v4 preview

CHANGELOG.md

@@ -5,6 +5,38 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v3.6.1] - 2026-01-27
+
+### Added
+- 🆔 **Component Fingerprints**: Added Clawdbot Gateway fingerprint to improve AI component vulnerability detection coverage.
+
+## [v3.6.0] - 2025-01-17
+
+### Added
+- 🔐 **System Administration**: Added SYS_ADMIN capability for Chrome sandbox and database indexes for performance enhancement (@zhuque)
+- 📊 **Report Enhancement**: Updated feature and pager, resolved text misalignment in PDF report download (@zonashi)
+- 📝 **User Guide**: Updated user guide for new features (@zonashi)
+- ⏱️ **Scan Metrics**: Added model & scan duration in AI tool protocol scan report (@zonashi)
+- 👥 **User Management**: Refactored User struct and enhanced user management methods (@boyhack)
+
+### Changed
+- 📚 **Documentation**: Updated API docs, Swagger docs, and model API (@zhuque)
+- 🐳 **Docker Config**: Updated docker-compose.yml and docker-compose.images.yml (@zhuque)
+- 🔢 **Versioning**: Updated version to v3.6.0 (@zhuque)
+- 🧠 **LLM Result**: Added LLM parameter to MCP meta result (@zhuque)
+- 🗄️ **Database**: Fixed LLM model database (@zhuque)
+- 🔐 **Auth**: Implemented inner API auth controller (@zhuque)
+- 🎯 **Score Correction**: Corrected CalcSecScore method in runner.py to handle Chinese risk levels correctly (@mhh)
+- ⚖️ **Risk Type**: Corrected item.RiskType to item.Severity in scoring logic (@mhh)
+
+### Fixed
+- 🧪 **Testing**: Removed test info (@zhuque)
+
+### Contributors
+Special thanks to @mhh, @aaasven
+
+---
+
 ## [v3.6.0-rc1] - 2025-01-07
 
 ### Changed

Dockerfile

@@ -1,5 +1,5 @@
 # 多阶段构建Dockerfile
-# 第一阶段：构建阶段
+# 第一阶段：构建Go应用
 FROM golang:1.23.2-alpine AS builder
 
 # 设置工作目录
@@ -17,11 +17,18 @@ RUN go mod download
 # 构建应用
 RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -trimpath -buildvcs=false -o ai-infra-guard ./cmd/cli/main.go
 
-# 第二阶段：运行阶段
-FROM alpine:3.19
+# 第二阶段：运行阶段（使用Python 3.12 Alpine镜像）
+FROM python:3.12-alpine
 
 # 安装运行时依赖
-RUN apk add --no-cache ca-certificates tzdata bash curl
+RUN apk add --no-cache \
+    ca-certificates \
+    tzdata \
+    bash \
+    curl
+
+# 安装uv到/usr/local/bin
+RUN curl -LsSf https://astral.sh/uv/install.sh | env UV_INSTALL_DIR="/usr/local/bin" sh
 
 # 设置工作目录
 WORKDIR /app
@@ -34,6 +41,10 @@ COPY --from=builder /app/CHANGELOG.md .
 # 复制数据文件到容器中
 COPY --from=builder /app/data ./data
 
+# 复制agent-scan目录并安装Python依赖
+COPY ./agent-scan /app/agent-scan
+RUN pip install --no-cache-dir -r /app/agent-scan/requirements.txt
+
 # 复制启动脚本到镜像中
 COPY start.sh /app/start.sh
 RUN chmod +x /app/start.sh && chown root:root /app/start.sh
@@ -51,6 +62,7 @@ ENV APP_ENV=production
 ENV UPLOAD_DIR=/app/uploads
 ENV DB_PATH=/app/db/tasks.db
 ENV TZ=Asia/Shanghai
+ENV PYTHONUNBUFFERED=1
 
 # 暴露端口
 EXPOSE 8088

Dockerfile_Agent

@@ -56,6 +56,11 @@ COPY ./mcp-scan /app/mcp-scan/
 WORKDIR /app/mcp-scan
 RUN pip install --no-cache-dir -r requirements.txt
 
+COPY ./agent-scan /app/agent-scan/
+WORKDIR /app/agent-scan
+RUN pip install --no-cache-dir -r requirements.txt
+
+
 RUN set -eux; \
     apt-get purge -y --auto-remove \
         build-essential \

README.md

@@ -50,8 +50,9 @@
 <br>
 
 > 📢 **News**:
-> * A.I.G v3.5.0 features major improvements in modular architecture, system stability, and detection capabilities. Update now to explore the new version. [View all changelog.](./CHANGELOG.md)
-> * 🎉 A.I.G was featured at **Black Hat Arsenal Europe 2025**! Check out our [presentation slides.](./Arsenal-BHEU2025-AI-Infra-Guard.pdf)
+
+> * A.I.G v3.6.1 Support Clawdbot(moltbot) Gateway unauthorized access risk detection. [View all changelog.](./CHANGELOG.md)
+> * A.I.G v3.6.0 Add Agent Skills security scan to AI Tool Protocol scan.  [View all changelog.](./CHANGELOG.md)
 
 ## Table of Contents
 - [🚀 Quick Start](#-quick-start)
@@ -86,7 +87,7 @@ Once the service is running, you can access the A.I.G web interface at:
 <br>
 
 <details>
-<summary><strong>📦 More installation options and online pro version</strong></summary>
+<summary><strong>📦 More installation options</strong></summary>
 
 ### Other Installation Methods
 
@@ -109,18 +110,19 @@ Note: The AI-Infra-Guard project is positioned as an AI red teaming platform for
 
 For more information, see: [https://tencent.github.io/AI-Infra-Guard/?menu=getting-started](https://tencent.github.io/AI-Infra-Guard/?menu=getting-started)
 
-### Try the Online Pro Version
-Experience the Pro version with advanced features and improved performance. The Pro version requires an invitation code and is prioritized for contributors who have submitted issues, pull requests, or discussions, or actively help grow the community. Visit: [https://aigsec.ai/](https://aigsec.ai/)
-
 </details>
+
+### Try the Online Pro Version
+Experience the Pro version with advanced features and improved performance. The Pro version requires an invitation code and is prioritized for contributors who have submitted issues, pull requests, or discussions, or actively help grow the community. Visit: [https://aigsec.ai/](https://aigsec.ai/).
+<br>
 <br>
 
 ## ✨ Features
 
 | Feature | More Info |
 |:--------|:------------|
 | **AI&nbsp;Infra&nbsp;Scan** | Precisely identifies ​over​ 30 AI framework components ​and covers​ over 400 known CVE vulnerabilities, ​including​ Ollama, ComfyUI, vLLM, etc. |
-| **MCP&nbsp;Server&nbsp;Scan** | Powered by AI Agent, Detects 9 major categories of MCP security risks, Supports source code/remote URL scanning. |
+| **AI&nbsp;Tool&nbsp;Protocol&nbsp;Scan** | Powered by an AI Agent, Detects 14 major categories of security risks in MCP Servers and Skills, Supports scanning of source code and remote URLs. |
 | **Jailbreak&nbsp;Evaluation** | Assesses prompt security risks with curated datasets and multiple attack methods, Cross-model comparison. |
 
 <details>
@@ -318,6 +320,7 @@ We are deeply grateful to the following teams and organizations for their trust,
 <div align="center">
 <img src="img/tencent.png" alt="Tencent" height="30px">
 <img src="img/deepseek.png" alt="DeepSeek" height="38px">
+<img src="img/antintl.svg" alt="Antintl" height="45px">
 </div>
 
 <br>
@@ -376,15 +379,17 @@ If you use A.I.G in your research, please cite:
 
 We are deeply grateful to the research teams who have used A.I.G in their academic work and contributed to advancing AI security research:
 
-[1] Yongjian Guo, Puzhuo Liu, et al. **"Systematic Analysis of MCP Security."** arXiv preprint arXiv:2508.12538 (2025). [[pdf]](https://arxiv.org/abs/2508.12538)  
-[2] Zexin Wang, Jingjing Li, et al. **"A Survey on AgentOps: Categorization, Challenges, and Future Directions."** arXiv preprint arXiv:2508.02121 (2025). [[pdf]](https://arxiv.org/abs/2508.02121)  
-[3] Yixuan Yang, Daoyuan Wu, Yufan Chen. **"MCPSecBench: A Systematic Security Benchmark and Playground for Testing Model Context Protocols."** arXiv preprint arXiv:2508.13220 (2025). [[pdf]](https://arxiv.org/abs/2508.13220)  
-[4] Ping He, Changjiang Li, et al. **"Automatic Red Teaming LLM-based Agents with Model Context Protocol Tools."** arXiv preprint arXiv:2509.21011 (2025). [[pdf]](https://arxiv.org/abs/2509.21011)  
-[5] Weibo Zhao, Jiahao Liu, Bonan Ruan et al. **"When MCP Servers Attack: Taxonomy, Feasibility, and Mitigation."** arXiv preprint arXiv:2509.24272v1 (2025). [[pdf]](http://arxiv.org/abs/2509.24272v1)  
+[1] Ruiqi Li, Zhiqiang Wang, Yunhao Yao et al. **"MCP-ITP: An Automated Framework for Implicit Tool Poisoning in MCP."** arXiv preprint arXiv:2601.07395v1 (2026). [[pdf]](http://arxiv.org/abs/2601.07395v1)  
+[2] Jingxiao Yang, Ping He, Tianyu Du et al. **"HogVul: Black-box Adversarial Code Generation Framework Against LM-based Vulnerability Detectors."** arXiv preprint arXiv:2601.05587v1 (2026). [[pdf]](http://arxiv.org/abs/2601.05587v1)  
+[3] Yunyi Zhang, Shibo Cui, Baojun Liu et al. **"Beyond Jailbreak: Unveiling Risks in LLM Applications Arising from Blurred Capability Boundaries."** arXiv preprint arXiv:2511.17874v2 (2025). [[pdf]](http://arxiv.org/abs/2511.17874v2)  
+[4] Teofil Bodea, Masanori Misono, Julian Pritzi et al. **"Trusted AI Agents in the Cloud."** arXiv preprint arXiv:2512.05951v1 (2025). [[pdf]](http://arxiv.org/abs/2512.05951v1)  
+[5] Christian Coleman. **"Behavioral Detection Methods for Automated MCP Server Vulnerability Assessment."** [[pdf]](https://digitalcommons.odu.edu/cgi/viewcontent.cgi?article=1138&context=covacci-undergraduateresearch)  
 [6] Bin Wang, Zexin Liu, Hao Yu et al. **"MCPGuard : Automatically Detecting Vulnerabilities in MCP Servers."** arXiv preprint arXiv:22510.23673v1 (2025). [[pdf]](http://arxiv.org/abs/2510.23673v1)  
-[7] Christian Coleman. **"Behavioral Detection Methods for Automated MCP Server Vulnerability Assessment."** [[pdf]](https://digitalcommons.odu.edu/cgi/viewcontent.cgi?article=1138&context=covacci-undergraduateresearch)  
-[8] Teofil Bodea, Masanori Misono, Julian Pritzi et al. **"Trusted AI Agents in the Cloud."** arXiv preprint arXiv:2512.05951v1 (2025). [[pdf]](http://arxiv.org/abs/2512.05951v1)  
-[9] Yunyi Zhang, Shibo Cui, Baojun Liu et al. **"Beyond Jailbreak: Unveiling Risks in LLM Applications Arising from Blurred Capability Boundaries."** arXiv preprint arXiv:2511.17874v2 (2025). [[pdf]](http://arxiv.org/abs/2511.17874v2)  
+[7] Weibo Zhao, Jiahao Liu, Bonan Ruan et al. **"When MCP Servers Attack: Taxonomy, Feasibility, and Mitigation."** arXiv preprint arXiv:2509.24272v1 (2025). [[pdf]](http://arxiv.org/abs/2509.24272v1)  
+[8] Ping He, Changjiang Li, et al. **"Automatic Red Teaming LLM-based Agents with Model Context Protocol Tools."** arXiv preprint arXiv:2509.21011 (2025). [[pdf]](https://arxiv.org/abs/2509.21011)  
+[9] Yixuan Yang, Daoyuan Wu, Yufan Chen. **"MCPSecBench: A Systematic Security Benchmark and Playground for Testing Model Context Protocols."** arXiv preprint arXiv:2508.13220 (2025). [[pdf]](https://arxiv.org/abs/2508.13220)  
+[10] Zexin Wang, Jingjing Li, et al. **"A Survey on AgentOps: Categorization, Challenges, and Future Directions."** arXiv preprint arXiv:2508.02121 (2025). [[pdf]](https://arxiv.org/abs/2508.02121)  
+[11] Yongjian Guo, Puzhuo Liu, et al. **"Systematic Analysis of MCP Security."** arXiv preprint arXiv:2508.12538 (2025). [[pdf]](https://arxiv.org/abs/2508.12538)  
 
 📧 If you have used A.I.G in your research or product, or if we have inadvertently missed your publication, we would love to hear from you! [Contact us here](#-join-the-community).
 <br>

README_ZH.md

@@ -48,9 +48,9 @@
 </p>
 
 > 📢 **News**:
-> * A.I.G V3.5.0 正式版在架构模块化、系统稳定性及检测能力上进行了全面升级，欢迎大家更新体验。[查看完整更新日志](./CHANGELOG.md)
-> * 🎉 A.I.G 入选 **Black Hat Arsenal Europe 2025**! 查看我们的[PPT](./Arsenal-BHEU2025-AI-Infra-Guard.pdf)。
 
+> * A.I.G V3.6.1 新增支持 clawdbot(moltbot) 网关未授权访问风险检测能力。[查看完整更新日志](./CHANGELOG.md)
+> * A.I.G v3.6.0 在AI工具协议扫描中新增了 Agent Skills 安全风险评估能力。[查看完整更新日志](./CHANGELOG.md)
 ## 目录
 - [🚀 快速开始](#-快速开始)
 - [✨ 功能特性](#-功能特性)
@@ -84,7 +84,7 @@ docker-compose -f docker-compose.images.yml up -d
 <br>
 
 <details>
-<summary><strong>📦 更多安装方式及在线Pro版</strong></summary>
+<summary><strong>📦 更多安装方式</strong></summary>
 
 ### 其他安装方式
 
@@ -107,12 +107,11 @@ docker-compose up -d
 
 更多信息请参阅：[https://tencent.github.io/AI-Infra-Guard/?menu=getting-started](https://tencent.github.io/AI-Infra-Guard/?menu=getting-started)
 
-### 体验在线Pro版
-体验具有内测及高级功能的Pro版，需要邀请码，优先提供给提交过 Issues、Pull Requests 或 Discussions，或积极帮助社区发展的贡献者。访问：[https://aigsec.ai/](https://aigsec.ai/)
-
 </details>
-<br>
 
+### 体验在线Pro版
+体验具有内测及高级功能的Pro版，需要邀请码，优先提供给提交过 Issues、Pull Requests 或 Discussions，或积极帮助社区发展的贡献者。访问：[https://aigsec.ai/](https://aigsec.ai/)
+<br/>
 <br/>
 
 ## ✨ 功能特性
@@ -121,7 +120,7 @@ docker-compose up -d
 | 特性 | 详细信息 |
 |:--------|:------------|
 | **AI基础设施漏洞扫描** | 精准识别30+AI框架组件，覆盖400+已知CVE漏洞，包括Ollama/ComfyUI/vLLM等 |
-| **MCP Server风险检测** | 基于AI Agent驱动，检测9大类MCP安全风险，支持源代码/远程URL扫描 |
+| **AI工具协议扫描** | 基于AI Agent驱动，检测14大类MCP Server与Skills安全风险，支持源代码/远程URL扫描 |
 | **大模型安全体检** | 快速评估Prompt安全风险，内置多个精选越狱评估数据集，支持多种越狱攻击算子，跨模型安全性能对比 |
 
 <details>
@@ -314,6 +313,7 @@ A.I.G 的核心能力之一就是其丰富且可快速配置的插件系统。
 <div align="center">
 <img src="img/tencent.png" alt="Tencent" height="30px">
 <img src="img/deepseek.png" alt="DeepSeek" height="38px">
+<img src="img/antintl.svg" alt="Antintl" height="45px">
 </div>
 
 <br>
@@ -369,15 +369,17 @@ A.I.G 的核心能力之一就是其丰富且可快速配置的插件系统。
 
 我们深深感谢在学术工作中使用A.I.G，并为推进AI安全研究做出贡献的团队：
 
-[1] Yongjian Guo, Puzhuo Liu, et al. **"Systematic Analysis of MCP Security."** arXiv preprint arXiv:2508.12538 (2025). [[pdf]](https://arxiv.org/abs/2508.12538)  
-[2] Zexin Wang, Jingjing Li, et al. **"A Survey on AgentOps: Categorization, Challenges, and Future Directions."** arXiv preprint arXiv:2508.02121 (2025). [[pdf]](https://arxiv.org/abs/2508.02121)  
-[3] Yixuan Yang, Daoyuan Wu, Yufan Chen. **"MCPSecBench: A Systematic Security Benchmark and Playground for Testing Model Context Protocols."** arXiv preprint arXiv:2508.13220 (2025). [[pdf]](https://arxiv.org/abs/2508.13220)  
-[4] Ping He, Changjiang Li, et al. **"Automatic Red Teaming LLM-based Agents with Model Context Protocol Tools."** arXiv preprint arXiv:2509.21011 (2025). [[pdf]](https://arxiv.org/abs/2509.21011)  
-[5] Weibo Zhao, Jiahao Liu, Bonan Ruan et al. **"When MCP Servers Attack: Taxonomy, Feasibility, and Mitigation."** arXiv preprint arXiv:2509.24272v1 (2025). [[pdf]](http://arxiv.org/abs/2509.24272v1)  
+[1] Ruiqi Li, Zhiqiang Wang, Yunhao Yao et al. **"MCP-ITP: An Automated Framework for Implicit Tool Poisoning in MCP."** arXiv preprint arXiv:2601.07395v1 (2026). [[pdf]](http://arxiv.org/abs/2601.07395v1)  
+[2] Jingxiao Yang, Ping He, Tianyu Du et al. **"HogVul: Black-box Adversarial Code Generation Framework Against LM-based Vulnerability Detectors."** arXiv preprint arXiv:2601.05587v1 (2026). [[pdf]](http://arxiv.org/abs/2601.05587v1)  
+[3] Yunyi Zhang, Shibo Cui, Baojun Liu et al. **"Beyond Jailbreak: Unveiling Risks in LLM Applications Arising from Blurred Capability Boundaries."** arXiv preprint arXiv:2511.17874v2 (2025). [[pdf]](http://arxiv.org/abs/2511.17874v2)  
+[4] Teofil Bodea, Masanori Misono, Julian Pritzi et al. **"Trusted AI Agents in the Cloud."** arXiv preprint arXiv:2512.05951v1 (2025). [[pdf]](http://arxiv.org/abs/2512.05951v1)  
+[5] Christian Coleman. **"Behavioral Detection Methods for Automated MCP Server Vulnerability Assessment."** [[pdf]](https://digitalcommons.odu.edu/cgi/viewcontent.cgi?article=1138&context=covacci-undergraduateresearch)  
 [6] Bin Wang, Zexin Liu, Hao Yu et al. **"MCPGuard : Automatically Detecting Vulnerabilities in MCP Servers."** arXiv preprint arXiv:22510.23673v1 (2025). [[pdf]](http://arxiv.org/abs/2510.23673v1)  
-[7] Christian Coleman. **"Behavioral Detection Methods for Automated MCP Server Vulnerability Assessment."** [[pdf]](https://digitalcommons.odu.edu/cgi/viewcontent.cgi?article=1138&context=covacci-undergraduateresearch)  
-[8] Teofil Bodea, Masanori Misono, Julian Pritzi et al. **"Trusted AI Agents in the Cloud."** arXiv preprint arXiv:2512.05951v1 (2025). [[pdf]](http://arxiv.org/abs/2512.05951v1)  
-[9] Yunyi Zhang, Shibo Cui, Baojun Liu et al. **"Beyond Jailbreak: Unveiling Risks in LLM Applications Arising from Blurred Capability Boundaries."** arXiv preprint arXiv:2511.17874v2 (2025). [[pdf]](http://arxiv.org/abs/2511.17874v2)  
+[7] Weibo Zhao, Jiahao Liu, Bonan Ruan et al. **"When MCP Servers Attack: Taxonomy, Feasibility, and Mitigation."** arXiv preprint arXiv:2509.24272v1 (2025). [[pdf]](http://arxiv.org/abs/2509.24272v1)  
+[8] Ping He, Changjiang Li, et al. **"Automatic Red Teaming LLM-based Agents with Model Context Protocol Tools."** arXiv preprint arXiv:2509.21011 (2025). [[pdf]](https://arxiv.org/abs/2509.21011)  
+[9] Yixuan Yang, Daoyuan Wu, Yufan Chen. **"MCPSecBench: A Systematic Security Benchmark and Playground for Testing Model Context Protocols."** arXiv preprint arXiv:2508.13220 (2025). [[pdf]](https://arxiv.org/abs/2508.13220)  
+[10] Zexin Wang, Jingjing Li, et al. **"A Survey on AgentOps: Categorization, Challenges, and Future Directions."** arXiv preprint arXiv:2508.02121 (2025). [[pdf]](https://arxiv.org/abs/2508.02121)  
+[11] Yongjian Guo, Puzhuo Liu, et al. **"Systematic Analysis of MCP Security."** arXiv preprint arXiv:2508.12538 (2025). [[pdf]](https://arxiv.org/abs/2508.12538)  
 
 📧 如果您在研究中使用了A.I.G，请联系我们，让更多人看到您的研究！
 <br>
@@ -389,4 +391,4 @@ A.I.G 的核心能力之一就是其丰富且可快速配置的插件系统。
 
 <div>
 
-[![Star History Chart](https://api.star-history.com/svg?repos=Tencent/AI-Infra-Guard&type=Date)](https://star-history.com/#Tencent/AI-Infra-Guard&Date)
+[![Star History Chart](https://api.star-history.com/svg?repos=Tencent/AI-Infra-Guard&type=Date)](https://star-history.com/#Tencent/AI-Infra-Guard&Date)

agent-scan/README.md

@@ -0,0 +1,27 @@
+# Agent-Scan
+
+AI Agent 驱动的自动化代码扫描和漏洞检测工具
+
+## 快速开始
+
+```bash
+# 安装依赖
+pip install -r requirements.txt
+# 运行扫描
+python main.py -m deepseek/deepseek-v3.2 -k sk-123456 --agent_provider demo_dify.yaml
+```
+
+## 命令行参数
+
+```bash
+python main.py [选项]
+
+可选参数:
+  --repo PATH              要扫描的项目路径
+  -p, --prompt TEXT        自定义扫描提示词
+  -m, --model TEXT         LLM 模型名称 (默认: deepseek/deepseek-v3.2-exp)
+  -k, --api_key TEXT       API Key (默认从环境变量 OPENROUTER_API_KEY 读取)
+  -u, --base_url TEXT      API 基础 URL (默认: https://openrouter.ai/api/v1)
+  --agent_provider PATH    Agent provider 配置文件
+  --language TEXT          输出语言 zh/en (默认: zh)
+```