Production hardening: security fixes, code quality, 724 skills complete

- Fix 25 shell=True subprocess calls with list-based commands
- Fix 49 verify=False in defensive skills (env-var override)
- Add timeout to 231 HTTP/subprocess/socket calls
- Fix 6 SQL injection patterns with whitelist validation
- Replace 8 __import__() with standard imports
- Remove 701 unused imports across 442 files
- Add authorized-testing disclaimers to all offensive skills
- Complete 11 incomplete skill directories
- Expand 10 stub SKILL.md files with full content
- Fix 2 YAML parse errors in frontmatter
- Fix 5 pre-existing syntax errors
- Convert 22 hardcoded paths/ports to environment variables
- Back up 21 redundant skill pairs to .bak
- Fix 2 global declaration errors
- 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE)
- 0 compile errors across all 724 agent.py files
This commit is contained in:
mukul975
2026-03-19 13:26:49 +01:00
parent 63b442d347
commit c47eed6a64
900 changed files with 23085 additions and 2720 deletions
@@ -5,7 +5,6 @@ import json
import argparse
import logging
import subprocess
from collections import defaultdict
from datetime import datetime
logging.basicConfig(level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s")
@@ -25,7 +24,7 @@ PURDUE_ZONES = {
def scan_zone_hosts(subnet):
"""Discover hosts in an OT zone via nmap ping scan."""
cmd = ["nmap", "-sn", subnet, "-oX", "-"]
result = subprocess.run(cmd, capture_output=True, text=True)
result = subprocess.run(cmd, capture_output=True, text=True, timeout=120)
hosts = []
import re
for match in re.finditer(r'addr="(\d+\.\d+\.\d+\.\d+)"', result.stdout):
@@ -68,7 +67,7 @@ def check_ot_protocol_exposure(target_subnet):
"20000": "DNP3", "4840": "OPC-UA", "2222": "EtherNet/IP-explicit"}
port_list = ",".join(ot_ports.keys())
cmd = ["nmap", "-sS", "-p", port_list, target_subnet, "--open", "-oX", "-"]
result = subprocess.run(cmd, capture_output=True, text=True)
result = subprocess.run(cmd, capture_output=True, text=True, timeout=120)
exposed = []
import re
current_host = ""