npm - @poolzin/pool-bot - Versions diffs - 2026.3.7 → 2026.3.10 - Mend

@poolzin/pool-bot 2026.3.7 → 2026.3.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (150) hide show

package/CHANGELOG.md +40 -0
package/README.md +147 -69
package/dist/.buildstamp +1 -1
package/dist/agents/error-classifier.js +251 -0
package/dist/agents/skills/security.js +211 -0
package/dist/build-info.json +3 -3
package/dist/cli/cron-cli/register.cron-dashboard.js +339 -0
package/dist/cli/cron-cli/register.js +2 -0
package/dist/cli/errors.js +187 -0
package/dist/cli/lazy-commands.example.js +113 -0
package/dist/cli/lazy-commands.js +329 -0
package/dist/cli/program/command-registry.js +26 -0
package/dist/cli/program/register.maintenance.js +21 -0
package/dist/cli/program/register.skills.js +4 -0
package/dist/cli/program/register.subclis.js +9 -0
package/dist/cli/swarm-cli/register.js +8 -0
package/dist/cli/swarm-cli/register.swarm-status.js +488 -0
package/dist/cli/telemetry-cli/register.js +10 -0
package/dist/cli/telemetry-cli/register.telemetry-alerts.js +176 -0
package/dist/cli/telemetry-cli/register.telemetry-metrics.js +323 -0
package/dist/cli/telemetry-cli/register.telemetry-status.js +179 -0
package/dist/commands/doctor-checks.js +498 -0
package/dist/config/config.js +1 -0
package/dist/config/secrets-integration.js +88 -0
package/dist/context-engine/index.js +33 -0
package/dist/context-engine/legacy.js +179 -0
package/dist/context-engine/registry.js +86 -0
package/dist/context-engine/summarizing.js +290 -0
package/dist/context-engine/types.js +7 -0
package/dist/cron/service/timer.js +18 -0
package/dist/gateway/protocol/index.js +5 -2
package/dist/gateway/protocol/schema/error-codes.js +1 -0
package/dist/gateway/protocol/schema/swarm.js +80 -0
package/dist/gateway/protocol/schema.js +1 -0
package/dist/gateway/server-close.js +4 -0
package/dist/gateway/server-constants.js +1 -0
package/dist/gateway/server-cron.js +29 -0
package/dist/gateway/server-maintenance.js +35 -2
package/dist/gateway/server-methods/swarm.js +58 -0
package/dist/gateway/server-methods/telemetry.js +71 -0
package/dist/gateway/server-methods-list.js +8 -0
package/dist/gateway/server-methods.js +9 -2
package/dist/gateway/server.impl.js +33 -16
package/dist/infra/abort-pattern.js +106 -0
package/dist/infra/retry.js +96 -0
package/dist/secrets/index.js +28 -0
package/dist/secrets/resolver.js +185 -0
package/dist/secrets/runtime.js +142 -0
package/dist/secrets/types.js +11 -0
package/dist/security/dangerous-tools.js +80 -0
package/dist/security/types.js +12 -0
package/dist/skills/commands.js +333 -0
package/dist/skills/index.js +164 -0
package/dist/skills/loader.js +282 -0
package/dist/skills/parser.js +446 -0
package/dist/skills/registry.js +394 -0
package/dist/skills/security.js +312 -0
package/dist/skills/types.js +21 -0
package/dist/swarm/service.js +247 -0
package/dist/telemetry/alert-engine.js +258 -0
package/dist/telemetry/cron-instrumentation.js +49 -0
package/dist/telemetry/gateway-instrumentation.js +80 -0
package/dist/telemetry/instrumentation.js +66 -0
package/dist/telemetry/service.js +345 -0
package/dist/test-utils/index.js +219 -0
package/dist/tui/components/assistant-message.js +6 -2
package/dist/tui/components/hyperlink-markdown.js +32 -0
package/dist/tui/components/searchable-select-list.js +12 -1
package/dist/tui/components/user-message.js +6 -2
package/dist/tui/index.js +611 -0
package/dist/tui/theme/theme-detection.js +226 -0
package/dist/tui/tui-command-handlers.js +20 -0
package/dist/tui/tui-formatters.js +4 -3
package/dist/tui/utils/ctrl-c-handler.js +67 -0
package/dist/tui/utils/osc8-hyperlinks.js +208 -0
package/dist/tui/utils/safe-stop.js +180 -0
package/dist/tui/utils/session-key-utils.js +81 -0
package/dist/tui/utils/text-sanitization.js +284 -0
package/dist/utils/lru-cache.js +116 -0
package/dist/utils/performance.js +199 -0
package/dist/utils/retry.js +240 -0
package/docs/INTEGRATION_PLAN.md +475 -0
package/docs/INTEGRATION_SUMMARY.md +215 -0
package/docs/MELHORIAS_IMPLEMENTADAS.md +228 -0
package/docs/MELHORIAS_PROFISSIONAIS.md +282 -0
package/docs/PLANO_ACAO_TUI.md +357 -0
package/docs/PROGRESSO_TUI.md +66 -0
package/docs/RELATORIO_FINAL.md +217 -0
package/docs/diagnostico-shell-completion.md +265 -0
package/docs/features/advanced-memory.md +585 -0
package/docs/features/discord-components-v2.md +277 -0
package/docs/features/swarm.md +100 -0
package/docs/features/telemetry.md +284 -0
package/docs/integrations/HEXSTRIKE_PLAN.md +796 -0
package/docs/integrations/INTEGRATION_PLAN.md +744 -0
package/docs/integrations/PAGE_AGENT_PLAN.md +370 -0
package/docs/integrations/XYOPS_PLAN.md +978 -0
package/docs/models/provider-infrastructure.md +400 -0
package/docs/security/exec-approvals.md +294 -0
package/docs/skills/IMPLEMENTATION_SUMMARY.md +145 -0
package/docs/skills/SKILL.md +524 -0
package/docs/skills.md +405 -0
package/extensions/bluebubbles/package.json +1 -1
package/extensions/copilot-proxy/package.json +1 -1
package/extensions/diagnostics-otel/package.json +1 -1
package/extensions/discord/package.json +1 -1
package/extensions/feishu/package.json +1 -1
package/extensions/google-antigravity-auth/package.json +1 -1
package/extensions/google-gemini-cli-auth/package.json +1 -1
package/extensions/googlechat/package.json +1 -1
package/extensions/hexstrike-bridge/README.md +119 -0
package/extensions/hexstrike-bridge/index.test.ts +247 -0
package/extensions/hexstrike-bridge/index.ts +487 -0
package/extensions/hexstrike-bridge/package.json +17 -0
package/extensions/imessage/package.json +1 -1
package/extensions/irc/package.json +1 -1
package/extensions/line/package.json +1 -1
package/extensions/llm-task/package.json +1 -1
package/extensions/lobster/package.json +1 -1
package/extensions/matrix/CHANGELOG.md +5 -0
package/extensions/matrix/package.json +1 -1
package/extensions/mattermost/package.json +1 -1
package/extensions/mcp-server/index.ts +14 -0
package/extensions/mcp-server/package.json +11 -0
package/extensions/mcp-server/src/service.ts +540 -0
package/extensions/memory-core/package.json +1 -1
package/extensions/memory-lancedb/package.json +1 -1
package/extensions/minimax-portal-auth/package.json +1 -1
package/extensions/msteams/CHANGELOG.md +5 -0
package/extensions/msteams/package.json +1 -1
package/extensions/nextcloud-talk/package.json +1 -1
package/extensions/nostr/CHANGELOG.md +5 -0
package/extensions/nostr/package.json +1 -1
package/extensions/open-prose/package.json +1 -1
package/extensions/openai-codex-auth/package.json +1 -1
package/extensions/signal/package.json +1 -1
package/extensions/slack/package.json +1 -1
package/extensions/telegram/package.json +1 -1
package/extensions/tlon/package.json +1 -1
package/extensions/twitch/CHANGELOG.md +5 -0
package/extensions/twitch/package.json +1 -1
package/extensions/voice-call/CHANGELOG.md +5 -0
package/extensions/voice-call/package.json +1 -1
package/extensions/whatsapp/package.json +1 -1
package/extensions/zalo/CHANGELOG.md +5 -0
package/extensions/zalo/package.json +1 -1
package/extensions/zalouser/CHANGELOG.md +5 -0
package/extensions/zalouser/package.json +1 -1
package/package.json +8 -1
package/skills/example-skill/SKILL.md +195 -0

package/dist/skills/registry.js ADDED Viewed

@@ -0,0 +1,394 @@
+/**
+ * Skills registry
+ * Manages skill discovery, storage, and lifecycle
+ *
+ * @module skills/registry
+ */
+import { readdir } from "node:fs/promises";
+import { join } from "node:path";
+import { EventEmitter } from "node:events";
+import { SkillError, } from "./types.js";
+import { parseSkill, isSkillFile } from "./parser.js";
+import { scanSkill } from "./security.js";
+// ============================================================================
+// Default Configuration
+// ============================================================================
+const DEFAULT_CONFIG = {
+    localPaths: [],
+    autoScan: true,
+    strictSecurity: false,
+    cacheTtlMs: 5 * 60 * 1000, // 5 minutes
+};
+// ============================================================================
+// Skills Registry
+// ============================================================================
+export class SkillsRegistry extends EventEmitter {
+    skills = new Map();
+    config;
+    scanCache = new Map();
+    constructor(config = {}) {
+        super();
+        this.config = { ...DEFAULT_CONFIG, ...config };
+    }
+    // ========================================================================
+    // Event Handling
+    // ========================================================================
+    emitEvent(type, skillId, data) {
+        const event = {
+            type,
+            skillId,
+            timestamp: new Date(),
+            data,
+        };
+        this.emit(type, event);
+    }
+    onSkillEvent(type, handler) {
+        this.on(type, handler);
+    }
+    // ========================================================================
+    // Skill Discovery
+    // ========================================================================
+    /**
+     * Scan all configured paths for skills
+     */
+    async scan() {
+        const errors = [];
+        let loaded = 0;
+        for (const path of this.config.localPaths) {
+            try {
+                const result = await this.scanPath(path);
+                loaded += result.loaded;
+                errors.push(...result.errors);
+            }
+            catch (error) {
+                errors.push(error);
+            }
+        }
+        return { loaded, errors };
+    }
+    /**
+     * Scan a single path for skills
+     */
+    async scanPath(basePath) {
+        const errors = [];
+        let loaded = 0;
+        try {
+            const entries = await readdir(basePath, { withFileTypes: true });
+            for (const entry of entries) {
+                if (!entry.isDirectory())
+                    continue;
+                const skillPath = join(basePath.toString(), entry.name, "SKILL.md");
+                try {
+                    if (await isSkillFile(skillPath)) {
+                        const skill = await parseSkill(skillPath);
+                        // Run security scan if auto-scan enabled
+                        if (this.config.autoScan) {
+                            skill.securityReport = await scanSkill(skill);
+                            skill.verification = skill.securityReport.result;
+                            // Auto-disable if strict security and failed
+                            if (this.config.strictSecurity && skill.verification === "failed") {
+                                skill.enabled = false;
+                                skill.status = "disabled";
+                            }
+                        }
+                        this.skills.set(skill.metadata.id, skill);
+                        this.emitEvent("skill:loaded", skill.metadata.id);
+                        loaded++;
+                    }
+                }
+                catch (error) {
+                    errors.push(new SkillError("LOAD_ERROR", `Failed to load skill from ${skillPath}: ${error}`, entry.name, error));
+                }
+            }
+        }
+        catch (error) {
+            errors.push(error);
+        }
+        return { loaded, errors };
+    }
+    /**
+     * Watch for skill changes (placeholder for future implementation)
+     */
+    async watch() {
+        // TODO: Implement file watching for hot-reload
+        // This would use fs.watch or chokidar
+        throw new SkillError("CONFIG_ERROR", "Watch mode not yet implemented");
+    }
+    // ========================================================================
+    // Skill CRUD
+    // ========================================================================
+    /**
+     * Get a skill by ID
+     */
+    get(id) {
+        return this.skills.get(id);
+    }
+    /**
+     * Get all skills
+     */
+    getAll() {
+        return Array.from(this.skills.values());
+    }
+    /**
+     * Get skill reference (lightweight)
+     */
+    getRef(id) {
+        const skill = this.skills.get(id);
+        if (!skill)
+            return undefined;
+        return {
+            id: skill.metadata.id,
+            name: skill.metadata.name,
+            description: skill.metadata.description,
+            category: skill.metadata.category,
+            tags: skill.metadata.tags,
+            version: skill.metadata.version,
+            status: skill.status,
+            verification: skill.verification,
+            enabled: skill.enabled,
+        };
+    }
+    /**
+     * Get all skill references
+     */
+    getAllRefs() {
+        return this.getAll().map((skill) => ({
+            id: skill.metadata.id,
+            name: skill.metadata.name,
+            description: skill.metadata.description,
+            category: skill.metadata.category,
+            tags: skill.metadata.tags,
+            version: skill.metadata.version,
+            status: skill.status,
+            verification: skill.verification,
+            enabled: skill.enabled,
+        }));
+    }
+    /**
+     * Add or update a skill
+     */
+    async add(skill) {
+        const exists = this.skills.has(skill.metadata.id);
+        this.skills.set(skill.metadata.id, skill);
+        this.emitEvent(exists ? "skill:updated" : "skill:loaded", skill.metadata.id);
+    }
+    /**
+     * Remove a skill
+     */
+    remove(id) {
+        const existed = this.skills.delete(id);
+        if (existed) {
+            this.emitEvent("skill:unloaded", id);
+        }
+        return existed;
+    }
+    /**
+     * Check if skill exists
+     */
+    has(id) {
+        return this.skills.has(id);
+    }
+    // ========================================================================
+    // Skill State Management
+    // ========================================================================
+    /**
+     * Enable a skill
+     */
+    enable(id) {
+        const skill = this.skills.get(id);
+        if (!skill)
+            return false;
+        if (skill.verification === "failed" && this.config.strictSecurity) {
+            throw new SkillError("SECURITY_VIOLATION", `Cannot enable skill ${id}: failed security scan`, id);
+        }
+        skill.enabled = true;
+        skill.status = "installed";
+        this.emitEvent("skill:enabled", id);
+        return true;
+    }
+    /**
+     * Disable a skill
+     */
+    disable(id) {
+        const skill = this.skills.get(id);
+        if (!skill)
+            return false;
+        skill.enabled = false;
+        skill.status = "disabled";
+        this.emitEvent("skill:disabled", id);
+        return true;
+    }
+    /**
+     * Toggle skill enabled state
+     */
+    toggle(id) {
+        const skill = this.skills.get(id);
+        if (!skill)
+            return false;
+        return skill.enabled ? this.disable(id) : this.enable(id);
+    }
+    // ========================================================================
+    // Search
+    // ========================================================================
+    /**
+     * Search skills with filters
+     */
+    search(filters = {}, page = 1, pageSize = 20) {
+        let results = this.getAll();
+        // Apply filters
+        if (filters.category) {
+            results = results.filter((s) => s.metadata.category === filters.category);
+        }
+        if (filters.tags?.length) {
+            results = results.filter((s) => filters.tags.some((tag) => s.metadata.tags.includes(tag)));
+        }
+        if (filters.status) {
+            results = results.filter((s) => s.status === filters.status);
+        }
+        if (filters.verification) {
+            results = results.filter((s) => s.verification === filters.verification);
+        }
+        if (filters.enabledOnly) {
+            results = results.filter((s) => s.enabled);
+        }
+        if (filters.query) {
+            const query = filters.query.toLowerCase();
+            results = results.filter((s) => s.metadata.name.toLowerCase().includes(query) ||
+                s.metadata.description.toLowerCase().includes(query) ||
+                s.metadata.tags.some((t) => t.toLowerCase().includes(query)));
+        }
+        // Pagination
+        const total = results.length;
+        const start = (page - 1) * pageSize;
+        const paginated = results.slice(start, start + pageSize);
+        return {
+            skills: paginated.map((s) => ({
+                id: s.metadata.id,
+                name: s.metadata.name,
+                description: s.metadata.description,
+                category: s.metadata.category,
+                tags: s.metadata.tags,
+                version: s.metadata.version,
+                status: s.status,
+                verification: s.verification,
+                enabled: s.enabled,
+            })),
+            total,
+            page,
+            pageSize,
+        };
+    }
+    /**
+     * Find skills by tag
+     */
+    findByTag(tag) {
+        return this.getAllRefs().filter((s) => s.tags.includes(tag));
+    }
+    /**
+     * Find skills by category
+     */
+    findByCategory(category) {
+        return this.getAllRefs().filter((s) => s.category === category);
+    }
+    // ========================================================================
+    // Statistics
+    // ========================================================================
+    /**
+     * Get registry statistics
+     */
+    getStats() {
+        const skills = this.getAll();
+        const byCategory = {};
+        const byVerification = {};
+        for (const skill of skills) {
+            // Count by category
+            byCategory[skill.metadata.category] = (byCategory[skill.metadata.category] || 0) + 1;
+            // Count by verification
+            byVerification[skill.verification] = (byVerification[skill.verification] || 0) + 1;
+        }
+        return {
+            total: skills.length,
+            enabled: skills.filter((s) => s.enabled).length,
+            disabled: skills.filter((s) => !s.enabled).length,
+            byCategory,
+            byVerification,
+        };
+    }
+    // ========================================================================
+    // Import/Export
+    // ========================================================================
+    /**
+     * Export all skills to JSON
+     */
+    export() {
+        const data = this.getAll().map((skill) => ({
+            metadata: skill.metadata,
+            status: skill.status,
+            verification: skill.verification,
+            enabled: skill.enabled,
+            userConfig: skill.userConfig,
+        }));
+        return JSON.stringify(data, null, 2);
+    }
+    /**
+     * Import skills from JSON
+     */
+    async import(json) {
+        const data = JSON.parse(json);
+        for (const partial of data) {
+            if (!partial.metadata?.id)
+                continue;
+            // Try to reload from source
+            const existing = this.skills.get(partial.metadata.id);
+            if (existing) {
+                // Update state only
+                if (partial.enabled !== undefined) {
+                    existing.enabled = partial.enabled;
+                }
+                if (partial.userConfig) {
+                    existing.userConfig = partial.userConfig;
+                }
+            }
+        }
+    }
+    // ========================================================================
+    // Cleanup
+    // ========================================================================
+    /**
+     * Clear all skills
+     */
+    clear() {
+        for (const id of this.skills.keys()) {
+            this.emitEvent("skill:unloaded", id);
+        }
+        this.skills.clear();
+        this.scanCache.clear();
+    }
+    /**
+     * Dispose of registry resources
+     */
+    dispose() {
+        this.clear();
+        this.removeAllListeners();
+    }
+}
+// ============================================================================
+// Singleton Instance
+// ============================================================================
+let globalRegistry = null;
+/**
+ * Get or create global registry instance
+ */
+export function getRegistry(config) {
+    if (!globalRegistry) {
+        globalRegistry = new SkillsRegistry(config);
+    }
+    return globalRegistry;
+}
+/**
+ * Reset global registry (useful for testing)
+ */
+export function resetRegistry() {
+    globalRegistry?.dispose();
+    globalRegistry = null;
+}

package/dist/skills/security.js ADDED Viewed

@@ -0,0 +1,312 @@
+/**
+ * Skill security scanner
+ * Detects potential security issues in skill files
+ *
+ * @module skills/security
+ */
+// ============================================================================
+// Constants
+// ============================================================================
+const SCANNER_VERSION = "1.0.0";
+// Patterns that indicate potential security issues
+const PATTERNS = [
+    // Prompt injection attempts
+    {
+        type: "prompt_injection",
+        severity: "critical",
+        pattern: /ignore\s+(?:previous|above|prior)|disregard\s+(?:instructions?|prompt)|system\s*:\s*you\s+are|new\s+instructions?\s*:/i,
+        description: "Potential prompt injection attempt detected",
+        remediation: "Review skill content for malicious instruction overrides",
+    },
+    {
+        type: "prompt_injection",
+        severity: "high",
+        pattern: /\[\s*system\s*\]|\(\s*system\s*\)|\{\s*system\s*\}|\bDAN\b|do\s+anything\s+now/i,
+        description: "Suspicious system role reference",
+        remediation: "Verify skill doesn't attempt to override system behavior",
+    },
+    // Command injection
+    {
+        type: "command_injection",
+        severity: "critical",
+        pattern: /(?:bash|sh|zsh|cmd|powershell)\s+-c\s+["']|exec\s*\(|eval\s*\(|system\s*\(/i,
+        description: "Potential command injection pattern",
+        remediation: "Avoid executing arbitrary shell commands from skill content",
+    },
+    {
+        type: "command_injection",
+        severity: "high",
+        pattern: /`[^`]*(?:rm|del|format|mkfs|dd|wget|curl|fetch)[^`]*`|\$\([^)]*(?:rm|del|wget|curl)[^)]*\)/i,
+        description: "Dangerous command in template literal",
+        remediation: "Review shell command usage for safety",
+    },
+    // Path traversal
+    {
+        type: "path_traversal",
+        severity: "high",
+        pattern: /\.\.[/\\]|\.\.%2f|\.\.%5c|%2e%2e[/\\]/i,
+        description: "Path traversal attempt detected",
+        remediation: "Validate and sanitize all file paths",
+    },
+    // Suspicious patterns
+    {
+        type: "suspicious_pattern",
+        severity: "medium",
+        pattern: /(?:password|secret|token|key|credential)\s*=\s*["'][^"']{8,}["']/i,
+        description: "Hardcoded credential-like pattern",
+        remediation: "Use environment variables or secure secret storage",
+    },
+    {
+        type: "suspicious_pattern",
+        severity: "medium",
+        pattern: /base64\s*\(\s*["'][^"']{20,}["']\s*\)|atob\s*\(|btoa\s*\(/i,
+        description: "Suspicious encoding/decoding pattern",
+        remediation: "Verify encoding is not used to obfuscate malicious content",
+    },
+    // External dependencies
+    {
+        type: "external_dependency",
+        severity: "low",
+        pattern: /(?:npm|pip|gem|cargo|go\s+get)\s+install/i,
+        description: "External package installation mentioned",
+        remediation: "Verify all external dependencies are trustworthy",
+    },
+    // Permission requests
+    {
+        type: "permission_request",
+        severity: "medium",
+        pattern: /(?:sudo|administrator|root|elevated|privileged)\s*(?:access|permission|required|needed)/i,
+        description: "Elevated permissions mentioned",
+        remediation: "Ensure elevated permissions are truly necessary",
+    },
+    // Network access
+    {
+        type: "network_access",
+        severity: "low",
+        pattern: /(?:http|https|ftp|ssh|telnet):\/\/|(?:fetch|axios|request|curl)\s*\(/i,
+        description: "Network access pattern detected",
+        remediation: "Verify all network requests are legitimate",
+    },
+    // File system access
+    {
+        type: "file_system_access",
+        severity: "low",
+        pattern: /(?:fs\.|file|readFile|writeFile|appendFile|unlink|mkdir|rmdir)\s*\(/i,
+        description: "File system access pattern detected",
+        remediation: "Validate file operations are scoped appropriately",
+    },
+];
+// Content limits
+const MAX_CONTENT_LENGTH = 1024 * 1024; // 1MB
+const MAX_LINE_LENGTH = 1000;
+// ============================================================================
+// Scanner Implementation
+// ============================================================================
+/**
+ * Scan skill content for security issues
+ */
+export async function scanSkill(skill) {
+    const startTime = Date.now();
+    const findings = [];
+    // Combine all content for scanning
+    const contentToScan = [
+        skill.metadata.name,
+        skill.metadata.description,
+        skill.content.usage,
+        skill.content.quickstart,
+        skill.content.configuration,
+        skill.content.environment,
+        skill.content.examples,
+        skill.content.api,
+        skill.content.troubleshooting,
+    ]
+        .filter(Boolean)
+        .join("\n\n");
+    // Check content size
+    if (contentToScan.length > MAX_CONTENT_LENGTH) {
+        findings.push({
+            type: "suspicious_pattern",
+            severity: "medium",
+            description: `Skill content exceeds maximum size (${contentToScan.length} > ${MAX_CONTENT_LENGTH})`,
+            location: "content",
+            remediation: "Consider splitting large skills into smaller modules",
+        });
+    }
+    // Scan line by line for better location reporting
+    const lines = contentToScan.split("\n");
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        // Check line length
+        if (line.length > MAX_LINE_LENGTH) {
+            findings.push({
+                type: "suspicious_pattern",
+                severity: "low",
+                description: `Line ${lineNum + 1} exceeds maximum length`,
+                location: `line:${lineNum + 1}`,
+                remediation: "Break long lines for readability and safety",
+            });
+        }
+        // Check against patterns
+        for (const { type, severity, pattern, description, remediation } of PATTERNS) {
+            if (pattern.test(line)) {
+                findings.push({
+                    type,
+                    severity,
+                    description,
+                    location: `line:${lineNum + 1}`,
+                    remediation,
+                    evidence: line.trim().slice(0, 100), // First 100 chars
+                });
+            }
+        }
+    }
+    // Check linked files
+    for (const linkedFile of skill.linkedFiles) {
+        // Flag executable files
+        if (/\.(exe|bat|cmd|sh|bin|app)$/i.test(linkedFile.path)) {
+            findings.push({
+                type: "suspicious_pattern",
+                severity: "high",
+                description: `Linked executable file detected: ${linkedFile.path}`,
+                location: `linked:${linkedFile.path}`,
+                remediation: "Review executable content before execution",
+            });
+        }
+        // Flag scripts
+        if (/\.(js|ts|py|rb|pl|php)$/i.test(linkedFile.path)) {
+            findings.push({
+                type: "external_dependency",
+                severity: "low",
+                description: `Linked script file: ${linkedFile.path}`,
+                location: `linked:${linkedFile.path}`,
+                remediation: "Review script content for safety",
+            });
+        }
+    }
+    // Determine overall result
+    const hasCritical = findings.some((f) => f.severity === "critical");
+    const hasHigh = findings.some((f) => f.severity === "high");
+    const hasWarnings = findings.some((f) => f.severity === "medium" || f.severity === "low");
+    let result;
+    if (hasCritical) {
+        result = "failed";
+    }
+    else if (hasHigh) {
+        result = "failed";
+    }
+    else if (hasWarnings) {
+        result = "warning";
+    }
+    else {
+        result = "verified";
+    }
+    const durationMs = Date.now() - startTime;
+    return {
+        scannedAt: new Date(),
+        result,
+        findings,
+        durationMs,
+        scannerVersion: SCANNER_VERSION,
+    };
+}
+/**
+ * Quick scan for critical issues only
+ */
+export async function quickSecurityCheck(skill) {
+    const criticalPatterns = PATTERNS.filter((p) => p.severity === "critical" || p.severity === "high");
+    const contentToScan = [
+        skill.metadata.name,
+        skill.metadata.description,
+        skill.content.usage,
+        skill.content.quickstart,
+    ]
+        .filter(Boolean)
+        .join("\n");
+    for (const { pattern } of criticalPatterns) {
+        if (pattern.test(contentToScan)) {
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * Get security summary for display
+ */
+export function getSecuritySummary(report) {
+    const counts = {
+        critical: 0,
+        high: 0,
+        medium: 0,
+        low: 0,
+        info: 0,
+    };
+    for (const finding of report.findings) {
+        counts[finding.severity]++;
+    }
+    let status;
+    let color;
+    let summary;
+    switch (report.result) {
+        case "verified":
+            status = "✓ Verified";
+            color = "green";
+            summary = "No security issues found";
+            break;
+        case "warning":
+            status = "⚠ Warning";
+            color = "yellow";
+            summary = `${counts.medium + counts.low} warning(s) found`;
+            break;
+        case "failed":
+            status = "✗ Failed";
+            color = "red";
+            summary = `${counts.critical + counts.high} critical issue(s) found`;
+            break;
+        default:
+            status = "? Unverified";
+            color = "gray";
+            summary = "Not yet scanned";
+    }
+    return { status, color, summary, counts };
+}
+/**
+ * Format security findings for display
+ */
+export function formatFindings(findings) {
+    if (findings.length === 0) {
+        return ["No security issues found."];
+    }
+    const lines = [];
+    // Group by severity
+    const bySeverity = {
+        critical: [],
+        high: [],
+        medium: [],
+        low: [],
+        info: [],
+    };
+    for (const finding of findings) {
+        bySeverity[finding.severity].push(finding);
+    }
+    for (const severity of ["critical", "high", "medium", "low", "info"]) {
+        const group = bySeverity[severity];
+        if (group.length === 0)
+            continue;
+        lines.push(`\n${severity.toUpperCase()} (${group.length}):`);
+        for (const finding of group) {
+            lines.push(`  [${finding.type}] ${finding.description}`);
+            lines.push(`    Location: ${finding.location}`);
+            if (finding.evidence) {
+                lines.push(`    Evidence: ${finding.evidence}`);
+            }
+            if (finding.remediation) {
+                lines.push(`    Fix: ${finding.remediation}`);
+            }
+        }
+    }
+    return lines;
+}
+// ============================================================================
+// Export patterns for testing
+// ============================================================================
+export { PATTERNS };