@goplus/agentguard 1.0.11 → 1.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +8 -8
  2. package/skills/agentguard/SKILL.md +40 -21
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@goplus/agentguard",
3
- "version": "1.0.11",
3
+ "version": "1.0.14",
4
4
  "description": "GoPlus AgentGuard — Security guard for AI agents. Blocks dangerous commands, prevents data leaks, protects secrets. 20 detection rules, runtime action evaluation, trust registry.",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -43,15 +43,15 @@
43
43
  "node": ">=18.0.0"
44
44
  },
45
45
  "dependencies": {
46
- "@modelcontextprotocol/sdk": "^1.0.0",
47
- "axios": "^1.6.7",
48
- "commander": "^12.0.0",
49
- "glob": "^10.3.10",
50
- "zod": "^3.25.32"
46
+ "@modelcontextprotocol/sdk": "1.29.0",
47
+ "axios": "1.14.0",
48
+ "commander": "12.1.0",
49
+ "glob": "13.0.6",
50
+ "zod": "3.25.76"
51
51
  },
52
52
  "devDependencies": {
53
- "@types/node": "^20.11.24",
54
- "typescript": "^5.3.3"
53
+ "@types/node": "22.19.15",
54
+ "typescript": "5.7.3"
55
55
  },
56
56
  "homepage": "https://github.com/GoPlusSecurity/agentguard#readme",
57
57
  "bugs": {
package/skills/agentguard/SKILL.md CHANGED
@@ -8,7 +8,7 @@ metadata:
8
8
  version: "1.1"
9
9
  optional_env: "GOPLUS_API_KEY, GOPLUS_API_SECRET (for Web3 transaction simulation only)"
10
10
  user-invocable: true
11
- allowed-tools: Read, Grep, Glob, Bash(node scripts/trust-cli.ts *) Bash(node scripts/action-cli.ts *) Bash(node scripts/checkup-report.js) Bash(openclaw *) Bash(ss *) Bash(lsof *) Bash(ufw *) Bash(iptables *) Bash(crontab *) Bash(systemctl list-timers *) Bash(find *) Bash(stat *) Bash(env) Bash(sha256sum *)
11
+ allowed-tools: Read, Grep, Glob, Bash(node *trust-cli.ts *) Bash(node *action-cli.ts *) Bash(*checkup-report.js) Bash(echo *checkup-report.js) Bash(cat *checkup-report.js) Bash(openclaw *) Bash(ss *) Bash(lsof *) Bash(ufw *) Bash(iptables *) Bash(crontab *) Bash(systemctl list-timers *) Bash(find *) Bash(stat *) Bash(env) Bash(sha256sum *) Bash(node *) Bash(cd *)
12
12
  argument-hint: "[scan|action|patrol|trust|report|config|checkup] [args...]"
13
13
  ---
14
14
 
@@ -16,6 +16,19 @@ argument-hint: "[scan|action|patrol|trust|report|config|checkup] [args...]"
16
16
 
17
17
  You are a security auditor powered by the GoPlus AgentGuard framework. Route the user's request based on the first argument.
18
18
 
19
+ ## Important: Resolving Script Paths
20
+
21
+ All commands in this skill reference `scripts/` as a relative path. You **MUST** resolve this to the absolute path of this skill's directory before running any command. To find the skill directory:
22
+
23
+ 1. This SKILL.md file's parent directory **is** the skill directory
24
+ 2. If this file is at `/path/to/agentguard/SKILL.md`, then scripts are at `/path/to/agentguard/scripts/`
25
+ 3. Before running any `node scripts/...` command, **always `cd` into the skill directory first**, or use the full absolute path
26
+
27
+ Example: if this SKILL.md is at `~/.openclaw/skills/agentguard/SKILL.md`, run:
28
+ ```bash
29
+ cd ~/.openclaw/skills/agentguard && node scripts/checkup-report.js
30
+ ```
31
+
19
32
  ## Command Routing
20
33
 
21
34
  Parse `$ARGUMENTS` to determine the subcommand:
@@ -721,12 +734,12 @@ Assemble the results into a JSON object and pipe it to the report generator:
721
734
  }
722
735
  ```
723
736
 
724
- Execute:
737
+ Execute (remember to `cd` into the skill directory first — see "Resolving Script Paths" above):
725
738
  ```bash
726
- echo '<json>' | node scripts/checkup-report.js
739
+ cd <skill_directory> && echo '<json>' | node scripts/checkup-report.js
727
740
  ```
728
741
 
729
- The script outputs the HTML file path to stdout and opens it in the browser automatically.
742
+ The script outputs the HTML file path to stdout (e.g. `/tmp/agentguard-checkup-1234567890.html`). Capture this path — you will need it for delivery in Step 6.
730
743
 
731
744
  ### Step 5: Terminal Summary
732
745
 
@@ -754,28 +767,34 @@ After the report generates, output a brief summary in the terminal:
754
767
 
755
768
  ### Step 6: Deliver the Report to the User
756
769
 
757
- After printing the terminal summary, deliver the HTML report file to the user. Detect the current channel and use the most appropriate method:
770
+ After printing the terminal summary, deliver the HTML report file. You **MUST** always output the `MEDIA:` token, and then also deliver via the appropriate channel method.
771
+
772
+ #### 6a. MEDIA token (required — always do this)
773
+
774
+ Output the following line on its **own line** in your response:
775
+
776
+ ```
777
+ MEDIA:<file_path>
778
+ ```
779
+
780
+ For example: `MEDIA:/tmp/agentguard-checkup-1234567890.html`
758
781
 
759
- **Detection logic** infer from context clues:
760
- - If the `Write` tool is available and you can write to `~/Desktop` or `~/Downloads` → you are in **Claude Code (local)**
761
- - If you can produce artifact/file outputs (rich UI, download button) → you are in **Claude.ai web**
762
- - If neither is clearly available → you are in **API / headless mode**
782
+ This is how platforms like OpenClaw automatically deliver the file as a Telegram/Discord/WhatsApp attachment via `sendDocument`. The platform strips this line from visible text — the user won't see it. **Always output this regardless of what channel you think you're in.**
763
783
 
764
- **Delivery by channel:**
784
+ #### 6b. Channel-specific delivery (in addition to MEDIA token)
765
785
 
766
- 1. **Claude Code (local desktop)**
767
- - Use the `Write` tool to copy the HTML to `~/Desktop/agentguard-checkup-<YYYY-MM-DD>.html`
768
- - Tell the user: "✅ Report saved to your Desktop: `agentguard-checkup-<date>.html` — double-click to open it in your browser."
769
- - The browser should already be open from Step 4. If not, run `open ~/Desktop/agentguard-checkup-<date>.html` (macOS) or `xdg-open` (Linux).
786
+ **Claude Code (local desktop)**
787
+ - The browser should already be open from Step 4.
788
+ - Also copy to Desktop: `cp <file_path> ~/Desktop/agentguard-checkup-$(date +%Y-%m-%d).html`
789
+ - Tell the user: "✅ Report saved to your Desktop and opened in browser."
770
790
 
771
- 2. **Claude.ai web**
772
- - Read the generated HTML file using the `Read` tool, then output the full HTML content as a **code artifact** (language: `html`) so the user can preview it inline or download it.
773
- - Tell the user: "✅ Your report is attached above — click the download icon to save it."
791
+ **Claude.ai web**
792
+ - Read the generated HTML file and output it as a **code artifact** (language: `html`).
793
+ - Tell the user: "✅ Your report is attached above — click the download icon to save it."
774
794
 
775
- 3. **API / headless / MCP**
776
- - Read the generated HTML file and return the full content inline, prefixed with:
777
- `<!-- AgentGuard Checkup Report | Score: <n>/100 | <date> -->`
778
- - Also print the file path so the caller can retrieve it from disk.
795
+ **API / headless / Telegram / other**
796
+ - The `MEDIA:` token above handles file delivery automatically.
797
+ - Also print the file path for reference.
779
798
 
780
799
  Regardless of channel, always end with:
781
800
  ```