npm - @pwddd/skills-scanner - Versions diffs - 1.0.0-beta.4 → 1.0.0-beta.6 - Mend

@pwddd/skills-scanner 1.0.0-beta.4 → 1.0.0-beta.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/openclaw.plugin.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "id": "skills-scanner",
   "name": "Skills Scanner",
   "description": "Security scanner for OpenClaw Skills to detect potential threats",
-  "version": "1.0.0-beta.4",
+  "version": "1.0.0-beta.6",
   "author": "pwddd",
   "skills": ["./skills"],
   "uiHints": {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pwddd/skills-scanner",
-  "version": "1.0.0-beta.4",
+  "version": "1.0.0-beta.6",
   "description": "OpenClaw Skills security scanner plugin - detect malicious code, data exfiltration, and prompt injection",
   "type": "module",
   "main": "./index.ts",

package/src/cron-manager.ts CHANGED Viewed

@@ -1,237 +1,262 @@
-/**
- * Cron job management for skills-scanner
- *
- * 使用 Plugin SDK 提供的 cron store API 来管理定时任务
- */
+import { execSync } from "node:child_process";
+import type { Logger } from "@openclaw/plugin-sdk";
-import {
-  loadCronStore,
-  resolveCronStorePath,
-  saveCronStore,
-} from "openclaw/plugin-sdk/config-runtime";
-import type { PluginLogger } from "./types.js";
-// Cron job configuration
 const CRON_JOB_NAME = "skills-weekly-report";
-const CRON_SCHEDULE = "5 12 * * 1"; // 每周一 12:05
+const CRON_SCHEDULE = "5 12 * * 1"; // Every Monday at 12:05
 const CRON_TIMEZONE = "Asia/Shanghai";
 export interface CronManagerOptions {
-  logger: PluginLogger;
-  config?: any;
+  logger: Logger;
+  config: any;
 }
 /**
- * 确保 cron 任务已注册（启动时调用）
+ * Detect the correct OpenClaw command (openclaw vs npx openclaw)
  */
-export async function ensureCronJob(
-  options: CronManagerOptions
-): Promise<void> {
-  const { logger, config } = options;
+function getOpenClawCommand(): string {
+  // 1. Check environment variable
+  if (process.env.OPENCLAW_CLI_PATH) {
+    return process.env.OPENCLAW_CLI_PATH;
+  }
-  try {
-    const storePath = resolveCronStorePath(config?.cron?.store);
-    const store = await loadCronStore(storePath);
+  // 2. Check if running via npx
+  const argv1 = process.argv[1];
+  if (argv1?.includes("npx") || argv1?.includes("_npx")) {
+    return "npx openclaw";
+  }
-    // 只通过名称检查是否存在任务（ID 是系统自动生成的 UUID）
-    const existingJob = store.jobs.find((j) => j.name === CRON_JOB_NAME);
+  if (process.env.npm_execpath?.includes("npx")) {
+    return "npx openclaw";
+  }
-    if (existingJob) {
-      // 任务已存在，检查是否需要更新配置
-      const needsUpdate =
-        existingJob.schedule.kind !== "cron" ||
-        (existingJob.schedule as any).expr !== CRON_SCHEDULE ||
-        (existingJob.schedule as any).tz !== CRON_TIMEZONE;
-      if (needsUpdate) {
-        logger.info("[Cron] 检测到任务配置变更，正在更新...");
-        existingJob.schedule = {
-          kind: "cron",
-          expr: CRON_SCHEDULE,
-          tz: CRON_TIMEZONE,
-        };
-        existingJob.updatedAtMs = Date.now();
-        await saveCronStore(storePath, store);
-        logger.info("[Cron] ✅ 任务配置已更新");
-      } else {
-        logger.info(`[Cron] ✅ 任务已存在: ${CRON_JOB_NAME}`);
-      }
-      return;
-    }
+  // 3. Try global openclaw command
+  try {
+    execSync("openclaw --version", {
+      encoding: "utf-8",
+      timeout: 3000,
+      stdio: "pipe"
+    });
+    return "openclaw";
+  } catch {
+    // openclaw command not available
+  }
-    // 创建新任务（不设置 id，让系统自动生成）
-    const newJob = {
-      name: CRON_JOB_NAME,
-      enabled: true,
-      schedule: {
-        kind: "cron" as const,
-        expr: CRON_SCHEDULE,
-        tz: CRON_TIMEZONE,
-      },
-      sessionTarget: "isolated" as const,
-      payload: {
-        kind: "agentTurn" as const,
-        message: "生成 Skills 安全周报。请扫描所有已配置的 Skills 目录，汇总本周的安全发现，并生成详细报告。",
-        timeoutSeconds: 600, // 10 分钟超时
-      },
-      delivery: {
-        mode: "announce" as const,
-        channel: "last" as const,
-      },
-      failureAlert: {
-        after: 2,
-        channel: "last" as const,
-        mode: "announce" as const,
-      },
-      createdAtMs: Date.now(),
-      state: {},
-    };
-    store.jobs.push(newJob as any);
-    await saveCronStore(storePath, store);
-    logger.info(`[Cron] ✅ 定时任务已注册: ${CRON_JOB_NAME}`);
-    logger.info(`[Cron]    调度: ${CRON_SCHEDULE} (${CRON_TIMEZONE})`);
-  } catch (err: any) {
-    logger.error(`[Cron] ❌ 注册定时任务失败: ${err.message}`);
-    throw err;
+  // 4. Try npx as fallback
+  try {
+    execSync("npx openclaw --version", {
+      encoding: "utf-8",
+      timeout: 5000,
+      stdio: "pipe"
+    });
+    return "npx openclaw";
+  } catch {
+    // npx also not available
   }
+  // 5. Default to openclaw (will fail with clear error)
+  return "openclaw";
 }
 /**
- * 清理 cron 任务（卸载时调用）
+ * Ensure cron job exists (create if not exists, update if config changed)
  */
-export async function cleanupCronJob(
-  options: CronManagerOptions
-): Promise<void> {
-  const { logger, config } = options;
+export async function ensureCronJob(options: CronManagerOptions): Promise<void> {
+  const { logger } = options;
+  const openclawCmd = getOpenClawCommand();
+  logger.info(`[skills-scanner] Using CLI command: ${openclawCmd}`);
+  // Test if command is available
   try {
-    const storePath = resolveCronStorePath(config?.cron?.store);
-    const store = await loadCronStore(storePath);
+    const testResult = execSync(`${openclawCmd} --version`, {
+      encoding: "utf-8",
+      timeout: 5000,
+      stdio: "pipe"
+    });
+    logger.info(`[skills-scanner] Command test successful: ${testResult.trim()}`);
+  } catch (testErr: any) {
+    logger.error(`[skills-scanner] ❌ Command not available: ${testErr.message}`);
+    logger.info(`[skills-scanner] 💡 Please ensure OpenClaw is installed and accessible`);
+    return;
+  }
+  try {
+    // Get cron list output (text format)
+    const listResult = execSync(`${openclawCmd} cron list`, {
+      encoding: "utf-8",
+      timeout: 5000,
+    });
+    // Parse text output to find existing jobs
+    const lines = listResult.split("\n");
+    const existingJobs: Array<{ id: string; name: string }> = [];
-    const before = store.jobs.length;
+    for (const line of lines) {
+      if (line.includes(CRON_JOB_NAME)) {
+        const uuidMatch = line.match(/^([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/);
+        if (uuidMatch) {
+          existingJobs.push({ id: uuidMatch[1], name: CRON_JOB_NAME });
+        }
+      }
+    }
-    // 只删除名称为 skills-weekly-report 的任务
-    store.jobs = store.jobs.filter((j) => j.name !== CRON_JOB_NAME);
+    // If multiple jobs exist with the same name, remove duplicates
+    if (existingJobs.length > 1) {
+      logger.warn(`[skills-scanner] ⚠️  Found ${existingJobs.length} duplicate jobs, cleaning up...`);
-    const removed = before - store.jobs.length;
+      // Keep the first one, remove the rest
+      for (let i = 1; i < existingJobs.length; i++) {
+        const jobId = existingJobs[i].id;
+        try {
+          execSync(`${openclawCmd} cron remove ${jobId}`, {
+            encoding: "utf-8",
+            timeout: 5000,
+          });
+          logger.info(`[skills-scanner] ✅ Removed duplicate job: ${jobId}`);
+        } catch (removeErr: any) {
+          logger.warn(`[skills-scanner] ⚠️  Failed to remove duplicate job ${jobId}: ${removeErr.message}`);
+        }
+      }
+    }
-    if (removed > 0) {
-      await saveCronStore(storePath, store);
-      logger.info(`[Cron] ✅ 已清理 ${removed} 个定时任务`);
+    // Check if we have an existing job (after cleanup)
+    const existingJob = existingJobs.length > 0 ? existingJobs[0] : null;
+    if (existingJob) {
+      const jobId = existingJob.id;
+      logger.info(`[skills-scanner] ✅ Job already exists: ${jobId}`);
+      return;
+    }
+    logger.info("[skills-scanner] 📝 Creating cron job via CLI...");
+    // Create cron job with --announce and --channel last
+    const cronCmd = [
+      `${openclawCmd} cron add`,
+      `--name "${CRON_JOB_NAME}"`,
+      `--cron "${CRON_SCHEDULE}"`,
+      `--tz "${CRON_TIMEZONE}"`,
+      "--session isolated",
+      '--message "请执行 /skills-scanner scan --report 并将结果发送到本频道"',
+      "--announce",
+      "--channel last",
+    ].join(" ");
+    logger.info(`[skills-scanner] Executing: ${cronCmd}`);
+    const result = execSync(cronCmd, { encoding: "utf-8", timeout: 10000 });
+    const jobIdMatch =
+      result.match(/Job ID[:\s]+([a-zA-Z0-9-]+)/i) ||
+      result.match(/jobId[:\s]+([a-zA-Z0-9-]+)/i) ||
+      result.match(/id[:\s]+([a-zA-Z0-9-]+)/i);
+    if (jobIdMatch) {
+      const cronJobId = jobIdMatch[1];
+      logger.info(`[skills-scanner] ✅ Job created successfully: ${cronJobId}`);
+      logger.info(`[skills-scanner] 📅 Schedule: Every Monday at 12:05 (${CRON_TIMEZONE})`);
+      logger.info("[skills-scanner] 📬 Reports will be delivered to the last active channel");
     } else {
-      logger.info("[Cron] 没有需要清理的定时任务");
+      logger.info("[skills-scanner] ✅ Job creation command executed");
+      logger.debug(`[skills-scanner] Output: ${result.trim()}`);
     }
   } catch (err: any) {
-    logger.error(`[Cron] ❌ 清理定时任务失败: ${err.message}`);
-    throw err;
+    logger.warn("[skills-scanner] ⚠️  Auto-registration failed");
+    logger.warn(`[skills-scanner] Error: ${err.message || err}`);
+    if (err.stderr) {
+      logger.warn(`[skills-scanner] stderr: ${err.stderr}`);
+    }
+    if (err.stdout) {
+      logger.warn(`[skills-scanner] stdout: ${err.stdout}`);
+    }
+    if (err.message.includes("permission") || err.message.includes("EACCES")) {
+      logger.error("[skills-scanner] ❌ Permission denied, please run with admin privileges");
+    } else if (
+      err.message.includes("command not found") ||
+      err.message.includes("ENOENT")
+    ) {
+      logger.error(`[skills-scanner] ❌ ${openclawCmd} command not found, please check installation`);
+    } else {
+      logger.info("[skills-scanner] 💡 Please manually register cron job:");
+      logger.info("[skills-scanner]");
+      logger.info(`[skills-scanner]   ${openclawCmd} cron add \\`);
+      logger.info(`[skills-scanner]     --name "${CRON_JOB_NAME}" \\`);
+      logger.info(`[skills-scanner]     --cron "${CRON_SCHEDULE}" \\`);
+      logger.info(`[skills-scanner]     --tz "${CRON_TIMEZONE}" \\`);
+      logger.info("[skills-scanner]     --session isolated \\");
+      logger.info('[skills-scanner]     --message "请执行 /skills-scanner scan --report 并将结果发送到本频道" \\');
+      logger.info("[skills-scanner]     --announce \\");
+      logger.info("[skills-scanner]     --channel last");
+      logger.info("[skills-scanner]");
+    }
   }
 }
 /**
- * 获取 cron 任务状态
+ * Cleanup cron job (called on plugin uninstall)
  */
-export async function getCronJobStatus(
-  options: CronManagerOptions
-): Promise<string> {
-  const { logger, config } = options;
+export async function cleanupCronJob(options: CronManagerOptions): Promise<void> {
+  const { logger } = options;
+  const openclawCmd = getOpenClawCommand();
+  logger.info(`[skills-scanner] 🗑️  Cleaning up cron job: ${CRON_JOB_NAME}`);
   try {
-    const storePath = resolveCronStorePath(config?.cron?.store);
-    const store = await loadCronStore(storePath);
-    const job = store.jobs.find((j) => j.name === CRON_JOB_NAME);
-    if (!job) {
-      return [
-        "❌ *定时任务状态*",
-        "",
-        "任务未注册。",
-        "",
-        "请重启插件或手动注册:",
-        "```bash",
-        "/skills-scanner cron setup",
-        "```",
-      ].join("\n");
+    // Get cron list output (text format)
+    const listResult = execSync(`${openclawCmd} cron list`, {
+      encoding: "utf-8",
+      timeout: 5000,
+    });
+    if (!listResult.includes(CRON_JOB_NAME)) {
+      logger.info(`[skills-scanner] No cron job to remove: ${CRON_JOB_NAME}`);
+      return;
     }
-    const nextRun = job.state?.nextRunAtMs
-      ? new Date(job.state.nextRunAtMs).toLocaleString("zh-CN", {
-          timeZone: CRON_TIMEZONE,
-        })
-      : "未知";
-    const lastRun = job.state?.lastRunAtMs
-      ? new Date(job.state.lastRunAtMs).toLocaleString("zh-CN", {
-          timeZone: CRON_TIMEZONE,
-        })
-      : "从未运行";
-    const lastStatus = job.state?.lastRunStatus || "未知";
-    return [
-      "✅ *定时任务状态*",
-      "",
-      `• **任务 ID**: \`${(job as any).id}\``,
-      `• **任务名称**: ${job.name}`,
-      `• **状态**: ${job.enabled ? "✅ 已启用" : "❌ 已禁用"}`,
-      `• **调度**: \`${CRON_SCHEDULE}\` (${CRON_TIMEZONE})`,
-      `• **下次运行**: ${nextRun}`,
-      `• **上次运行**: ${lastRun}`,
-      `• **上次状态**: ${lastStatus}`,
-      "",
-      "管理命令:",
-      "```bash",
-      `openclaw cron list | grep ${CRON_JOB_NAME}`,
-      `openclaw cron run ${(job as any).id}`,
-      `openclaw cron update ${(job as any).id} --enabled false`,
-      "```",
-    ].join("\n");
-  } catch (err: any) {
-    logger.error(`[Cron] ❌ 获取任务状态失败: ${err.message}`);
-    return `❌ 获取任务状态失败: ${err.message}`;
-  }
-}
+    // Parse text output to extract job IDs
+    // Format: ID (UUID) followed by Name
+    const lines = listResult.split("\n");
+    const jobIdsToRemove: string[] = [];
-/**
- * 手动触发任务（用于测试）
- */
-export async function triggerCronJob(
-  options: CronManagerOptions
-): Promise<string> {
-  const { logger, config } = options;
+    for (const line of lines) {
+      // Check if line contains the job name
+      if (line.includes(CRON_JOB_NAME)) {
+        // Extract UUID from the beginning of the line
+        // UUID format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+        const uuidMatch = line.match(/^([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/);
+        if (uuidMatch) {
+          jobIdsToRemove.push(uuidMatch[1]);
+        }
+      }
+    }
-  try {
-    const storePath = resolveCronStorePath(config?.cron?.store);
-    const store = await loadCronStore(storePath);
+    if (jobIdsToRemove.length === 0) {
+      logger.info(`[skills-scanner] No cron job to remove: ${CRON_JOB_NAME}`);
+      return;
+    }
-    const job = store.jobs.find((j) => j.name === CRON_JOB_NAME);
+    logger.info(`[skills-scanner] Found ${jobIdsToRemove.length} job(s) to remove`);
-    if (!job) {
-      return [
-        "❌ *手动触发任务*",
-        "",
-        "任务未找到，请先注册任务。",
-      ].join("\n");
+    // Remove all matching jobs
+    let successCount = 0;
+    for (const jobId of jobIdsToRemove) {
+      try {
+        execSync(`${openclawCmd} cron remove ${jobId}`, {
+          encoding: "utf-8",
+          timeout: 5000,
+        });
+        logger.info(`[skills-scanner] ✅ Removed cron job: ${jobId}`);
+        successCount++;
+      } catch (removeErr: any) {
+        logger.warn(`[skills-scanner] ⚠️  Failed to remove job ${jobId}: ${removeErr.message}`);
+      }
     }
-    return [
-      "💡 *手动触发任务*",
-      "",
-      "请使用 CLI 命令手动触发:",
-      "```bash",
-      `openclaw cron run ${(job as any).id} --force`,
-      "```",
-      "",
-      "或者直接运行报告生成:",
-      "```bash",
-      "/skills-scanner scan --report",
-      "```",
-    ].join("\n");
+    logger.info(`[skills-scanner] ✅ Cleanup complete, removed ${successCount}/${jobIdsToRemove.length} job(s)`);
   } catch (err: any) {
-    logger.error(`[Cron] ❌ 获取任务信息失败: ${err.message}`);
-    return `❌ 获取任务信息失败: ${err.message}`;
+    logger.error(`[skills-scanner] ❌ Failed to cleanup cron job: ${err.message}`);
   }
 }