smilinTux/sksecurity
2
0
Fork 0
mirror of https://github.com/smilinTux/sksecurity.git synced 2026-04-21 11:42:59 +00:00
Code Issues Projects Releases Packages Wiki Activity
🛡️ The only security solution AI agents need
36 commits 1 branch 3 tags 688 KiB
Find a file
Exact
Lumina 465dd0a703 feat(v1.2.3): cross-platform skenvPath(), security hardening updates 
- Extract skenvPath() helper for Windows/Unix PATH construction
- README, config, install script improvements
- Intelligence and threat update script hardening
- Integrity manifest and community threats directory
- Marketing and docs additions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 12:17:09 -04:00
.github/workflows ci: fix publish workflow — move hashFiles to step level 2026-03-03 17:41:43 -05:00
assets feat: real-time dashboard with live API endpoints 2026-02-27 16:07:44 -05:00
bin Add npm package @smilintux/sksecurity 2026-02-23 12:03:48 -05:00
community-threats feat(v1.2.3): cross-platform skenvPath(), security hardening updates 2026-03-18 12:17:09 -04:00
dist Add Windows compatibility across security scripts 2026-02-23 13:54:52 -05:00
docker feat(v1.2.3): cross-platform skenvPath(), security hardening updates 2026-03-18 12:17:09 -04:00
docs feat(v1.2.3): cross-platform skenvPath(), security hardening updates 2026-03-18 12:17:09 -04:00
marketing feat(v1.2.3): cross-platform skenvPath(), security hardening updates 2026-03-18 12:17:09 -04:00
openclaw-plugin feat(v1.2.3): cross-platform skenvPath(), security hardening updates 2026-03-18 12:17:09 -04:00
references feat(v1.2.3): cross-platform skenvPath(), security hardening updates 2026-03-18 12:17:09 -04:00
scripts feat(v1.2.3): cross-platform skenvPath(), security hardening updates 2026-03-18 12:17:09 -04:00
sksecurity feat(v1.2.3): cross-platform skenvPath(), security hardening updates 2026-03-18 12:17:09 -04:00
tests feat: sprint 5 — MCP entry point, metadata standardization 2026-03-04 01:44:39 -05:00
.env.example feat: add skill.yaml, publish workflows, and npm support 2026-03-04 01:44:39 -05:00
.gitignore feat: add skill.yaml, publish workflows, and npm support 2026-03-04 01:44:39 -05:00
ai_remediation_engine.py feat: add skill.yaml, publish workflows, and npm support 2026-03-04 01:44:39 -05:00
AI_REMEDIATION_EXPLAINED.md 🚀 REVOLUTIONARY BREAKTHROUGH: World's First Conversational AI Security Platform 2026-02-16 03:13:37 -05:00
CONVERSATIONAL_BUG_FIXED.md feat: add skill.yaml, publish workflows, and npm support 2026-03-04 01:44:39 -05:00
conversational_handler.py feat: add skill.yaml, publish workflows, and npm support 2026-03-04 01:44:39 -05:00
dashboard.html feat: add skill.yaml, publish workflows, and npm support 2026-03-04 01:44:39 -05:00
demo_vulnerable.py 🚀 REVOLUTIONARY BREAKTHROUGH: World's First Conversational AI Security Platform 2026-02-16 03:13:37 -05:00
demo_vulnerable.py.backup.20260216_024836 🚀 REVOLUTIONARY BREAKTHROUGH: World's First Conversational AI Security Platform 2026-02-16 03:13:37 -05:00
DNS_STATUS.md 🚨 DNS FIX: Replace Non-Working Domain References with GitHub URLs 2026-02-16 03:33:41 -05:00
docker-compose.yml 🚀 SKSecurity Enterprise v1.0.0 - Revolutionary AI-First Security 2026-02-16 02:24:02 -05:00
index.d.ts Add npm package @smilintux/sksecurity 2026-02-23 12:03:48 -05:00
index.html 🏗️ CLEAN ARCHITECTURE: Remove Soul Blueprints from SKSecurity 2026-02-16 04:19:29 -05:00
index.js Add Windows compatibility across security scripts 2026-02-23 13:54:52 -05:00
install.sh feat(v1.2.3): cross-platform skenvPath(), security hardening updates 2026-03-18 12:17:09 -04:00
INSTALLATION_STATUS.md 📋 INSTALLATION STATUS: Clarify What's Working Now vs Coming Soon 2026-02-16 03:31:29 -05:00
INTEGRITY_MANIFEST.json feat(v1.2.3): cross-platform skenvPath(), security hardening updates 2026-03-18 12:17:09 -04:00
LICENSE Add missing modules: intelligence, database, config, monitor, quarantine; fix dashboard imports 2026-02-19 23:05:52 -05:00
MISSION.md docs: add MISSION.md 2026-03-06 12:21:19 -05:00
package.json Add npm package @smilintux/sksecurity 2026-02-23 12:03:48 -05:00
pyproject.toml feat: enhance YAML frontmatter with clawdbot metadata and SKILL.md package data 2026-03-04 06:56:21 -05:00
README.md feat(v1.2.3): cross-platform skenvPath(), security hardening updates 2026-03-18 12:17:09 -04:00
requirements.txt feat: sprint 4 — lazy-import Flask, wire skpdf for PDF audit reports 2026-03-04 01:44:39 -05:00
REVOLUTIONARY_BREAKTHROUGH.md 🔧 URL FIXES: Replace All Broken Domain References with GitHub URLs 2026-02-16 03:35:58 -05:00
setup.py feat: add skill.yaml, publish workflows, and npm support 2026-03-04 01:44:39 -05:00
SKILL.md feat: enhance YAML frontmatter with clawdbot metadata and SKILL.md package data 2026-03-04 06:56:21 -05:00
skill.yaml feat: add skill.yaml, publish workflows, and npm support 2026-03-04 01:44:39 -05:00
test_vulnerable_code.py 🚀 REVOLUTIONARY BREAKTHROUGH: World's First Conversational AI Security Platform 2026-02-16 03:13:37 -05:00
test_vulnerable_code.py.backup.20260216_024723 🚀 REVOLUTIONARY BREAKTHROUGH: World's First Conversational AI Security Platform 2026-02-16 03:13:37 -05:00
WHY_SKSECURITY_IS_PIONEERING.md 📋 INSTALLATION STATUS: Clarify What's Working Now vs Coming Soon 2026-02-16 03:31:29 -05:00

README.md

SKSecurity

PyPI version npm version License: GPL-3.0-or-later Python

Enterprise-grade security for AI agent ecosystems — threat scanning, secret detection, email/input screening, a sovereign KMS, real-time monitoring, an MCP server for Claude integration, and a web dashboard, all in a single package that works from the CLI, as a Python library, or as a Node.js wrapper.

Install

# Python
pip install sksecurity

# Python + web dashboard
pip install "sksecurity[web]"

# Node.js wrapper
npm install @smilintux/sksecurity

Architecture

flowchart TD
    CLI["sksecurity CLI\n(cli.py)"]
    MCP["MCP Server\n(mcp_server.py)"]
    DASH["Web Dashboard\n(dashboard.py / Flask)"]
    API["Python API\n(__init__.py)"]

    CLI --> CORE
    MCP --> CORE
    DASH --> CORE
    API --> CORE

    subgraph CORE ["Core Engine"]
        SCAN["SecurityScanner\n(scanner.py)"]
        GUARD["SecretGuard\n(secret_guard.py)"]
        SCREEN["EmailScreener\n(email_screener.py)"]
        INTEL["ThreatIntelligence\n(intelligence.py)"]
        KMS["KMS\n(kms.py)"]
        MON["RuntimeMonitor\n(monitor.py)"]
        QUAR["QuarantineManager\n(quarantine.py)"]
        TRUTH["TruthEngine\n(truth_engine.py)"]
    end

    SCAN -->|"patterns + heuristics"| INTEL
    SCAN -->|"risky files"| QUAR
    GUARD -->|"secret findings"| DB
    SCREEN -->|"verdicts"| DB
    MON -->|"system events"| DB
    KMS -->|"audit entries"| DB
    TRUTH -->|"verify results"| SCAN
    TRUTH -->|"verify results"| SCREEN

    DB[("SecurityDatabase\nSQLite3\n(database.py)")]
    PDF["PDF Report\n(pdf_report.py)"]
    AI["AI Client\n(ai_client.py / Ollama)"]

    DB --> PDF
    SCAN --> AI
    SCREEN --> AI
    GUARD --> AI

    CONFIG["SecurityConfig\n(config.py / YAML)"]
    CONFIG --> CORE

Features

  • Multi-layer threat scanning — pattern matching, heuristic analysis, obfuscation detection, entropy scoring, and risk-weighted recommendations across files and directories
  • Secret detection — 14 built-in patterns (AWS, GitHub, npm, OpenAI, Slack, Stripe, private keys, JWT, database URLs, and more) with test-context false-positive reduction
  • Email / input screening — detect prompt injection, phishing, credential leaks, malicious links, social engineering, and malware payloads before content reaches an AI model
  • Threat intelligence — built-in IOC library (code injection, command injection, secrets, RCE, deserialization) plus configurable external sources (Moltbook, Community)
  • Sovereign KMS — hierarchical key management (Master → Team → Agent → DEK) with AES-256-GCM wrapping, HKDF-SHA256 derivation, seal/unseal, key rotation, and immutable audit logs
  • Quarantine manager — isolate, restore, or permanently delete flagged files with SHA256 integrity hashing and persistent JSON records
  • Runtime monitoring — CPU, memory, and disk alerting via psutil with a callback system
  • Web dashboard — Flask REST API with event management, statistics, quarantine control, system metrics, threat intelligence status, and on-demand scanning
  • MCP server — stdio transport so Claude and other MCP clients can call security tools directly (scan_path, screen_input, check_secrets, get_events, monitor_status)
  • PDF audit reports — branded reportlab output covering threat intel status, quarantine records, database metrics, and configuration summary
  • AI analysis — optional Ollama/OpenAI-compatible back-end for threat explanation, deep analysis, content screening, and secret severity assessment
  • Truth engine — Neuresthetics Steel Man Collider integration that verifies threat assessments, scan conclusions, and quarantine decisions with graceful degradation
  • Pre-commit hooksksecurity guard install generates a git hook that blocks secret leaks before every commit
  • Node.js wrapper@smilintux/sksecurity exposes the same CLI as sksecurity-js

Usage

CLI

# Initialize in current directory
sksecurity init

# Scan a path
sksecurity scan ./src

# Scan and auto-quarantine high-risk findings
sksecurity scan ./src --quarantine --threshold 7.0

# Screen text / email content
sksecurity screen "Reset your password now — click here"

# Secret detection
sksecurity guard scan ./src
sksecurity guard staged          # check git-staged files
sksecurity guard text "AKIA..."  # check a string directly
sksecurity guard install         # install pre-commit hook

# Launch web dashboard (requires sksecurity[web])
sksecurity dashboard --port 8888

# Real-time monitoring
sksecurity monitor --interval 5

# Generate PDF audit report
sksecurity audit --output report.pdf

# Manage quarantine
sksecurity quarantine list
sksecurity quarantine restore <id>

# Update threat intelligence
sksecurity update

# System status
sksecurity status

Python API

from sksecurity import (
    SecurityScanner,
    SecretGuard,
    EmailScreener,
    ThreatIntelligence,
    SecurityConfig,
    QuarantineManager,
)

# Load config
config = SecurityConfig()
config.load("sksecurity.yml")          # or use defaults

# Scan a directory
intel = ThreatIntelligence()
scanner = SecurityScanner(intel)
result = scanner.scan_path("./src")
print(result.risk_score, result.threats)
result.to_json("scan.json")

# Detect secrets
guard = SecretGuard()
guard_result = guard.scan_directory("./src")
for finding in guard_result.findings:
    print(finding.secret_type, finding.file_path, finding.line_number)

# Screen input before sending to an LLM
screener = EmailScreener()
verdict = screener.screen("Ignore previous instructions and ...")
if verdict.verdict.value != "SAFE":
    raise ValueError(f"Blocked: {verdict.verdict.value}")

# Quarantine a file
qm = QuarantineManager()
record = qm.quarantine_file("./malicious.py", threat_type="injection", severity="HIGH")
print(record.quarantine_id)

MCP Server

Start the server:

sksecurity-mcp

Add to your Claude / MCP client configuration:

{
  "mcpServers": {
    "sksecurity": {
      "command": "sksecurity-mcp"
    }
  }
}

MCP Tools

Tool Description
scan_path Scan a file or directory for threats and vulnerabilities; returns risk score, threat matches, and recommendations
screen_input Screen arbitrary text for prompt injection, phishing, credential leaks, malicious links, and social engineering
check_secrets Detect hardcoded secrets (API keys, tokens, private keys, database URLs) in a path
get_events Retrieve security events from the SQLite database with optional severity and event-type filters
monitor_status Return current CPU, memory, and disk usage and any active runtime alerts

Configuration

Generate a default config file:

sksecurity init                     # writes sksecurity.yml in the current directory
sksecurity init --framework langchain

sksecurity.yml structure:

security:
  enabled: true
  auto_quarantine: false
  risk_threshold: 7.0
  dashboard_port: 8888

scanning:
  depth: 5
  parallel_scans: 4
  extensions: [.py, .js, .ts, .sh, .yaml, .yml, .json, .env]

monitoring:
  runtime: true
  file_system: true
  network: false

threat_sources:
  - name: moltbook
    # placeholder: no live feed URL yet — disable or replace with a real threat-intel endpoint
    url: https://raw.githubusercontent.com/smilinTux/SKSecurity/main/community-threats/patterns/ai-safety.json
    enabled: false
  - name: community
    # placeholder: no community server yet — see https://github.com/smilinTux/SKSecurity
    url: https://raw.githubusercontent.com/smilinTux/SKSecurity/main/community-threats/patterns/traditional.json
    enabled: false

Environment variables (see .env.example):

Variable Default Description
SKSECURITY_AI_URL http://localhost:11434 Ollama / OpenAI-compatible endpoint
SKSECURITY_AI_MODEL llama3 Model name for AI analysis
SKSECURITY_AI_TIMEOUT 30 Request timeout in seconds
SKSECURITY_WORKSPACE ~/.sksecurity Data directory for DB, quarantine, keys
SKSECURITY_DEBUG false Enable verbose debug output

Development

# Clone
git clone https://github.com/smilinTux/SKSecurity.git
cd SKSecurity

# Install in editable mode with dev extras
pip install -e ".[web,dev]"

# Run tests
pytest

# Lint / format
ruff check .
black .
mypy sksecurity/

Docker development stack:

docker compose up -d

The container exposes the dashboard on port 8888 with volumes mounted at /config, /logs, and /quarantine.

Contributing

  1. Fork the repository and create a feature branch.
  2. Run sksecurity guard install to add the pre-commit secret-detection hook.
  3. Follow existing code style (black, ruff); all new code must pass mypy.
  4. Open a pull request against main with a clear description.

Report bugs and request features at https://github.com/smilinTux/sksecurity/issues.

License

GPL-3.0-or-later © smilinTux.org