-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaudit.py
More file actions
170 lines (138 loc) · 5.45 KB
/
audit.py
File metadata and controls
170 lines (138 loc) · 5.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
#!/usr/bin/env python3
"""SkillGuard Audit Script - Submit URL and display results in terminal."""
import os
import sys
import time
import requests
API_BASE = os.environ.get("SKILLGUARD_API", "http://localhost:8011")
def audit_skill(url: str):
print(f"🔍 Submitting scan for: {url}")
resp = requests.post(f"{API_BASE}/api/scan", json={"github_url": url})
if resp.status_code != 200:
print(f"❌ Error: {resp.text}")
sys.exit(1)
scan_id = resp.json()["scan_id"]
print(f"📋 Scan ID: {scan_id}")
print("⏳ Waiting for results...\n")
while True:
status_resp = requests.get(f"{API_BASE}/api/scan/{scan_id}/status")
data = status_resp.json()
status = data["status"]
if status == "done":
break
elif status == "error":
print(f"❌ Scan failed: {data.get('error', 'Unknown error')}")
sys.exit(1)
print(f" Status: {status} ({data.get('progress', 0)}%)")
time.sleep(2)
scan_resp = requests.get(f"{API_BASE}/api/report/{scan_id}")
data = scan_resp.json()
print("\n" + "="*60)
print(f" SkillGuard Security Report")
print("="*60)
print(f"Skill: {data.get('skill_name', 'N/A')}")
risk_level = data.get('risk_level', 'N/A')
print(f"Grade: {risk_level}")
print(f"Risk Score: {data.get('risk_score', 0)}/100")
findings = data.get("findings", [])
print(f"Total Findings: {len(findings)}")
risk_dist = {}
for f in findings:
sev = f.get("severity", "INFO")
risk_dist[sev] = risk_dist.get(sev, 0) + 1
if risk_dist:
print(f"\nRisk Breakdown:")
for sev in ["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFO"]:
count = risk_dist.get(sev, 0)
if count > 0:
print(f" {sev}: {count}")
if findings:
print(f"\n🔴 Top Findings:")
for f in findings[:5]:
print(f" [{f['severity']}] {f['dimension']}: {f['description'][:60]}...")
print(f"\n📊 Full report: {API_BASE}/report/{scan_id}")
print("="*60)
# Offer Deep Scan for C/D/F risk levels
if risk_level in ["C", "D", "F"]:
print(f"\n⚠️ Risk level {risk_level} detected. Deep Scan recommended.")
try:
response = input("Run Deep Scan? (y/N): ").strip().lower()
if response == 'y':
run_deep_scan(scan_id)
except (EOFError, KeyboardInterrupt):
print("\nSkipping Deep Scan.")
def run_deep_scan(scan_id: str):
"""Run Deep Scan with user-provided API credentials."""
print("\n" + "="*60)
print(" Deep Scan Configuration")
print("="*60)
# Get API credentials from user
base_url = input("Base URL [https://api.anthropic.com]: ").strip() or "https://api.anthropic.com"
api_key = input("API Key: ").strip()
if not api_key:
print("❌ API Key is required")
return
model = input("Model [claude-sonnet-4-6]: ").strip() or "claude-sonnet-4-6"
print(f"\n🔬 Starting Deep Scan...")
print(f" Model: {model}")
# Submit Deep Scan request
try:
resp = requests.post(
f"{API_BASE}/api/deep-scan",
json={
"scan_id": scan_id,
"model": model,
"base_url": base_url,
"api_key": api_key
}
)
if resp.status_code != 200:
print(f"❌ Error: {resp.text}")
return
result = resp.json()
deep_scan_id = result.get("deep_scan_id")
print(f"📋 Deep Scan ID: {deep_scan_id}")
print("⏳ Running deep analysis...\n")
# Poll for Deep Scan status
while True:
status_resp = requests.get(f"{API_BASE}/api/deep-scan/{deep_scan_id}/status")
ds_data = status_resp.json()
status = ds_data.get("status")
phase = ds_data.get("phase", "")
progress = ds_data.get("progress", 0)
if status == "done":
break
elif status == "error":
print(f"❌ Deep Scan failed: {ds_data.get('error_message', 'Unknown error')}")
return
print(f" Phase: {phase} ({progress}%)")
time.sleep(3)
# Get Deep Scan report
report_resp = requests.get(f"{API_BASE}/api/deep-scan/{deep_scan_id}/report")
report = report_resp.json()
# Display Deep Scan results
print("\n" + "="*60)
print(" Deep Scan Report")
print("="*60)
print(f"Risk Score: {report.get('risk_score', 0)}/100")
print(f"Total Turns: {report.get('total_turns', 0)}")
print(f"Tool Calls: {report.get('total_tool_calls', 0)}")
evidences = report.get("evidences", [])
print(f"Evidence Found: {len(evidences)}")
if evidences:
print(f"\n🔴 Top Evidence:")
for ev in evidences[:5]:
risk = ev.get("risk_level", "UNKNOWN")
desc = ev.get("description", "")[:60]
print(f" [{risk}] {desc}...")
actual_cost = report.get("actual_cost", 0)
print(f"\n💰 Actual Cost: ${actual_cost:.4f}")
print(f"\n📊 Full Deep Scan report: {API_BASE}/deep-scan/{deep_scan_id}")
print("="*60)
except Exception as e:
print(f"❌ Error during Deep Scan: {str(e)}")
if __name__ == "__main__":
if len(sys.argv) < 2:
print("Usage: python3 audit.py <github_or_clawhub_url>")
sys.exit(1)
audit_skill(sys.argv[1])