@pwddd/skills-scanner 1.0.3 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/prompt-guidance.ts +93 -15
package/package.json
CHANGED
package/src/prompt-guidance.ts
CHANGED
|
@@ -3,23 +3,101 @@
|
|
|
3
3
|
*/
|
|
4
4
|
|
|
5
5
|
export const SKILLS_SECURITY_GUIDANCE = [
|
|
6
|
-
"## Skills
|
|
6
|
+
"## ⚠️ Skills 安全扫描规则(强制执行)",
|
|
7
7
|
"",
|
|
8
|
-
"
|
|
8
|
+
"**重要:当用户请求安装、下载或使用任何 Skill 时,你必须先执行安全扫描,这是强制性的安全要求。**",
|
|
9
9
|
"",
|
|
10
|
-
"
|
|
11
|
-
"2. 等待扫描结果",
|
|
12
|
-
"3. 根据结果决定:",
|
|
13
|
-
" - ✅ 安全(is_safe=true):可以继续安装,告知用户扫描通过",
|
|
14
|
-
" - ❌ 不安全(is_safe=false):",
|
|
15
|
-
" * 立即告知用户发现的安全问题",
|
|
16
|
-
" * 显示威胁详情(严重级别、发现数量)",
|
|
17
|
-
" * 不得继续安装,除非用户明确要求忽略风险",
|
|
10
|
+
"### 触发条件",
|
|
18
11
|
"",
|
|
19
|
-
"
|
|
12
|
+
"以下情况必须触发扫描:",
|
|
13
|
+
"- 用户说\"安装 skill\"、\"下载 skill\"、\"使用这个 skill\"",
|
|
14
|
+
"- 用户提供 Skill 路径或 ClawHub URL",
|
|
15
|
+
"- 用户说\"帮我安装\"、\"我想用\"等涉及 Skill 的请求",
|
|
16
|
+
"- 用户提到任何新的、未扫描过的 Skill",
|
|
20
17
|
"",
|
|
21
|
-
"
|
|
22
|
-
"
|
|
23
|
-
"
|
|
24
|
-
"
|
|
18
|
+
"### 强制扫描流程",
|
|
19
|
+
"",
|
|
20
|
+
"1. **立即暂停安装流程**",
|
|
21
|
+
"2. **告知用户**:\"正在进行安全扫描,请稍候...\"",
|
|
22
|
+
"3. **执行扫描**:",
|
|
23
|
+
" - 本地 Skill:`/skills-scanner scan <skill路径>`",
|
|
24
|
+
" - ClawHub Skill:`/skills-scanner scan clawhub <URL>`",
|
|
25
|
+
" - 不可信来源:添加 `--detailed --behavioral` 进行深度扫描",
|
|
26
|
+
"4. **等待扫描完成**(不要跳过这一步)",
|
|
27
|
+
"5. **根据结果决定**:",
|
|
28
|
+
"",
|
|
29
|
+
" **✅ 安全(is_safe=true)**:",
|
|
30
|
+
" - 告知用户:\"✅ 安全扫描通过,未检测到威胁\"",
|
|
31
|
+
" - 如果有低风险发现,简要说明",
|
|
32
|
+
" - 继续安装流程",
|
|
33
|
+
"",
|
|
34
|
+
" **❌ 不安全(is_safe=false)**:",
|
|
35
|
+
" - 立即告知用户:\"⚠️ 安全扫描发现威胁!\"",
|
|
36
|
+
" - 显示威胁详情:",
|
|
37
|
+
" * 严重级别(CRITICAL/HIGH/MEDIUM/LOW)",
|
|
38
|
+
" * 发现的问题数量",
|
|
39
|
+
" * 主要威胁类型",
|
|
40
|
+
" - **明确拒绝安装**:\"出于安全考虑,不建议安装此 Skill\"",
|
|
41
|
+
" - 除非用户明确表示\"我了解风险并仍要继续\",否则不得继续",
|
|
42
|
+
"",
|
|
43
|
+
"### 用户绕过风险时",
|
|
44
|
+
"",
|
|
45
|
+
"如果用户坚持安装不安全的 Skill:",
|
|
46
|
+
"1. 再次明确告知所有风险",
|
|
47
|
+
"2. 要求明确确认:\"请确认你了解以下风险并仍要继续:[列出风险]\"",
|
|
48
|
+
"3. 建议用户:",
|
|
49
|
+
" - 在隔离环境中测试",
|
|
50
|
+
" - 监控 Skill 的行为",
|
|
51
|
+
" - 定期检查系统安全",
|
|
52
|
+
"",
|
|
53
|
+
"### VirusTotal 结果优先级",
|
|
54
|
+
"",
|
|
55
|
+
"**如果扫描结果包含 VirusTotal 数据,必须优先展示,即使未检测到威胁。**",
|
|
56
|
+
"",
|
|
57
|
+
"VirusTotal 是业界权威的多引擎扫描服务,其结果具有最高参考价值:",
|
|
58
|
+
"- 0/70+ 引擎检测:✅ 安全性得到多方验证",
|
|
59
|
+
"- 1-2/70+ 引擎检测:⚠️ 可能误报,需谨慎评估",
|
|
60
|
+
"- 3+/70+ 引擎检测:❌ 高风险,强烈不建议安装",
|
|
61
|
+
"",
|
|
62
|
+
"### 禁止行为",
|
|
63
|
+
"",
|
|
64
|
+
"- ❌ 不得在未扫描的情况下直接安装 Skill",
|
|
65
|
+
"- ❌ 不得跳过扫描步骤",
|
|
66
|
+
"- ❌ 不得在扫描失败时继续安装",
|
|
67
|
+
"- ❌ 不得隐瞒或淡化安全威胁",
|
|
68
|
+
"- ❌ 不得在用户未明确确认风险时安装不安全的 Skill",
|
|
69
|
+
"",
|
|
70
|
+
"### 示例对话",
|
|
71
|
+
"",
|
|
72
|
+
"**正确流程**:",
|
|
73
|
+
"```",
|
|
74
|
+
"用户: 帮我安装这个 skill",
|
|
75
|
+
"AI: 好的,让我先进行安全扫描...",
|
|
76
|
+
" [执行 /skills-scanner scan ...]",
|
|
77
|
+
" ✅ 安全扫描通过,未检测到威胁。",
|
|
78
|
+
" 现在为您安装...",
|
|
79
|
+
"```",
|
|
80
|
+
"",
|
|
81
|
+
"**错误流程(禁止)**:",
|
|
82
|
+
"```",
|
|
83
|
+
"用户: 帮我安装这个 skill",
|
|
84
|
+
"AI: 好的,正在安装... ❌ 错误!必须先扫描",
|
|
85
|
+
"```",
|
|
86
|
+
"",
|
|
87
|
+
"**检测到威胁时**:",
|
|
88
|
+
"```",
|
|
89
|
+
"用户: 安装这个 skill",
|
|
90
|
+
"AI: 正在进行安全扫描...",
|
|
91
|
+
" [执行扫描]",
|
|
92
|
+
" ⚠️ 安全扫描发现威胁!",
|
|
93
|
+
" ",
|
|
94
|
+
" 检测结果:",
|
|
95
|
+
" - 严重级别: HIGH",
|
|
96
|
+
" - 发现 5 个问题",
|
|
97
|
+
" - 主要威胁: 提示注入、未授权文件访问",
|
|
98
|
+
" ",
|
|
99
|
+
" 出于安全考虑,不建议安装此 Skill。",
|
|
100
|
+
"```",
|
|
101
|
+
"",
|
|
102
|
+
"**记住:安全扫描是强制性的,不是可选的。每次安装 Skill 前都必须执行。**",
|
|
25
103
|
].join("\n");
|