skill-veil-core 0.2.0

Core library for skill-veil behavioral analysis
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

rule SecretToAttackerHostVsVendor
{
    meta:
        description = "Credential leaves to an attacker host, not the skill's own documented vendor API"
        author = "skill-veil"
        version = "1.0"
        category = "data_exfiltration/credential_to_host"
        date = "2026-05-18"
        severity = "high"

    semantics:
        $exfil = "sends a credential or API key to a remote host" (0.45)
        $vendor = "calls its own documented vendor API over https" (0.45)

    condition:
        semantics.$exfil and not semantics.$vendor
}