diff --git a/skills/agentguard/SKILL.md b/skills/agentguard/SKILL.md index c779889..a97d3b7 100644 --- a/skills/agentguard/SKILL.md +++ b/skills/agentguard/SKILL.md @@ -615,7 +615,9 @@ Run a comprehensive agent health checkup across 6 security dimensions. Generates Run these checks in parallel where possible. These are **universal agent security checks** — they apply to any Claude Code or OpenClaw environment, regardless of whether AgentGuard is installed. 1. **[REQUIRED] Discover & scan installed skills** (→ feeds Dimension 1: Code Safety): Glob `~/.claude/skills/*/SKILL.md` and `~/.openclaw/skills/*/SKILL.md`. For each discovered skill, **run `/agentguard scan `** using the scan subcommand logic (24 detection rules). Collect the scan results (risk level, findings count, risk tags) for each skill. -2. **[REQUIRED] Credential file permissions** (→ feeds Dimension 2: Credential Safety): `stat -f '%Lp' 2>/dev/null || stat -c '%a' 2>/dev/null` on `~/.ssh/`, `~/.gnupg/`, and if OpenClaw: on `$OC/openclaw.json`, `$OC/devices/paired.json` +2. **[REQUIRED] Credential file permissions** (→ feeds Dimension 2: Credential Safety): Platform-aware check — behavior differs by OS: + - **macOS/Linux**: Run `stat -f '%Lp' 2>/dev/null || stat -c '%a' 2>/dev/null` on `~/.ssh/`, `~/.gnupg/`, and if OpenClaw: on `$OC/openclaw.json`, `$OC/devices/paired.json`. **If the command returns empty output, the directory does not exist — treat as N/A (award full points), do NOT flag as a failure.** + - **Windows**: `stat` is not available. Use `icacls ` to check ACLs instead. If the directory does not exist, treat as N/A (award full points). If it exists, check that the ACL grants access only to the current user (no `Everyone`, `Users`, or `Authenticated Users` with write/read access). Flag as FAIL only if the directory exists AND the ACL is overly permissive. 3. **[REQUIRED] Sensitive credential scan / DLP** (→ feeds Dimension 2: Credential Safety): Use Grep to scan **all** agent workspace directories for leaked secrets. This MUST cover the entire workspace root, not just the current agent's directory: - For OpenClaw / QClaw: scan `~/.openclaw/workspace/` and `~/.qclaw/workspace/` recursively — this includes **all** `workspace-agent-*/` subdirectories, not just the current agent's workspace - For Claude Code: scan `~/.claude/` recursively @@ -655,6 +657,11 @@ Checks for leaked credentials and permission hygiene. Start at **0**, add points |-------|---------------|-------------------| | `~/.ssh/` permissions are 700 or stricter | **+25** | "~/.ssh/ permissions too open () — should be 700" (HIGH) | | `~/.gnupg/` permissions are 700 or stricter | **+15** | "~/.gnupg/ permissions too open () — should be 700" (MEDIUM) | + +**Permission check rules (to avoid false positives):** +- **Directory does not exist** (stat/icacls returns empty or "file not found"): Treat as N/A — award the points. A missing `~/.ssh/` or `~/.gnupg/` is not a security risk. +- **Windows**: Use `icacls` instead of `stat`. Award full points if directory doesn't exist. Flag as FAIL only if directory exists AND ACL grants access to `Everyone`, `Users`, or `Authenticated Users`. +- **macOS/Linux**: Flag as FAIL only when the directory exists AND stat returns a numeric value AND that value is greater than 700. | No private keys (hex 0x..64, PEM) found in skill code or workspace | **+25** | "Plaintext private key found in " (CRITICAL) | | No mnemonic phrases found in skill code or workspace | **+20** | "Plaintext mnemonic found in " (CRITICAL) | | No API keys/tokens (AWS AKIA.., GitHub gh*_) found in skill code | **+15** | "API key/token found in " (HIGH) |