5.9 KiB
Deep Scan Report — {{TARGET}}
Date: {{TIMESTAMP}} Node.js: {{NODE_VERSION}} Duration: {{TOTAL_DURATION_MS}}ms
Verdict: {{VERDICT}}
Risk Score: {{RISK_SCORE}}/100 Total Findings: {{TOTAL_FINDINGS}} ({{CRITICAL}}C {{HIGH}}H {{MEDIUM}}M {{LOW}}L {{INFO}}I) Scanners: {{SCANNERS_OK}} ok, {{SCANNERS_ERROR}} error, {{SCANNERS_SKIPPED}} skipped
Verdict Logic
| Condition | Threshold | Result |
|---|---|---|
| Any CRITICAL or >=3 HIGH | Hard block | BLOCK |
| Any HIGH or >=5 MEDIUM | Review required | WARNING |
| Otherwise | Clean | ALLOW |
Executive Summary
{{EXECUTIVE_SUMMARY}}
Scanner Results
1. Unicode Analysis (UNI)
Status: {{UNI_STATUS}} | Files: {{UNI_FILES}} | Findings: {{UNI_FINDINGS}} | Time: {{UNI_DURATION}}ms
Detects hidden Unicode characters used for prompt injection and code obfuscation: zero-width chars, Unicode Tag steganography, BIDI overrides (Trojan Source), homoglyphs.
{{UNI_DETAILS}}
2. Entropy Analysis (ENT)
Status: {{ENT_STATUS}} | Files: {{ENT_FILES}} | Findings: {{ENT_FINDINGS}} | Time: {{ENT_DURATION}}ms
Detects encoded payloads via Shannon entropy: base64 blobs, hex-encoded data, encrypted content, hardcoded secrets with high randomness.
{{ENT_DETAILS}}
3. Permission Mapping (PRM)
Status: {{PRM_STATUS}} | Files: {{PRM_FILES}} | Findings: {{PRM_FINDINGS}} | Time: {{PRM_DURATION}}ms
Claude Code plugin analysis: purpose-vs-tools mismatches, dangerous tool combinations, ghost hooks, haiku on sensitive agents, overprivileged components.
{{PRM_DETAILS}}
4. Dependency Audit (DEP)
Status: {{DEP_STATUS}} | Files: {{DEP_FILES}} | Findings: {{DEP_FINDINGS}} | Time: {{DEP_DURATION}}ms
CVE detection (npm/pip audit), typosquatting (Levenshtein vs top packages), malicious install scripts, unpinned versions.
{{DEP_DETAILS}}
5. Taint Tracing (TNT)
Status: {{TNT_STATUS}} | Files: {{TNT_FILES}} | Findings: {{TNT_FINDINGS}} | Time: {{TNT_DURATION}}ms
Data flow analysis from untrusted sources (env vars, request bodies, tool input) to dangerous sinks (eval, exec, fetch, writeFile). Regex-based, ~70% recall.
{{TNT_DETAILS}}
6. Git Forensics (GIT)
Status: {{GIT_STATUS}} | Files: {{GIT_FILES}} | Findings: {{GIT_FINDINGS}} | Time: {{GIT_DURATION}}ms
Supply chain rug pull signals: force pushes, description drift, hook modifications, new outbound URLs, author changes, binary additions, suspicious commit patterns.
{{GIT_DETAILS}}
7. Network Mapping (NET)
Status: {{NET_STATUS}} | Files: {{NET_FILES}} | Findings: {{NET_FINDINGS}} | Time: {{NET_DURATION}}ms
Outbound URL discovery and classification: trusted (allow-listed), suspicious (exfiltration endpoints, tunneling services), IP-based, unknown domains.
{{NET_DETAILS}}
Risk Matrix
| Scanner | CRITICAL | HIGH | MEDIUM | LOW | INFO |
|---|---|---|---|---|---|
| Unicode (UNI) | {{UNI_C}} | {{UNI_H}} | {{UNI_M}} | {{UNI_L}} | {{UNI_I}} |
| Entropy (ENT) | {{ENT_C}} | {{ENT_H}} | {{ENT_M}} | {{ENT_L}} | {{ENT_I}} |
| Permission (PRM) | {{PRM_C}} | {{PRM_H}} | {{PRM_M}} | {{PRM_L}} | {{PRM_I}} |
| Dependency (DEP) | {{DEP_C}} | {{DEP_H}} | {{DEP_M}} | {{DEP_L}} | {{DEP_I}} |
| Taint (TNT) | {{TNT_C}} | {{TNT_H}} | {{TNT_M}} | {{TNT_L}} | {{TNT_I}} |
| Git (GIT) | {{GIT_C}} | {{GIT_H}} | {{GIT_M}} | {{GIT_L}} | {{GIT_I}} |
| Network (NET) | {{NET_C}} | {{NET_H}} | {{NET_M}} | {{NET_L}} | {{NET_I}} |
| TOTAL | {{CRITICAL}} | {{HIGH}} | {{MEDIUM}} | {{LOW}} | {{INFO}} |
OWASP Coverage
| OWASP Category | Findings | Scanners |
|---|---|---|
| LLM01 — Prompt Injection | {{LLM01_COUNT}} | UNI, ENT, TNT |
| LLM02 — Sensitive Info Disclosure | {{LLM02_COUNT}} | TNT, NET |
| LLM03 — Supply Chain | {{LLM03_COUNT}} | ENT, DEP, GIT, NET |
| LLM06 — Excessive Agency | {{LLM06_COUNT}} | PRM |
Recommendations
Immediate (CRITICAL + HIGH)
{{IMMEDIATE_ACTIONS}}
Short-term (MEDIUM)
{{SHORTTERM_ACTIONS}}
Improvements (LOW + INFO)
{{IMPROVEMENT_ACTIONS}}
Methodology
This report was generated by 7 deterministic Node.js scanners (zero external dependencies). Scanner results are factual and reproducible. The Executive Summary and Recommendations sections are synthesized by an LLM agent interpreting the raw findings.
| Scanner | Algorithm | Limitations |
|---|---|---|
| Unicode | Codepoint iteration, Tag decoding | None — deterministic |
| Entropy | Shannon H per string literal | FP on knowledge files, data URIs |
| Permission | Frontmatter parsing, cross-reference | Claude Code plugins only |
| Dependency | npm/pip audit, Levenshtein | Requires package manager CLI |
| Taint | Regex variable tracking, 3-pass | ~70% recall, no AST, no cross-file |
| Git | History analysis, reflog, diff | Max 500 commits, 15s timeout |
| Network | URL extraction, DNS resolution | Max 50 DNS lookups, 3s timeout |
Generated by llm-security deep-scan v1.2.0