Skip to content

Releases: Ap6pack/malwar

v0.3.1 — ClawHub Registry Crawling

24 Feb 14:57
@Ap6pack Ap6pack
v0.3.1
76e188c

Choose a tag to compare

View all tags
v0.3.1 — ClawHub Registry Crawling Latest
Latest

What's New

ClawHub Registry Integration

New malwar crawl CLI sub-app to browse, search, and scan skills directly from the ClawHub registry — the largest community skill marketplace with 5,700+ skills.

Commands:

  • malwar crawl scan <slug> — fetch a skill's SKILL.md from ClawHub and scan it for threats
  • malwar crawl search <query> — search the registry by keyword
  • malwar crawl list — browse available skills with pagination
  • malwar crawl info <slug> — view skill details and moderation flags (VirusTotal integration)
  • malwar crawl url <url> — fetch and scan any remote SKILL.md by URL (not limited to ClawHub)

Housekeeping

  • Pinned mkdocs-material to v9.x to prevent MkDocs 2.0 breakage
  • Added copyright header verification to CI
  • Hardened security scanning: continue-on-error replaces silent || true, added gitleaks secret scanning and npm audit
  • Consolidated orphaned flat docs into nested structure

Stats

  • 1,504 tests passing (32 new for crawl feature)
  • 82% code coverage
  • 26 detection rules
  • CI green across all 5 jobs

Full Changelog: v0.3.0...v0.3.1

Assets 2
Loading

v0.3.0 — Production Readiness & Extensibility

24 Feb 14:57
@Ap6pack Ap6pack
v0.3.0
e9e397a

Choose a tag to compare

View all tags
v0.3.0 — Production Readiness & Extensibility

What's New

Extensibility

  • YAML DSL for custom rules — define detection rules in YAML without writing Python (#30)
  • Rule testing framework — test rules against sample files with malwar test-rules (#30)
  • Plugin system — load third-party detection plugins at runtime (#38)
  • ML-based risk scoring — machine learning model for anomaly-aware risk scores (#37)

Infrastructure

  • PostgreSQL backend — optional PostgreSQL support alongside SQLite (#34)
  • Redis caching layer — cache scan results and rule compilations (#35)
  • GitLab CI template — ready-to-use .gitlab-ci.yml with Code Quality reports (#30)
  • Azure DevOps template — pipeline template with SARIF and ##vso annotations (#30)

Security & Compliance

  • Audit logging — immutable, append-only audit trail for all API operations (#20)
  • Role-based access control (RBAC) — admin, analyst, and viewer roles (#32)
  • CI security scanning — Bandit SAST, pip-audit, and CycloneDX SBOM in CI pipeline

Operations

  • Scheduled scanning — background scan jobs on configurable intervals (#26)
  • Multi-channel notifications — Slack, email, and webhook alerts on scan completion (#36)
  • Git diff scanning — scan only changed files between commits (#30)

User Experience

  • Dashboard analytics — trend charts, threat breakdown, scan volume over time (#39)
  • Rich TUI — interactive terminal interface for browsing scans and findings (#40)

Stats

  • 1,472 tests (16 skipped) — up from 345 in v0.2.0
  • 26 detection rules — up from 19
  • 30+ API endpoints — up from 16
  • 82% code coverage
  • 14 issues closed

Breaking Changes

None. v0.3.0 is fully backward-compatible with v0.2.x configurations and databases.

Install

pip install malwar==0.3.0
docker pull ghcr.io/ap6pack/malwar:0.3.0

Full Changelog: v0.2.1...v0.3.0

Loading

Malwar v0.2.1 — Public Launch

24 Feb 14:57
@Ap6pack Ap6pack
v0.2.1
ada7abb

Choose a tag to compare

View all tags
Malwar v0.2.1 — Public Launch

Malwar v0.2.1 — Public Launch

The first public release of Malwar. 793 tests. 26 detection rules. Ready for production.

Install

pip install malwar
docker pull ghcr.io/ap6pack/malwar:latest

What's Included

Everything from v0.2.0 plus public launch infrastructure:

Detection Engine

  • 26 detection rules across 9 categories
  • 4-layer pipeline: Rule Engine + URL Crawler + LLM Analyzer + Threat Intel
  • 3 threat campaigns: ClawHavoc, SnykToxic, ShadowPkg
  • 96.8% accuracy, 100% recall, 95.8% precision
  • Live LLM testing validated against Claude API

SDK & Integrations

  • Python SDK: from malwar import scan
  • LangChain integration: MalwarGuard, MalwarScanTool
  • GitHub Action: scan SKILL.md files in PRs with SARIF upload
  • STIX 2.1 / TAXII 2.1 export for SIEM integration
  • Webhook notifications with HMAC-SHA256 signing

API & CLI

  • 24 REST API endpoints with OpenAPI docs at /api/docs
  • Per-key rate limiting with usage analytics
  • Campaign ingestion from JSON, CSV, STIX, HTTP feeds
  • IOC feed endpoint with ETag caching

Infrastructure

  • Helm chart for Kubernetes deployment
  • Multi-stage Dockerfile with non-root user
  • DB migration system with auto-migrate on startup
  • BSL-1.1 license — free for all use, commercial hosting requires agreement

Community

  • MkDocs docs site at ap6pack.github.io/malwar
  • Issue templates for bugs, features, and detection rules
  • CONTRIBUTING.md and SECURITY.md
  • GitHub Sponsors enabled

Documentation

Copyright (c) 2026 Veritas Aequitas Holdings LLC. All rights reserved.

Loading

Malwar v0.1.0 — Initial Release

24 Feb 14:57
@Ap6pack Ap6pack
v0.1.0
6b89b50

Choose a tag to compare

View all tags
Malwar v0.1.0 — Initial Release

Malwar v0.1.0

Static analysis engine for detecting malware in agentic AI skill files.

This is the initial release of Malwar — a 4-layer detection pipeline purpose-built for catching malware hidden in natural language skill files (SKILL.md).

Detection Engine

  • 19 detection rules across 7 categories: obfuscation, prompt injection, social engineering, suspicious commands, credential exposure, data exfiltration, known malware
  • 4-layer pipeline: Rule Engine (<50ms) → URL Crawler (1-5s) → LLM Analyzer (2-10s) → Threat Intel (<100ms)
  • Verdict system: MALICIOUS / SUSPICIOUS / CAUTION / CLEAN with 0-100 risk scoring
  • SARIF 2.1.0 output for CI/CD integration

API & CLI

  • 16 REST API endpoints — scan submission, batch scan, results retrieval, SARIF export, signature CRUD, campaigns, reports
  • API key authentication and per-IP rate limiting
  • CLI toolmalwar scan, malwar serve, signature management, database management
  • Webhook notifications for malicious scan results

Web Dashboard

  • React 19 + TypeScript + Vite + Tailwind CSS 4
  • Dashboard with scan stats and severity distribution
  • Scan submission, history, and detail views
  • Signature management and threat campaign tracking
  • Served automatically by the API server

Threat Intelligence

  • ClawHavoc campaign seeded with IOCs: C2 IPs, malicious domains, payload URLs, known threat actor handles
  • Signature database with exact, regex, and IOC pattern matching
  • Campaign attribution linking findings back to organized threats

Infrastructure

  • SQLite storage with async I/O (aiosqlite)
  • Docker multi-stage build with docker-compose
  • CI/CD pipeline via GitHub Actions (lint, type check, test, build)
  • 354 tests, 89% code coverage
  • 37 test fixtures including real-world malicious samples from ClawHub and Snyk research

Quick Start

pip install malwar-0.1.0-py3-none-any.whl
malwar db init
malwar scan SKILL.md
malwar serve  # API + Dashboard at http://localhost:8000

Documentation

Copyright (c) 2026 Veritas Aequitas Holdings LLC. All rights reserved.

Loading