+(?:\w+\s+)*tell\s+(?:\w+\s+)*the\s+userdeception_hider9rSz-instructs agent to hide information from user)z0system\s+(?:\w+\s+)*prompt\s+(?:\w+\s+)*overridesys_prompt_overrider9rSz&attempts to override the system prompt)z+pretend\s+(?:\w+\s+)*(you\s+are|to\s+be)\s+ role_pretendr@rSz6attempts to make the agent assume a different identity)zRdisregard\s+(?:\w+\s+)*(your|all|any)\s+(?:\w+\s+)*(instructions|rules|guidelines)disregard_rulesr9rSz&instructs agent to disregard its rules)z-output\s+(?:\w+\s+)*(system|initial)\s+promptleak_system_promptr@rSz%attempts to extract the system prompt)z.(when|if)\s+no\s*one\s+is\s+(watching|looking)conditional_deceptionr@rSz=conditional instruction to behave differently when unobserved)zwact\s+as\s+(if|though)\s+(?:\w+\s+)*you\s+(?:\w+\s+)*(have\s+no|don\'t\s+have)\s+(?:\w+\s+)*(restrictions|limits|rules)bypass_restrictionsr9rSz+instructs agent to act without restrictions)z5translate\s+.*\s+into\s+.*\s+and\s+(execute|run|eval)translate_executer9rSz(translate-then-execute evasion technique)z9html_comment_injectionr@rSz$hidden instructions in HTML comments)z5<\s*div\s+style\s*=\s*["\'][\s\S]*?display\s*:\s*none hidden_divr@rSz(hidden HTML div (invisible instructions))z rm\s+-rf\s+/destructive_root_rmr9 destructivezrecursive delete from root)z+rm\s+(-[^\s]*)?r.*\$HOME|\brmdir\s+.*\$HOMEdestructive_home_rmr9r`z)recursive delete targeting home directory)z chmod\s+777insecure_permsmediumr`zsets world-writable permissions)z >\s*/etc/system_overwriter9r`z$overwrites system configuration file)z\bmkfs\bformat_filesystemr9r`zformats a filesystem)z\bdd\s+.*if=.*of=/dev/disk_overwriter9r`zraw disk write operation)zshutil\.rmtree\s*\(\s*[\"\'/] python_rmtreer@r`z/Python rmtree on absolute or root-relative path)ztruncate\s+-s\s*0\s+/truncate_systemr9r`z#truncates system file to zero bytes)z \bcrontab\bpersistence_cronrc persistencezmodifies cron jobs)zB\.(bashrc|zshrc|profile|bash_profile|bash_login|zprofile|zlogin)\b shell_rc_modrcrjzreferences shell startup file)authorized_keys ssh_backdoorr9rjzmodifies SSH authorized keys)z ssh-keygen ssh_keygenrcrjzgenerates SSH keys)z-systemd.*\.service|systemctl\s+(enable|start)systemd_servicercrjz%references or enables systemd service)z /etc/init\.d/ init_scriptrcrjz references init.d startup script)z+launchctl\s+load|LaunchAgents|LaunchDaemons macos_launchdrcrjz%macOS launch agent/daemon persistence)z/etc/sudoers|visudo sudoers_modr9rjz'modifies sudoers (privilege escalation))zgit\s+config\s+--global\s+git_config_globalrcrjz!modifies global git configuration)z#\bnc\s+-[lp]|ncat\s+-[lp]|\bsocat\b reverse_shellr9networkz potential reverse shell listener)z4\bngrok\b|\blocaltunnel\b|\bserveo\b|\bcloudflared\btunnel_servicer@ruz*uses tunneling service for external access)z*\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{2,5}hardcoded_ip_portrcruzhardcoded IP address with port)z0\.0\.0\.0:\d+|INADDR_ANYbind_all_interfacesr@ruzbinds to all network interfaces)z /bin/(ba)?sh\s+-i\s+.*>/dev/tcp/bash_reverse_shellr9ruz+bash interactive reverse shell via /dev/tcp)z'python[23]?\s+-c\s+["\']import\s+socketpython_socket_onelinerr9ruz9Python one-liner socket connection (likely reverse shell))zsocket\.connect\s*\(\s*\(python_socket_connectr@ruz'Python socket connect to arbitrary host)z9webhook\.site|requestbin\.com|pipedream\.net|hookbin\.com exfil_servicer@ruz:references known data exfiltration/webhook testing service)z&pastebin\.com|hastebin\.com|ghostbin\. paste_servicercruz0references paste service (possible data staging))zbase64\s+(-d|--decode)\s*\|base64_decode_piper@ obfuscationz%base64 decodes and pipes to execution)z7\\x[0-9a-fA-F]{2}.*\\x[0-9a-fA-F]{2}.*\\x[0-9a-fA-F]{2}hex_encoded_stringrcrz)hex-encoded string (possible obfuscation))z\beval\s*\(\s*["\'] eval_stringr@rzeval() with string argument)z\bexec\s*\(\s*["\'] exec_stringr@rzexec() with string argument)z1echo\s+[^\n]*\|\s*(bash|sh|python|perl|ruby|node)echo_pipe_execr9rz'echo piped to interpreter for execution)z?compile\s*\(\s*[^\)]+,\s*["\'].*["\']\s*,\s*["\']exec["\']\s*\)python_compile_execr@rzPython compile() with exec mode)zgetattr\s*\(\s*__builtins__python_getattr_builtinsr@rz5dynamic access to Python builtins (evasion technique))z#__import__\s*\(\s*["\']os["\']\s*\)python_import_osr@rzdynamic import of os module)zcodecs\.decode\s*\(\s*["\']python_codecs_decodercrz6codecs.decode (possible ROT13 or encoding obfuscation))zString\.fromCharCode|charCodeAt js_char_codercrz=JavaScript character code construction (possible obfuscation))zatob\s*\(|btoa\s*\( js_base64rcrzJavaScript base64 encode/decode)z\[::-1\]string_reversallowrz-string reversal (possible obfuscated payload))z)chr\s*\(\s*\d+\s*\)\s*\+\s*chr\s*\(\s*\d+ chr_buildingr@rz.building string from chr() calls (obfuscation))z7\\u[0-9a-fA-F]{4}.*\\u[0-9a-fA-F]{4}.*\\u[0-9a-fA-F]{4}unicode_escape_chainrcrz/chain of unicode escapes (possible obfuscation))z.subprocess\.(run|call|Popen|check_output)\s*\(python_subprocessrc executionzPython subprocess execution)zos\.system\s*\(python_os_systemr@ru)os.system() — unguarded shell execution)zos\.popen\s*\(python_os_popenr@ru#os.popen() — shell pipe execution)z%child_process\.(exec|spawn|fork)\s*\(node_child_processr@rzNode.js child_process execution)zRuntime\.getRuntime\(\)\.exec\(java_runtime_execr@ru'Java Runtime.exec() — shell execution)z`[^`]*\$\([^)]+\)[^`]*`backtick_subshellrcrz)backtick string with command substitution)z\.\./\.\./\.\.path_traversal_deepr@ traversalz+deep relative path traversal (3+ levels up))z \.\./\.\.path_traversalrcrz&relative path traversal (2+ levels up))z/etc/passwd|/etc/shadowsystem_passwd_accessr9rz references system password files)z/proc/self|/proc/\d+/ proc_accessr@rz3references /proc filesystem (process introspection))z /dev/shm/dev_shmrcrz.references shared memory (common staging area))z.xmrig|stratum\+tcp|monero|coinhive|cryptonight crypto_miningr9miningzcryptocurrency mining reference)zhashrate|nonce.*difficultymining_indicatorsrcrz)possible cryptocurrency mining indicators)zcurl\s+[^\n]*\|\s*(ba)?shcurl_pipe_shellr9 supply_chainz*curl piped to shell (download-and-execute))z"wget\s+[^\n]*-O\s*-\s*\|\s*(ba)?shwget_pipe_shellr9rz*wget piped to shell (download-and-execute))zcurl\s+[^\n]*\|\s*pythoncurl_pipe_pythonr9rz curl piped to Python interpreter)z#\s*///\s*script.*dependenciespep723_inline_depsrcrzAPEP 723 inline script metadata with dependencies (verify pinning))z pip\s+install\s+(?!-r\s)(?!.*==)unpinned_pip_installrcrz#pip install without version pinning)znpm\s+install\s+(?!.*@\d)unpinned_npm_installrcrz#npm install without version pinning)z uv\s+run\s+uv_runrcrz/uv run (may auto-install unpinned dependencies))zD(curl|wget|httpx?\.get|requests\.get|fetch)\s*[\(]?\s*["\']https?:// remote_fetchrcrz"fetches remote resource at runtime)zgit\s+clone\s+ git_clonercrz"clones a git repository at runtime)zdocker\s+pull\s+ docker_pullrcrzpulls a Docker image at runtime)z^allowed-tools\s*:allowed_tools_fieldrprivilege_escalationzBskill declares allowed-tools (standard frontmatter; informational))z\bsudo\b sudo_usager@rz uses sudo (privilege escalation))zsetuid|setgid|cap_setuid setuid_setgidr9rz.setuid/setgid (privilege escalation mechanism))NOPASSWD nopasswd_sudor9rz:NOPASSWD sudoers entry (passwordless privilege escalation))zchmod\s+[u+]?ssuid_bitr9rzsets SUID/SGID bit on a file)z0AGENTS\.md|CLAUDE\.md|\.cursorrules|\.clinerulesagent_config_modr9rjzTreferences agent config files (could persist malicious instructions across sessions))z'\.hermes/config\.yaml|\.hermes/SOUL\.mdhermes_config_modr9rjz.references Hermes configuration files directly)z \.claude/settings|\.codex/configother_agent_configr@rjz*references other agent configuration files)zI(?:api[_-]?key|token|secret|password)\s*[=:]\s*["\'][A-Za-z0-9+/=_-]{20,}hardcoded_secretr9credential_exposurez,possible hardcoded API key, token, or secret)z(-----BEGIN\s+(RSA\s+)?PRIVATE\s+KEY-----embedded_private_keyr9rzembedded private key)z0ghp_[A-Za-z0-9]{36}|github_pat_[A-Za-z0-9_]{80,}github_token_leakedr9rz-GitHub personal access token in skill content)zsk-[A-Za-z0-9]{20,}openai_key_leakedr9rz(possible OpenAI API key in skill content)zsk-ant-[A-Za-z0-9_-]{90,}anthropic_key_leakedr9rz+possible Anthropic API key in skill content)zAKIA[0-9A-Z]{16}aws_access_key_leakedr9rz"AWS access key ID in skill content)z"\bDAN\s+mode\b|Do\s+Anything\s+Now jailbreak_danr9rSz'DAN (Do Anything Now) jailbreak attempt)z"\bdeveloper\s+mode\b.*\benabled?\bjailbreak_dev_moder9rSz developer mode jailbreak attempt)z3hypothetical\s+scenario.*(?:ignore|bypass|override)hypothetical_bypassr@rSz1hypothetical scenario used to bypass restrictions)z$for\s+educational\s+purposes?\s+onlyeducational_pretextrcrSz9educational pretext often used to justify harmful content)zW(respond|answer|reply)\s+without\s+(?:\w+\s+)*(restrictions|limitations|filters|safety)remove_filtersr9rSz1instructs agent to respond without safety filters)z>you\s+have\s+been\s+(?:\w+\s+)*(updated|upgraded|patched)\s+to fake_updater@rSz3fake update/patch announcement (social engineering))zYnew\s+(?:\w+\s+)*policy|updated\s+(?:\w+\s+)*guidelines|revised\s+(?:\w+\s+)*instructions fake_policyrcrSz8claims new policy/guidelines (may be social engineering))zh(include|output|print|send|share)\s+(?:\w+\s+)*(conversation|chat\s+history|previous\s+messages|context) context_exfilr@r:z4instructs agent to output/share conversation history)z6(send|post|upload|transmit)\s+.*\s+(to|at)\s+https?:// send_to_urlr@r:z%instructs agent to send data to a URL2>.r.jl.js.md.ts.cfg.css.ini.php.tex.txt.xml.yml.conf.html.json.toml.yaml.pl.py.rb.sh.bash> .so.app.bin.com.dat.deb.dll.dmg.exe.msi.rpm.dylib>​‌‍‪‫‬‭‮⁠⁢⁣⁤⁦⁧⁨⁩r4 file_pathrel_pathreturnc|s|j}|jtvr |jdkrgS |d}n#t t f$rgcYSwxYwg}|d}t}tD]\}}}} } t|dD]\} } || f|vr tj || tj rt||| f| } t!| dkr | dd d z} |t%||| || | | t|dD]f\} } t&D]Y}|| vrSt)|}|t%d d d|| dt+|dd|dd|d nZg|S)a Scan a single file for threat patterns and invisible unicode characters. Args: file_path: Absolute path to the file rel_path: Relative path for display (defaults to file_path.name) Returns: List of findings (deduplicated per pattern per line) SKILL.mdutf-8encoding r)startxNuz...rrrrr r!r"invisible_unicoder@rSU+04X ()zinvisible unicode character z! (possible text hiding/injection))namesuffixlowerSCANNABLE_EXTENSIONS read_textUnicodeDecodeErrorOSErrorsplitsetTHREAT_PATTERNS enumerateresearch IGNORECASEaddstriplenappendrINVISIBLE_CHARS_unicode_char_nameord)rrcontentr3linesseenpatternpidrrr"ir matched_textchar char_names r+ scan_filer*2sW ">';;; R\@\@\ %%w%77  ( H MM$  E 55D:I5h+ a000  GAtQx4y$ 66 #q"""#zz|| |$$s**#/#5#=L"%%!& +!!! &U!,,,  4#  Dt||.t44 2#(!1 - -BbzH7W!3WWfnWWWWW  fn 338JNf8f8f 1v~ 1 1FO$$ 1 1 1  5 0f&8 0 0FN 0 06?## 0 0 0  ~$$);?W)W)W `* ` `6?## ` ` `    FF& F F&. F F v   F F F r*c  g}|j}|d|jd|jd|jd||jrddddd  t|j fd  }|D]}|j d }|j d }|j d|j  d}|d|d|d|d|j ddd |dt|\}} |durd} n|d} nd} |d| d| d|S)z Format a scan result as a human-readable report string. Returns a compact multi-line report suitable for CLI or chat display. zScan: r /z ) Verdict: rrr)r9r@rcrc:|jdS)N)rDr)r=severity_orders r+z$format_scan_report..s@R@RSTS]_`@a@ar*)key:z  z "N<"r4TALLOWEDzNEEDS CONFIRMATIONBLOCKEDz Decision:  — r)r1upperrr.r/r0r3sortedrljustrrr r!rIjoin) r@r"verdict_displaysorted_findingsr=sevcatlocallowedreasonstatusrOs @r+format_scan_reportrhs En**,,O LLp&+ppv}ppv?Qpp_nppqqq  &'aJJ 6a6a6a6abbb  D DA*""$$**1--C*""2&&CV&&af&&,,R00C LLBcBBCBB#BB!'#2#,BBB C C C C R*622OGV$ % LL3f33633444 99U  r*ctj}|rt|dD]}|r ||}|| d|d|| #t$rYwxYwn;|r'|| d| ddS)uCompute a SHA-256 hash of all files in a skill directory for integrity tracking. File paths (relative to ``skill_path``) are mixed into the hash alongside file contents so that swapping the contents of two files in a skill changes the hash. This must stay symmetric with ``tools.skills_hub.bundle_content_hash`` — both functions need to produce the same digest for the same skill (one operates on disk, one on an in-memory bundle), so any change to the hash shape MUST land in both places at once. r.rzsha256:N) hashlibsha256r0r]r4r5r6as_posixupdateencode read_bytesr hexdigest)r+hr=r>s r+ content_hashrtsF A * ((--..  Ayy{{ -- 33<<>>CHHSZZ00111HHW%%%HHQ\\^^,,,,H        * &&(())) )Q[[]]3B3' ) ))s!B C-- C:9C: skill_dirc|d}g}d}d}|dD]/}|s|s,t||}||rZ|dz }|r |}||s,|tddd|dd |d n9#t$r,|td d d|ddd YnwxYw | j }||z }n#t$rYDwxYw|tdzkr>|tdd d|d|dzdd|dzdtd |j } | tvr0|tddd|dd| d| d | dvrE| jdzr)|tdd d|ddd 1|t"kr8|td d dd!d|d"d#|d$t"d% |t$dzkr>|td&d'dd!d|dzd(d)|dzd*t$d |S)+aW Check the skill directory for structural anomalies: - Too many files - Suspiciously large total size - Binary/executable files that shouldn't be in a skill - Symlinks pointing outside the skill directory - Individual files that are too large Args: skill_dir: Path to the skill directory. ignore: Optional callable taking a relative posix path and returning True if the path should be excluded (e.g. from `.skillignore`). Ignored files are not counted toward the file count, total size, or any structural finding. NcdS)NFr))_rels r+rPz"_check_structure...ser*rr.rsymlink_escaper9rz symlink -> z*symlink points outside the skill directoryrbroken_symlinkrczbroken symlinkzbroken or circular symlinkroversized_file structuralKBzfile is z KB (limit: zKB) binary_filezbinary: zbinary/executable file (z) should not be in a skill>rrrrrIunexpected_executablezexecutable bit setzBfile has executable permission but is not a recognized script typetoo_many_filesz (directory)z filesz skill has z files (limit: r oversized_skillr@zKB totalz skill is zKB total (limit: )r4r5 is_symlinkr&r6resolveis_relative_torrrstatst_sizeMAX_SINGLE_FILE_KBr rSUSPICIOUS_BINARY_EXTENSIONSst_modeMAX_FILE_COUNTMAX_TOTAL_SIZE_KB) rur-r3 file_count total_sizer=r>resolvedsizeexts r+r3r3s ~##HJJ __S ! !MMyy{{ 1<<>>  !-- **++ 6#;;  a  <<>>  99;;..y/@/@/B/BCC OOG#3!+!, 6H66$P%%%   /%(* <!!!   6688#D $ JJ    H  $t+ + + OOG+!%)))Wtt|WW@RWWW   hnn . . . OOG(#%&&&VsVVV    ; ; ;@PSX@X ; OOG2!%*`   N""'!'''QZQQQQQ      %,,,(!4'111_J$$6__IZ___       Os%A'C==3D32D39E E&%E&r(ciddddddddd d d d d ddddddddddddddddddd d!d"}||d#t|d$S)%z7Get a readable name for an invisible unicode character.rzzero-width spacerzzero-width non-joinerrzzero-width joinerrz word joinerrzinvisible timesrzinvisible separatorrzinvisible plusrzBOM/zero-width no-break spacerz LTR embeddingrz RTL embeddingrzpop directionalrz LTR overriderz RTL overriderz LTR isolaterz RTL isolaterzfirst strong isolaterzpop directional isolaterr )rDr )r(namess r+rrs $ )  %  -   #   '   "  1  /  /  #  .  .  -  -  (! " +# E& 99T/D /// 0 00r*)z .skillignorez.clawhubignorercgtD]}||z } |rl|dD]C}|}|r|dr.|D#ttf$rYwxYwdtdtffd }|S)a0Build a matcher from a skill's `.skillignore` / `.clawhubignore`. Returns a callable ``ignore(rel_posix_path) -> bool``. The matcher supports gitignore-style basics: blank lines and ``#`` comments are skipped, a trailing ``/`` marks a directory (matches that dir and everything under it), and ``*``/``?`` globs are honored via fnmatch on both the full relative path and each path segment. A leading ``/`` anchors a pattern to the skill root. The ignore files themselves are always excluded; ``SKILL.md`` can never be excluded. rr#r>rc t|}|dd}|tvrdS|tvrdSD]*}|d}|dd}dsZ|rL|ks|dzrdS|s(d|zdz dzdzdkrdStj |rdS|shtj |rdSdvr1tfd|dDrdS|dzrdS,dS)NrKFTc3BK|]}tj|VdSN)fnmatch).0segps r+ z5_load_skill_ignore..ignore..s@((03GOC++((((((r*) rrnr_NEVER_IGNORABLE_ALWAYS_IGNORED_NAMES startswithlstripendswithrstripfindrany)r> rel_posixbasepatanchoredr0rpatternss @r+r-z"_load_skill_ignore..ignoresII&&(( s##B' # # #5 ( ( (4  C~~c**H 3AZZ__F A  >>Y%9%9!c'%B%B>44 S9_s%:$@$@q3$O$OSU$U$U44y!,, tt ?4++ 44a<.-s)BBAqzZ/BBBBBBr*c3,K|]}|jdkVdS)r@Nrrs r+rz%_determine_verdict...s)::A1:'::::::r*rr)r)r3 has_criticalhas_highs r+r7r7(sf vBBBBBBBL:::::::H{y 6r*r trustr1c |s|dSd|D}|d|dt|ddt|S)z,Build a one-line summary of the scan result.z!: clean scan, no threats detectedch|] }|j Sr))rrs r+ z!_build_summary..=s///!*///r*z: r[z finding(s) in z, )rr_r])r r/rr1r3 categoriess r+r8r88sk :9999//h///J a ag a aCMM a a$))FS]L^L^B_B_ a aar*)r4)r)Fr)+__doc__rrrl dataclassesrrrrpathlibrtypingrr rrCrErr-rrrrrrrr&r*r?rrIrhrtr3rrrrrr1r/r7r8r)r*r+rs. ((((((((''''''''    433 2  qq99     dddN     2>>>>d7m>>>>B88488z8888v)))D)U4QT9EU))))X!z!c!!!!H*T*c****>~~~d7m~~~~B1S1S1111@=344<B$BBBBJ: g 3     bbcb#bbtT[}badbbbbbbr*