Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

$pwd:

python-packaging-binary-audit

Name: Python Packaging Binary Audit
Author: opendatahub-io

// Scan a Python package repository for compiled/binary files using Fromager-style detection and malcontent YARA analysis, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.

Exécuter dans Manus

$ git log --oneline --stat

stars:30

forks:63

updated:29 mai 2026 à 14:57

Explorateur de fichiers

3 fichiers

SKILL.md

readonly

name	python-packaging-binary-audit
description	Scan a Python package repository for compiled/binary files using Fromager-style detection and malcontent YARA analysis, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.
allowed-tools	Bash Read Grep

Python Packaging Binary Audit

Scans a Python package repository for compiled or binary files using Fromager-style extension and magic-header detection, then runs malcontent YARA-based analysis on any detected binaries. Produces a self-contained "Binary Scan" report section with triaged findings and a risk assessment.

Inputs

repo_path (required): Local filesystem path to an already-cloned repository
output_file (optional): Write the report section to this file path instead of returning it inline. The first line of the file must be RISK_RATING:<value> so the orchestrator can parse it without reading the full report.

Step 1: Detect Binaries

Run the binary scanner to find compiled files using Fromager-style extension and magic-header detection:

STAGING_DIR=$(mktemp -d -t malcontent-staging-XXXXXX)
./scripts/scan_binaries.py --stage-to "$STAGING_DIR" "<repo-path>"

This outputs JSON to stdout with total and findings fields. Each finding has: path, match_type (extension or magic_header), suffix, size, and optionally magic (ELF, MachO, ar_archive, etc.).

The --stage-to flag copies detected binaries into a staging directory preserving relative paths for malcontent analysis in the next step.

If the scanner finds zero binaries, skip to the Output section and note "No binary files detected" in the report.

Step 2: Run Malcontent

Run malcontent analysis on the staged binaries:

./scripts/run_malcontent.py "$STAGING_DIR"
malcontent_exit=$?

Check the exit code before proceeding:

Exit 0: malcontent ran successfully. Capture the JSON output with findings.
Exit 2: malcontent (mal) is not installed. Do not fail. Proceed to triage using only the binary scan metadata (extension, magic header, size). Note "malcontent unavailable" in the report output.
Exit 1: malcontent encountered a runtime error (timeout, invalid JSON, or execution failure). Do not fail. Proceed to triage using only the binary scan metadata. Note the error in the report output.

When malcontent is unavailable or fails, the binary scan findings alone still provide value — file paths, types, and sizes are sufficient for the deterministic triage rules that do not depend on malcontent risk levels.

Step 3: Triage

Review binary findings in context. Read relevant source files to understand the purpose of detected binaries. Triage proceeds in two stages: deterministic rules first, then AI reasoning for anything unresolved.

Stage 1 — Deterministic Rules

Apply the following rules before any AI reasoning. These handle the most common clear-cut cases and make the triage reproducible.

Condition	Verdict
Binary is under `third_party/`, `vendor/`, or `extern/` and malcontent risk ≤ medium	PASS — vendored dependency
Binary is under `test/`, `tests/`, `benchmarks/`, or `examples/` and malcontent risk ≤ medium	PASS — test data
Binary suffix is `.ptx`, `.cubin`, `.fatbin`, or path contains `triton/` or `cuda`	PASS — GPU kernel
Malcontent risk is critical	BLOCK
Malcontent flags `remote_access`, `exfiltration`, or `backdoor` capabilities	BLOCK
Binary has no malcontent findings and is only detected by extension/magic header	PASS — opaque-only
Malcontent timed out	REVIEW — partial results, manual inspection recommended

When multiple findings produce different verdicts, the overall precedence is BLOCK > REVIEW > PASS — the most severe verdict wins.

Any finding not resolved by Stage 1 proceeds to Stage 2.

Stage 2 — AI Reasoning

For findings that remain unresolved after deterministic rules, classify each as:

Likely legitimate — binary is a known build artifact (e.g., pre-compiled protobuf, CUDA kernel)
Suspicious — binary has unusual capabilities for the package context (e.g., network access in a math library)
Critical — binary has capabilities strongly indicating malicious intent (e.g., backdoor, data exfiltration)

Step 4: Cleanup

Remove the staging directory when analysis is complete:

if [ -n "${STAGING_DIR}" ] && [ -d "${STAGING_DIR}" ]; then
  rm -rf -- "${STAGING_DIR}"
fi

Output Format

Produce the following markdown section:

## Binary Scan

**Binaries detected:** {N}
**Malcontent status:** {ran successfully | unavailable — findings based on binary scan only | timed out — partial results}

### BLOCK Findings

| File | Type | Size | Malcontent Risk | Capabilities | Triage |
|------|------|------|-----------------|--------------|--------|
| src/lib/backdoor.so | ELF | 24KB | critical | remote_access, exfiltration | BLOCK — critical risk with network capabilities |

### REVIEW Findings

(same table format)

### PASS Findings

(same table format, brief — included for completeness but de-emphasized)

The risk_rating for this phase is one of:

no_issues — No binary files detected
low_risk — All findings classified as "likely legitimate" or PASS
needs_review — One or more findings classified as "suspicious" or REVIEW
critical — One or more findings classified as "critical" or BLOCK

If output_file is provided, write the file with the first line as RISK_RATING:<value> followed by a blank line and then the markdown section above. If output_file is not provided, return the report section inline.

Error Handling

Scenario	Behavior
Binary scan finds zero binaries	Note "No binary files detected", risk_rating = no_issues
Malcontent unavailable (exit code 2)	Triage binary findings using scan metadata only (extension, magic header, size); note malcontent was unavailable
Malcontent times out (exit code 1)	Report partial results; note timeout; REVIEW verdict for affected binaries
Malcontent produces invalid JSON (exit code 1)	Triage binary findings using scan metadata only; note malcontent output error

related-skills.json

même dépôt

python-packaging-git-audit.md

from "opendatahub-io/ai-helpers"

Inspect recent git history of a Python package repository for suspicious commits touching supply-chain-sensitive files, then triage findings with AI reasoning to produce a structured risk report section.

2026-05-2930

python-packaging-security-audit.md

from "opendatahub-io/ai-helpers"

Use this skill to evaluate the security of a Python package repository by orchestrating static analysis, binary scanning, and git history inspection sub-skills in parallel, then combining their results into a unified security report with a risk rating.

2026-05-2930

python-packaging-static-audit.md

from "opendatahub-io/ai-helpers"

Run hexora static analysis on a Python package repository to detect suspicious code patterns, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.

2026-05-2930

non-redhat-rpms.md

from "opendatahub-io/ai-helpers"

Use this skill to identify non-Red Hat RPM packages installed in container images or on the local machine. For containers, pulls images across multiple architectures and release tags; for local scans, inspects the host directly. Extracts RPM signing metadata and reports packages not signed with the Red Hat GPG key as CSV output. Use when auditing compliance, checking supply-chain provenance, or scanning for third-party RPMs in RHOAI component images.

2026-05-2830

github-sync-upstream.md

from "opendatahub-io/ai-helpers"

Sync code from an upstream GitHub repository into a target fork (e.g., opendatahub-io midstream). Detects remotes from the current repo, or clones fresh if run from outside. Fetches upstream, merges into a sync branch, restores protected files, resolves conflicts, and opens a PR to the target GitHub repo. Use when asked to sync upstream, merge upstream changes, or bring a GitHub fork up to date with its upstream source.

2026-05-2630

acli-setup-check.md

from "opendatahub-io/ai-helpers"

Verify acli installation and authentication. Checks if acli is installed, authenticated to Jira, and can query projects. Use when troubleshooting acli issues or setting up acli for the first time.

2026-05-2230

package.json

"author": "opendatahub-io"

"repository": "opendatahub-io/ai-helpers"

Ouvrir le dépôt GitHub Voir les dépôts du créateur

$ install --global

$ download --local

Exécuter dans Manus

name	python-packaging-binary-audit
description	Scan a Python package repository for compiled/binary files using Fromager-style detection and malcontent YARA analysis, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.
allowed-tools	Bash Read Grep

Python Packaging Binary Audit

Inputs

repo_path (required): Local filesystem path to an already-cloned repository
output_file (optional): Write the report section to this file path instead of returning it inline. The first line of the file must be RISK_RATING:<value> so the orchestrator can parse it without reading the full report.

Step 1: Detect Binaries

Run the binary scanner to find compiled files using Fromager-style extension and magic-header detection:

STAGING_DIR=$(mktemp -d -t malcontent-staging-XXXXXX)
./scripts/scan_binaries.py --stage-to "$STAGING_DIR" "<repo-path>"

The --stage-to flag copies detected binaries into a staging directory preserving relative paths for malcontent analysis in the next step.

If the scanner finds zero binaries, skip to the Output section and note "No binary files detected" in the report.

Step 2: Run Malcontent

Run malcontent analysis on the staged binaries:

./scripts/run_malcontent.py "$STAGING_DIR"
malcontent_exit=$?

Check the exit code before proceeding:

Exit 0: malcontent ran successfully. Capture the JSON output with findings.
Exit 2: malcontent (mal) is not installed. Do not fail. Proceed to triage using only the binary scan metadata (extension, magic header, size). Note "malcontent unavailable" in the report output.
Exit 1: malcontent encountered a runtime error (timeout, invalid JSON, or execution failure). Do not fail. Proceed to triage using only the binary scan metadata. Note the error in the report output.

Step 3: Triage

Stage 1 — Deterministic Rules

Apply the following rules before any AI reasoning. These handle the most common clear-cut cases and make the triage reproducible.

Condition	Verdict
Binary is under `third_party/`, `vendor/`, or `extern/` and malcontent risk ≤ medium	PASS — vendored dependency
Binary is under `test/`, `tests/`, `benchmarks/`, or `examples/` and malcontent risk ≤ medium	PASS — test data
Binary suffix is `.ptx`, `.cubin`, `.fatbin`, or path contains `triton/` or `cuda`	PASS — GPU kernel
Malcontent risk is critical	BLOCK
Malcontent flags `remote_access`, `exfiltration`, or `backdoor` capabilities	BLOCK
Binary has no malcontent findings and is only detected by extension/magic header	PASS — opaque-only
Malcontent timed out	REVIEW — partial results, manual inspection recommended

When multiple findings produce different verdicts, the overall precedence is BLOCK > REVIEW > PASS — the most severe verdict wins.

Any finding not resolved by Stage 1 proceeds to Stage 2.

Stage 2 — AI Reasoning

For findings that remain unresolved after deterministic rules, classify each as:

Likely legitimate — binary is a known build artifact (e.g., pre-compiled protobuf, CUDA kernel)
Suspicious — binary has unusual capabilities for the package context (e.g., network access in a math library)
Critical — binary has capabilities strongly indicating malicious intent (e.g., backdoor, data exfiltration)

Step 4: Cleanup

Remove the staging directory when analysis is complete:

if [ -n "${STAGING_DIR}" ] && [ -d "${STAGING_DIR}" ]; then
  rm -rf -- "${STAGING_DIR}"
fi

Output Format

Produce the following markdown section:

## Binary Scan

**Binaries detected:** {N}
**Malcontent status:** {ran successfully | unavailable — findings based on binary scan only | timed out — partial results}

### BLOCK Findings

| File | Type | Size | Malcontent Risk | Capabilities | Triage |
|------|------|------|-----------------|--------------|--------|
| src/lib/backdoor.so | ELF | 24KB | critical | remote_access, exfiltration | BLOCK — critical risk with network capabilities |

### REVIEW Findings

(same table format)

### PASS Findings

(same table format, brief — included for completeness but de-emphasized)

The risk_rating for this phase is one of:

no_issues — No binary files detected
low_risk — All findings classified as "likely legitimate" or PASS
needs_review — One or more findings classified as "suspicious" or REVIEW
critical — One or more findings classified as "critical" or BLOCK

Error Handling

Scenario	Behavior
Binary scan finds zero binaries	Note "No binary files detected", risk_rating = no_issues
Malcontent unavailable (exit code 2)	Triage binary findings using scan metadata only (extension, magic header, size); note malcontent was unavailable
Malcontent times out (exit code 1)	Report partial results; note timeout; REVIEW verdict for affected binaries
Malcontent produces invalid JSON (exit code 1)	Triage binary findings using scan metadata only; note malcontent output error

python-packaging-binary-audit

Python Packaging Binary Audit

Inputs

Step 1: Detect Binaries

Step 2: Run Malcontent

Step 3: Triage

Stage 1 — Deterministic Rules

Stage 2 — AI Reasoning

Step 4: Cleanup

Output Format

Error Handling

Plus depuis ce dépôt

Plus depuis ce dépôt

Python Packaging Binary Audit

Inputs

Step 1: Detect Binaries

Step 2: Run Malcontent

Step 3: Triage

Stage 1 — Deterministic Rules

Stage 2 — AI Reasoning

Step 4: Cleanup

Output Format

Error Handling