@pwddd/skills-scanner 1.0.3 → 3.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.ts +25 -1
- package/openclaw.plugin.json +1 -1
- package/package.json +1 -1
- package/skills/skills-scanner/SKILL.md +2 -2
- package/src/high-risk-operation-guard.ts +62 -0
- package/src/prompt-guidance.ts +16 -15
- package/src/types.ts +2 -0
package/index.ts
CHANGED
|
@@ -25,6 +25,8 @@ import { ensureCronJob } from "./src/cron.js";
|
|
|
25
25
|
import { startWatcher } from "./src/watcher.js";
|
|
26
26
|
import { createCommandHandlers } from "./src/commands.js";
|
|
27
27
|
import { SKILLS_SECURITY_GUIDANCE } from "./src/prompt-guidance.js";
|
|
28
|
+
import { PROMPT_INJECTION_GUARD } from "./src/prompt-injection-guard.js";
|
|
29
|
+
import { HIGH_RISK_OPERATION_GUARD } from "./src/high-risk-operation-guard.js";
|
|
28
30
|
|
|
29
31
|
// Constants
|
|
30
32
|
const PLUGIN_ROOT = process.env.OPENCLAW_PLUGIN_ROOT || __dirname;
|
|
@@ -48,6 +50,8 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
48
50
|
const preInstallScan = cfg.preInstallScan ?? "on";
|
|
49
51
|
const onUnsafe = cfg.onUnsafe ?? "quarantine";
|
|
50
52
|
const injectSecurityGuidance = cfg.injectSecurityGuidance ?? true;
|
|
53
|
+
const enablePromptInjectionGuard = cfg.enablePromptInjectionGuard ?? true;
|
|
54
|
+
const enableHighRiskOperationGuard = cfg.enableHighRiskOperationGuard ?? true;
|
|
51
55
|
|
|
52
56
|
api.logger.info("[skills-scanner] ═══════════════════════════════════════");
|
|
53
57
|
api.logger.info("[skills-scanner] Plugin loading...");
|
|
@@ -59,10 +63,30 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
59
63
|
|
|
60
64
|
// Inject system prompt guidance (can be disabled via config)
|
|
61
65
|
if (injectSecurityGuidance) {
|
|
66
|
+
// Build combined guidance
|
|
67
|
+
const guidanceParts = [SKILLS_SECURITY_GUIDANCE];
|
|
68
|
+
|
|
69
|
+
if (enablePromptInjectionGuard) {
|
|
70
|
+
guidanceParts.push(PROMPT_INJECTION_GUARD);
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
if (enableHighRiskOperationGuard) {
|
|
74
|
+
guidanceParts.push(HIGH_RISK_OPERATION_GUARD);
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
const combinedGuidance = guidanceParts.join("\n\n");
|
|
78
|
+
|
|
62
79
|
api.on("before_prompt_build", async () => ({
|
|
63
|
-
prependSystemContext:
|
|
80
|
+
prependSystemContext: combinedGuidance,
|
|
64
81
|
}));
|
|
82
|
+
|
|
65
83
|
api.logger.info("[skills-scanner] ✅ Security guidance injected into system prompt");
|
|
84
|
+
if (enablePromptInjectionGuard) {
|
|
85
|
+
api.logger.info("[skills-scanner] - Prompt injection guard enabled");
|
|
86
|
+
}
|
|
87
|
+
if (enableHighRiskOperationGuard) {
|
|
88
|
+
api.logger.info("[skills-scanner] - High-risk operation guard enabled");
|
|
89
|
+
}
|
|
66
90
|
} else {
|
|
67
91
|
api.logger.info("[skills-scanner] ⏭️ Security guidance injection disabled");
|
|
68
92
|
}
|
package/openclaw.plugin.json
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: skills-scanner
|
|
3
|
-
description: OpenClaw Skills 安全扫描工具,使用
|
|
3
|
+
description: OpenClaw Skills 安全扫描工具,使用 AI Skill Scanner 检测恶意代码、数据窃取、提示注入等威胁。
|
|
4
4
|
version: 1.0.0
|
|
5
5
|
user-invocable: true
|
|
6
6
|
metadata: {"openclaw": {"emoji": "🔍", "requires": {"bins": ["uv", "python3"]}, "install": [{"id": "uv-brew", "kind": "brew", "formula": "uv", "bins": ["uv"], "label": "安装 uv (macOS)", "os": ["darwin"]}, {"id": "uv-curl", "kind": "download", "url": "https://astral.sh/uv/install.sh", "label": "安装 uv (Linux)", "os": ["linux"]}]}}
|
|
@@ -366,7 +366,7 @@ https://clawhub.ai/<username>/<project>
|
|
|
366
366
|
### 工作原理
|
|
367
367
|
|
|
368
368
|
1. **接收 URL**:用户提供 ClawHub 项目 URL
|
|
369
|
-
2. **发送请求**:插件将 URL
|
|
369
|
+
2. **发送请求**:插件将 URL 发送到后端检测服务
|
|
370
370
|
3. **自动下载**:API 服务从 ClawHub 下载 Skill 包(临时)
|
|
371
371
|
4. **执行扫描**:运行静态分析、行为分析、LLM 分析等
|
|
372
372
|
5. **返回结果**:生成安全报告并返回
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* High-risk operation confirmation guidance
|
|
3
|
+
*/
|
|
4
|
+
|
|
5
|
+
export const HIGH_RISK_OPERATION_GUARD = [
|
|
6
|
+
"## 🛡️ 高风险操作确认",
|
|
7
|
+
"",
|
|
8
|
+
"**在执行可能影响系统或数据的操作前,必须分析风险并要求用户确认。**",
|
|
9
|
+
"",
|
|
10
|
+
"### 高风险操作类别",
|
|
11
|
+
"",
|
|
12
|
+
"1. **文件系统操作**:删除文件/目录、修改系统配置、写入敏感目录",
|
|
13
|
+
"2. **网络操作**:下载并执行外部代码、向外部发送数据",
|
|
14
|
+
"3. **权限操作**:修改权限、执行需要 root/admin 的命令",
|
|
15
|
+
"4. **数据操作**:删除数据库、清空数据、导出敏感信息",
|
|
16
|
+
"",
|
|
17
|
+
"### 风险等级",
|
|
18
|
+
"",
|
|
19
|
+
"- 🔴 **高风险**:不可逆操作、影响系统稳定性、涉及敏感数据",
|
|
20
|
+
"- 🟡 **中风险**:可能影响用户数据、需要特殊权限",
|
|
21
|
+
"- 🟢 **低风险**:只读操作、可逆操作",
|
|
22
|
+
"",
|
|
23
|
+
"### 确认流程",
|
|
24
|
+
"",
|
|
25
|
+
"对于高风险和中风险操作:",
|
|
26
|
+
"",
|
|
27
|
+
"1. **分析风险**:识别操作类型和潜在后果",
|
|
28
|
+
"2. **告知用户**:",
|
|
29
|
+
" ```",
|
|
30
|
+
" ⚠️ 风险提示",
|
|
31
|
+
" ",
|
|
32
|
+
" 操作:[具体操作描述]",
|
|
33
|
+
" 风险等级:🔴 高风险",
|
|
34
|
+
" ",
|
|
35
|
+
" 潜在后果:",
|
|
36
|
+
" - [后果1]",
|
|
37
|
+
" - [后果2]",
|
|
38
|
+
" ",
|
|
39
|
+
" 建议:[安全建议]",
|
|
40
|
+
" ",
|
|
41
|
+
" 请确认:你是否要继续执行此操作?",
|
|
42
|
+
" ```",
|
|
43
|
+
"3. **等待确认**:用户必须明确回复\"确认\"、\"继续\"",
|
|
44
|
+
"",
|
|
45
|
+
"### 示例",
|
|
46
|
+
"",
|
|
47
|
+
"```",
|
|
48
|
+
"用户: 删除 /data 目录下的所有文件",
|
|
49
|
+
"AI: ⚠️ 风险提示",
|
|
50
|
+
" ",
|
|
51
|
+
" 操作:删除 /data 目录下的所有文件",
|
|
52
|
+
" 风险等级:🔴 高风险",
|
|
53
|
+
" ",
|
|
54
|
+
" 潜在后果:",
|
|
55
|
+
" - 数据将被永久删除,无法恢复",
|
|
56
|
+
" - 可能影响依赖这些文件的应用程序",
|
|
57
|
+
" ",
|
|
58
|
+
" 建议:先备份重要数据",
|
|
59
|
+
" ",
|
|
60
|
+
" 请确认:你是否要继续执行此操作?",
|
|
61
|
+
"```",
|
|
62
|
+
].join("\n");
|
package/src/prompt-guidance.ts
CHANGED
|
@@ -3,23 +3,24 @@
|
|
|
3
3
|
*/
|
|
4
4
|
|
|
5
5
|
export const SKILLS_SECURITY_GUIDANCE = [
|
|
6
|
-
"## Skills
|
|
6
|
+
"## ⚠️ Skills 安全扫描规则(强制执行)",
|
|
7
7
|
"",
|
|
8
|
-
"
|
|
8
|
+
"**当用户请求安装、下载或使用任何 Skill 时,你必须先加载 `skills-scanner` Skill 进行安全扫描。**",
|
|
9
9
|
"",
|
|
10
|
-
"
|
|
11
|
-
"2. 等待扫描结果",
|
|
12
|
-
"3. 根据结果决定:",
|
|
13
|
-
" - ✅ 安全(is_safe=true):可以继续安装,告知用户扫描通过",
|
|
14
|
-
" - ❌ 不安全(is_safe=false):",
|
|
15
|
-
" * 立即告知用户发现的安全问题",
|
|
16
|
-
" * 显示威胁详情(严重级别、发现数量)",
|
|
17
|
-
" * 不得继续安装,除非用户明确要求忽略风险",
|
|
10
|
+
"### 强制流程",
|
|
18
11
|
"",
|
|
19
|
-
"
|
|
12
|
+
"1. **加载 skills-scanner Skill**",
|
|
13
|
+
"2. **使用该 Skill 执行扫描**",
|
|
14
|
+
"3. **根据扫描结果决定是否继续**",
|
|
20
15
|
"",
|
|
21
|
-
"
|
|
22
|
-
"
|
|
23
|
-
"
|
|
24
|
-
"
|
|
16
|
+
"### 示例",
|
|
17
|
+
"",
|
|
18
|
+
"```",
|
|
19
|
+
"用户: 帮我安装这个 skill",
|
|
20
|
+
"AI: 好的,让我先加载 skills-scanner skill 进行安全扫描...",
|
|
21
|
+
" [加载并使用 skills-scanner skill]",
|
|
22
|
+
" ✅ 扫描通过,可以安装",
|
|
23
|
+
"```",
|
|
24
|
+
"",
|
|
25
|
+
"**禁止**:不得在未使用 skills-scanner Skill 扫描的情况下直接安装。",
|
|
25
26
|
].join("\n");
|
package/src/types.ts
CHANGED
|
@@ -11,6 +11,8 @@ export interface ScannerConfig {
|
|
|
11
11
|
preInstallScan?: "on" | "off";
|
|
12
12
|
onUnsafe?: "quarantine" | "delete" | "warn";
|
|
13
13
|
injectSecurityGuidance?: boolean;
|
|
14
|
+
enablePromptInjectionGuard?: boolean;
|
|
15
|
+
enableHighRiskOperationGuard?: boolean;
|
|
14
16
|
}
|
|
15
17
|
|
|
16
18
|
export interface ScanState {
|