npm - @pwddd/skills-scanner - Versions diffs - 1.0.0-beta.2 → 1.0.0-beta.21 - Mend

@pwddd/skills-scanner 1.0.0-beta.2 → 1.0.0-beta.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/README.md +3 -45
package/index.ts +13 -266
package/openclaw.plugin.json +1 -11
package/package.json +1 -1
package/skills/skills-scanner/SKILL.md +15 -51
package/src/api-client.ts +32 -2
package/src/before-install-hook.ts +42 -9
package/src/commands.ts +21 -98
package/src/config-validator.ts +0 -16
package/src/config.ts +8 -50
package/src/cron-manager.ts +117 -169
package/src/prompt-guidance.ts +8 -18
package/src/state.ts +0 -17
package/src/types.ts +0 -4
package/src/high-risk-operation-guard.ts +0 -62
package/src/prompt-injection-guard.ts +0 -56
package/src/report.ts +0 -128
package/src/watcher.ts +0 -178

package/src/report.ts DELETED Viewed

@@ -1,128 +0,0 @@
-/**
- * Report generation module
- */
-import { readFileSync, writeFileSync, mkdirSync, rmSync, existsSync, readdirSync, statSync } from "node:fs";
-import { join, basename } from "node:path";
-import { runScan } from "./scanner.js";
-import { loadState, saveState, STATE_DIR } from "./state.js";
-import type { ScanRecord, PluginLogger } from "./types.js";
-export async function buildDailyReport(
-  dirs: string[],
-  behavioral: boolean,
-  apiUrl: string,
-  useLLM: boolean,
-  policy: string,
-  logger: PluginLogger
-): Promise<string> {
-  const now = new Date();
-  const dateStr = now.toLocaleDateString("en-US", {
-    year: "numeric",
-    month: "2-digit",
-    day: "2-digit",
-  });
-  const timeStr = now.toLocaleTimeString("en-US", {
-    hour: "2-digit",
-    minute: "2-digit",
-  });
-  const jsonOut = join(STATE_DIR, `report-${now.toISOString().slice(0, 10)}.json`);
-  mkdirSync(STATE_DIR, { recursive: true });
-  let total = 0;
-  let safe = 0;
-  let unsafe = 0;
-  let errors = 0;
-  const unsafeList: string[] = [];
-  const allResults: ScanRecord[] = [];
-  for (const dir of dirs) {
-    if (!existsSync(dir)) continue;
-    // Find all skills in directory
-    const skills: string[] = [];
-    try {
-      const entries = readdirSync(dir);
-      for (const entry of entries) {
-        const skillPath = join(dir, entry);
-        if (statSync(skillPath).isDirectory() && existsSync(join(skillPath, "SKILL.md"))) {
-          skills.push(skillPath);
-        }
-      }
-    } catch {
-      continue;
-    }
-    for (const skillPath of skills) {
-      try {
-        const res = await runScan("scan", skillPath, {
-          behavioral,
-          detailed: false,
-          apiUrl,
-          useLLM,
-          policy,
-        });
-        const name = basename(skillPath);
-        total++;
-        if (res.exitCode === 0) {
-          safe++;
-          allResults.push({
-            name,
-            path: skillPath,
-            is_safe: true,
-            max_severity: "NONE",
-            findings: 0,
-          });
-        } else {
-          unsafe++;
-          unsafeList.push(name);
-          allResults.push({
-            name,
-            path: skillPath,
-            is_safe: false,
-            max_severity: res.data?.max_severity || "UNKNOWN",
-            findings: res.data?.findings_count || 0,
-          });
-        }
-      } catch (err: any) {
-        errors++;
-        allResults.push({
-          name: basename(skillPath),
-          path: skillPath,
-          error: err.message,
-        });
-      }
-    }
-  }
-  writeFileSync(jsonOut, JSON.stringify(allResults, null, 2));
-  saveState({
-    ...loadState(),
-    lastScanAt: now.toISOString(),
-    lastUnsafeSkills: unsafeList,
-  });
-  const lines = [`🔍 *Skills 安全日报* — ${dateStr} ${timeStr}`, "─".repeat(36)];
-  if (total === 0) {
-    lines.push("📭 未找到任何 Skill，请检查扫描目录。");
-  } else {
-    lines.push(`📊 扫描总计：${total} 个 Skill`);
-    lines.push(`✅ 安全：${safe} 个`);
-    lines.push(`❌ 问题：${unsafe} 个`);
-    if (errors) lines.push(`⚠️  错误：${errors} 个`);
-    if (unsafe > 0) {
-      lines.push("", "🚨 *需要关注的 Skills：*");
-      for (const name of unsafeList) {
-        const r = allResults.find((x) => x.name === name);
-        lines.push(`  • ${name} [${r?.max_severity ?? "?"}] — ${r?.findings ?? "?"} 条发现`);
-      }
-      lines.push("", "💡 运行 `/skills-scanner scan <路径> --detailed` 查看详情");
-    } else {
-      lines.push("", "🎉 所有 Skills 安全，未发现威胁。");
-    }
-  }
-  lines.push("", `📁 完整报告：${jsonOut}`);
-  return lines.join("\n");
-}

package/src/watcher.ts DELETED Viewed

@@ -1,178 +0,0 @@
-/**
- * File watcher module for pre-installation scanning
- */
-import { watch as fsWatch, existsSync, renameSync, rmSync } from "node:fs";
-import { join, basename } from "node:path";
-import { mkdirSync } from "node:fs";
-import { runScan } from "./scanner.js";
-import type { OnUnsafeAction, PluginLogger } from "./types.js";
-// Debounce delay in milliseconds
-const DEBOUNCE_DELAY = 1000; // Increased from 500ms to 1000ms for better stability
-export async function handleNewSkill(
-  skillPath: string,
-  onUnsafe: OnUnsafeAction,
-  behavioral: boolean,
-  apiUrl: string,
-  useLLM: boolean,
-  policy: string,
-  notifyFn: (msg: string) => void,
-  logger: PluginLogger,
-  quarantineDir: string
-): Promise<void> {
-  if (!existsSync(join(skillPath, "SKILL.md"))) return;
-  const name = basename(skillPath);
-  logger.info(`[skills-scanner] 🔍 检测到新 Skill，开始安装前扫描：${name}`);
-  notifyFn(`🔍 检测到新 Skill \`${name}\`，正在安全扫描...`);
-  try {
-    const res = await runScan("scan", skillPath, {
-      behavioral,
-      detailed: true,
-      apiUrl,
-      useLLM,
-      policy,
-    });
-    if (res.exitCode === 0) {
-      notifyFn(`✅ \`${name}\` 安全检查通过，可以正常使用。`);
-      return;
-    }
-    let action = "";
-    try {
-      if (onUnsafe === "quarantine") {
-        mkdirSync(quarantineDir, { recursive: true });
-        const dest = join(quarantineDir, `${name}-${Date.now()}`);
-        renameSync(skillPath, dest);
-        action = `已移入隔离目录：\`${dest}\``;
-      } else if (onUnsafe === "delete") {
-        rmSync(skillPath, { recursive: true, force: true });
-        action = "已自动删除";
-      } else {
-        action = "仅警告，Skill 已保留（请谨慎使用）";
-      }
-    } catch (e: any) {
-      action = `处置失败：${e.message}`;
-      logger.error("[skills-scanner] Failed to handle unsafe skill", {
-        skill: name,
-        error: e.message,
-      });
-    }
-    notifyFn(
-      [
-        `❌ *安全警告：\`${name}\` 未通过扫描*`,
-        `处置：${action}`,
-        "```",
-        res.output.slice(0, 600),
-        "```",
-      ].join("\n")
-    );
-  } catch (err: any) {
-    logger.error("[skills-scanner] Scan failed for new skill", {
-      skill: name,
-      error: err.message,
-      stack: err.stack,
-    });
-    notifyFn(`⚠️ \`${name}\` 扫描失败：${err.message}`);
-  }
-}
-export function startWatcher(
-  dirs: string[],
-  onUnsafe: OnUnsafeAction,
-  behavioral: boolean,
-  apiUrl: string,
-  useLLM: boolean,
-  policy: string,
-  notifyFn: (msg: string) => void,
-  logger: PluginLogger,
-  quarantineDir: string
-): () => void {
-  const timers = new Map<string, NodeJS.Timeout>();
-  const processing = new Set<string>(); // Track files being processed
-  const watchers = dirs.map((dir) => {
-    if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
-    logger.info(`[skills-scanner] 👁  监听目录：${dir}`);
-    const watcher = fsWatch(dir, { persistent: false }, (_evt, filename) => {
-      if (!filename) return;
-      const skillPath = join(dir, filename);
-      // Skip if file doesn't exist or is already being processed
-      if (!existsSync(skillPath) || processing.has(skillPath)) return;
-      // Clear existing timer for this path (debounce)
-      const prev = timers.get(skillPath);
-      if (prev) clearTimeout(prev);
-      // Set new timer with debounce delay
-      timers.set(
-        skillPath,
-        setTimeout(async () => {
-          timers.delete(skillPath);
-          processing.add(skillPath);
-          try {
-            await handleNewSkill(
-              skillPath,
-              onUnsafe,
-              behavioral,
-              apiUrl,
-              useLLM,
-              policy,
-              notifyFn,
-              logger,
-              quarantineDir
-            );
-          } catch (err: any) {
-            logger.error("[skills-scanner] Watcher handler failed", {
-              path: skillPath,
-              error: err.message,
-            });
-          } finally {
-            processing.delete(skillPath);
-          }
-        }, DEBOUNCE_DELAY)
-      );
-    });
-    // Add error handler for watcher
-    watcher.on("error", (error: Error) => {
-      logger.error("[skills-scanner] Watcher error", {
-        directory: dir,
-        error: error.message,
-        stack: error.stack,
-      });
-    });
-    return watcher;
-  });
-  return () => {
-    try {
-      watchers.forEach((w) => {
-        try {
-          w.close();
-        } catch (err: any) {
-          logger.warn("[skills-scanner] Failed to close watcher", {
-            error: err.message,
-          });
-        }
-      });
-      timers.forEach((t) => clearTimeout(t));
-      timers.clear();
-      processing.clear();
-      logger.info("[skills-scanner] 目录监听已停止");
-    } catch (err: any) {
-      logger.error("[skills-scanner] Error stopping watcher", {
-        error: err.message,
-      });
-    }
-  };
-}