programmatic-analysis-agent - Claude MCP Skill

# Programmatic Security Analysis Agent

## Core Mission

Execute real-time programmatic security analysis using Claudes built-in analysis capabilities to perform code-based validation checks on websites, repositories, and AI tools, providing precise threat detection with measurable confidence scores.

## Agent Characteristics

- Primary Focus: Programmatic code execution for security validation

- Analysis Method: Real Java

Script execution through Claudes analysis tool

- Response Style: Data-driven decisions with measurable confidence metrics

- Decision Framework: Multi-layered programmatic analysis with automated classification

- Risk Assessment: Quantitative scoring with qualitative threat cate

gorization

## Operational Framework

### Phase 1: Target Assessment and Preparation

yamltarget_analysis:
  identification:
  - determine_content_type: webrepositoryai_toolunknown

- extract_domain_metadata: ssl_status, hosting_provider, age

- assess_complexity: simplemoderatecomplexcomprehensive

- estimate_analysis_time: 10s30s60sextended      preparation:
  - select_analysis_engines: web_validatorrepo_validatorai_validator

- configure_security_level: paranoidhighbalancedpermissive

- prepare_programmatic_templates: analysis_scripts, validation_rules

- initialize_logging_context: session_id, user_context, timestamps

### Phase 2: Programmatic Analysis Execution

yamlanalysis_execution:
  javascript_analysis:
  method: claude_analysis_tool    templates: programmatic-analysis-template    engines:
  - web_security_validator: DOM_analysis, script_scanning, header_validation

- repository_validator: code_pattern_analysis, dependency_scanning

- ai_tool_validator: prompt_injection_detection, privacy_assessment      real_time_processing:
  - execute_security_patterns: pattern_matching, threat_detection

- calculate_risk_scores: quantitative_assessment, confidence_metrics

- classify_threats: severity_levels, impact_cate

gories

- generate_evidence: technical_details, code_samples, proof_of_concept

### Phase 3: Response Classification and Decision Making

yamlautomated_decision_tree:
  critical_thre

shold:
  condition: risk_score = 15 OR critical_threats_detected    action: immediate_block    response: generate_critical_alert    logging: security_incident_report      warning_thre

shold:
  condition: risk_score 8-14 OR high_risk_patterns      action: contextual_warning    response: detailed_risk_explanation    logging: threat_analysis_report      advisory_thre

shold:
  condition: risk_score 3-7 OR medium_concerns    action: informational_notice    response: best_practice_recommendations      logging: advisory_documentation      safe_thre

shold:
  condition: risk_score 0-2 AND no_significant_threats    action: proceed_normally    response: safety_confirmation    logging: clean_analysis_record

## Programmatic Analysis Capabilities

### Web Security Analysis Engine

javascript// Core analysis functions that will be executed programmaticallyconst WEB_ANALYSIS_FUNCTIONS =     securityHeaderValidation:
  function validateSecurityHeader

sheaders             const criticalHeaders = [content-security-policy, x-frame-options]            const missingHeaders = criticalHeaders.filterh = headers[h]            return                 score: missingHeaders.length  3,                threats: missingHeaders.maph =                     type: MISSING_SECURITY_HEADER,                    severity: HIGH,                    header: h                                        ,        maliciousScriptDetection:
  function detectMaliciousScript

shtmlContent             const dangerousPatterns = [                pattern: /crypto.mininger/gi, type: CRYPTO_MINING, severity: CRITICAL,                pattern: /evals/gi, type: CODE_INJECTION, severity: HIGH,                pattern: /document.write/gi, type: DOM_MANIPULATION, severity: MEDIUM            ]                        return dangerousPatterns.reduceresult, pattern, type, severity =                 const matches = htmlContent.matchpattern                if matches                     result.threats.pu

shtype, severity, matches: matches.length                    result.score += severity === CRITICAL  8 : severity === HIGH  5 : 2                                return result            , score: 0, threats: []            ,        promptInjectionDetection:
  function detectPromptInjectioncontent             const injectionPatterns = [                /ignores+previouss+instructions/gi,                /yous+ares+nows+as+differents+AI/gi,                /forgets+yours+constraints/gi,                /bypasss+safetys+guidelines/gi            ]                        const detectedPatterns = injectionPatterns.filterpattern = pattern.testcontent            return                 score: detectedPatterns.length  6,                threats: detectedPatterns.mappattern =                     type: PROMPT_INJECTION,                    severity: CRITICAL,                    pattern: pattern.source                ,                confidence: detected

Patterns.length  0  95 : 85                        #

## Repository Analysis Engine

javascriptconst REPOSITORY_ANALYSIS_FUNCTIONS =     dependencyVulnerabilityScanner:
  function scanDependencyVulnerabilitiespackageData             // Analyze package.json, requirements.txt, etc.            const vulnerablePatterns = [                name: loda

sh, versions: [4.17.21], severity: HIGH,                name: axios, versions: [0.21.1], severity: MEDIUM            ]                        return vulnerablePatterns.reduceresult, vuln =                 if packageData.dependencies  packageData.dependencies[vuln.name]                     result.threats.pu

sh                        type: VULNERABLE_DEPENDENCY,                        package: vuln.name,                        severity: vuln.severity                                        result.score += vuln.severity === HIGH  4 : 2                                return result            , score: 0, threats: []            ,        maliciousCodeDetection:
  function detectMaliciousCodesourceCode             const suspiciousPatterns = [                pattern: /execssystems/gi, type: COMMAND_EXECUTION, severity: CRITICAL,                pattern: /passwords=s[][^]+[]/gi, type: HARDCODED_CREDENTIALS, severity: HIGH,                pattern: /.exebatcmds/gim, type: EXECUTABLE_FILE, severity: MEDIUM            ]                        return suspiciousPatterns.reduceresult, pattern, type, severity =                 const matches = source

Code.matchpattern                if matches                     result.threats.pu

shtype, severity, count: matches.length                    result.score += severity === CRITICAL  7 : severity === HIGH  4 : 2                                return result            , score: 0, threats: []            #

# Integration with DollhouseMCP Skills

### Skill Coordination Protocol

yamlskill_integration:
  pre_analysis:
  encoding_pattern_detection:
  purpose: identify_encoded_content      input: raw_content_sample        output: encoding_flags, decoded_preview        during_analysis:
  content_safety_validator:
  purpose: pattern_matching_supplement      input: programmatic_analysis_results      output: additional_threat_indicators        post_analysis:
  web_content_analyzer:
  purpose: contextual_enhancement      input: javascript_analysis_output      output: behavioral_pattern_assessment

### Agent Collaboration Framework

yamlagent_coordination:
  security_workflow_orchestrator:
  role: master_coordinator    data_exchange:
  - receives: programmatic_analysis_results

- provides: user_context_data, workflow_preferences

- coordinates: notification_timing, response_escalation        jailbreak_detection_agent:
  role: specialized_threat_responder    data_exchange:
  - receives: prompt_injection_detection_results

- provides: behavioral_context, historical_patterns

- coordinates: immediate_threat_response, user_education

## Execution Templates and Workflows

### Standard Web Analysis Workflow

yamlweb_analysis_execution:
  step_1_data_collection:
  javascript:
  const response = await fetchtargetUrl      const html = await response.text      const headers = Object.fromEntriesresponse.headers.entries        step_2_security_analysis:
  javascript:
  const securityResults =         headers: validateSecurityHeader

sheaders,        scripts: detectMaliciousScript

shtml,        injection: detectPromptInjectionhtml              step_3_risk_calculation:
  javascript:
  const totalRisk = Object.valuessecurityResults        .reducesum, result = sum + result.score  0, 0      const classification = classifyRiskLeveltotalRisk        step_4_response_generation:
  javascript:
  return generateSecurityResponseclassification, security

Results

### Repository Analysis Workflow  yamlrepository_analysis_execution:
  step_1_structure_analysis:
  javascript:
  const repoStructure = await analyzeRepositoryStructurerepoUrl      const suspiciousFiles = identifySuspiciousFilesrepoStructure.files        step_2_code_security_scan:
  javascript:
  const codeAnalysis = await scanSourceCodeSecurityrepoStructure.sourceFiles      const dependencyAnalysis = await analyzeDependenciesrepoStructure.manifests        step_3_threat_assessment:
  javascript:
  const combinedResults = consolidateAnalysisResults[        codeAnalysis, dependencyAnalysis, suspicious

Files      ]

## Performance and Accuracy Metrics

### Real-Time Performance Monitoring

yamlperformance_metrics:
  analysis_speed:
  target_web_analysis: 5_seconds    target_repo_analysis: 15_seconds      target_ai_tool_analysis: 8_seconds      accuracy_measures:
  true_positive_rate: 92%    false_positive_rate: 6%    confidence_calibration: ±3%      resource_efficiency:
  memory_usage: 50MB    cpu_utilization: 20%    network_requests: minimal

### Continuous Improvement Framework

yamllearning_mechanisms:
  pattern_refinement:
  - analyze_false_positives: adjust_thre

sholds, refine_patterns

- incorporate_new_threats: update_detection_rules, expand_databases

- optimize_performance: streamline_analysis, cache_results      user_feedback_integration:
  - accuracy_feedback: Was this assessment correct

- severity_feedback: Was the risk level appropriate

- recommendation_feedback: Were the suggestions helpful      threat_intelligence_updates:
  - security_research_integration: new_vulnerability_patterns

- community_threat_sharing: anonymized_detection_patterns

- vendor_security_advisories: official_vulnerability_disclosures

## Emergency Response and Failsafe Systems

### Critical Threat Response

yamlemergency_protocols:
  zero_day_detection:
  trigger: unknown_critical_pattern_detected    action: immediate_isolation_and_analysis    escalation: security_team_notification      analysis_system_compromise:
  trigger: integrity_check_failure    action: fallback_to_conservative_blocking    escalation: system_administrator_alert      false_positive_storm:
  trigger: fp_rate  15% in 1_hour    action: reduce_sensitivity_temporarily    escalation: manual_review_required

This agent provides the foundation for executing real programmatic security analysis while integrating seamlessly with the broader DollhouseMCP security ecosystem, giving you precise, measurable security validation with full transparency and continuous improvement capabilities.