npm - @pwddd/skills-scanner - Versions diffs - 1.2.4 → 2.1.0 - Mend

@pwddd/skills-scanner 1.2.4 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @pwddd/skills-scanner might be problematic. Click here for more details.

Files changed (5) hide show

package/README.md +130 -7
package/index.ts +170 -95
package/openclaw.plugin.json +22 -3
package/package.json +3 -3
package/skills/skills-scanner/scan.py +461 -240

package/README.md CHANGED Viewed

@@ -1,12 +1,26 @@
 # openclaw-skills-scanner
-OpenClaw Plugin，基于 [cisco-ai-skill-scanner](https://github.com/cisco-ai-defense/skill-scanner) 实现对 OpenClaw Skills 的安全扫描。
+OpenClaw Plugin，通过 HTTP API 调用远程 [cisco-ai-skill-scanner](https://github.com/cisco-ai-defense/skill-scanner) 服务实现对 OpenClaw Skills 的安全扫描。
+## 架构说明
+本插件采用 **HTTP 客户端模式**：
+- **客户端**：本插件（TypeScript + Python HTTP 客户端）
+- **服务端**：独立运行的 `skill-scanner-api` 服务（需单独部署）
+- **通信方式**：通过 HTTP REST API 调用扫描服务
+### 为什么使用 HTTP 模式？
+1. **依赖隔离**：避免复杂的 Python 依赖安装问题（LiteLLM、代理配置等）
+2. **服务复用**：多个客户端可共享同一个扫描服务
+3. **灵活部署**：扫描服务可部署在专用服务器上，支持更强大的硬件配置
+4. **简化维护**：客户端只需 `requests` 库，无需安装完整的 `cisco-ai-skill-scanner`
 ## 功能
 | 功能 | 实现方式 | 状态 |
 |---|---|---|
-| 启动时自动安装 Python 依赖 | `registerService` | ✅ 全自动 |
+| 启动时自动安装 Python 依赖（requests） | `registerService` | ✅ 全自动 |
 | `/scan-skill` `/scan-skills` 按需扫描 | `registerCommand` | ✅ 全自动 |
 | `/scan-report` 立即日报 | `registerCommand` | ✅ 全自动 |
 | `/scan-status` 状态查看 | `registerCommand` | ✅ 全自动 |
@@ -17,21 +31,47 @@ OpenClaw Plugin，基于 [cisco-ai-skill-scanner](https://github.com/cisco-ai-de
 ---
-## 安装
+## 前置要求
+### 1. 启动 skill-scanner-api 服务
+在服务器上安装并启动 API 服务：
+```bash
+# 安装 cisco-ai-skill-scanner
+pip install cisco-ai-skill-scanner
+# 启动 API 服务（默认端口 8000）
+skill-scanner-api
+# 或指定端口
+skill-scanner-api --port 8080
+# 开发模式（自动重载）
+skill-scanner-api --reload
+```
+验证服务是否正常：
+```bash
+curl http://localhost:8000/health
+```
+### 2. 安装本插件
 ```bash
 # 从本地目录安装
 openclaw plugins install ./openclaw-skills-scanner
-# 或从 npm 安装（发布后）
-openclaw plugins install @yourscope/openclaw-skills-scanner
+# 或从 npm 安装
+openclaw plugins install @pwddd/skills-scanner
 # 重启 Gateway（Plugin 变更必须重启）
 openclaw gateway restart
 ```
 重启后 Gateway 会自动：
-1. 创建 Python venv 并安装 `cisco-ai-skill-scanner`
+1. 创建 Python venv 并安装 `requests` 库
 2. 开始监听 Skills 目录（安装前扫描）
 3. 在启动日志里打印是否需要注册 Cron Job
@@ -116,8 +156,11 @@ Plugin 启动后用 `fs.watch` 监听所有 Skills 目录。任何新 Skill 出
       "skills-scanner": {
         "enabled": true,
         "config": {
+          "apiUrl": "http://localhost:8000",    // API 服务地址
           "scanDirs": ["~/.openclaw/skills"],   // 留空自动检测
           "behavioral": false,                  // 行为分析（较慢）
+          "useLLM": false,                      // 启用 LLM 分析
+          "policy": "balanced",                 // strict | balanced | permissive
           "preInstallScan": "on",               // fs.watch 安装前扫描
           "onUnsafe": "quarantine"              // quarantine | delete | warn
         }
@@ -127,12 +170,92 @@ Plugin 启动后用 `fs.watch` 监听所有 Skills 目录。任何新 Skill 出
 }
 ```
+### 配置说明
+| 配置项 | 类型 | 默认值 | 说明 |
+|---|---|---|---|
+| `apiUrl` | string | `http://localhost:8000` | skill-scanner-api 服务地址 |
+| `scanDirs` | string[] | 自动检测 | 要扫描的 Skills 目录列表 |
+| `behavioral` | boolean | `false` | 启用行为分析（更准确但较慢） |
+| `useLLM` | boolean | `false` | 启用 LLM 分析（需 API 服务配置 LLM） |
+| `policy` | string | `balanced` | 扫描策略：`strict`（严格）/ `balanced`（平衡）/ `permissive`（宽松） |
+| `preInstallScan` | string | `on` | 是否启用 fs.watch 安装前扫描 |
+| `onUnsafe` | string | `quarantine` | 发现不安全 Skill 时的处置方式 |
+---
+## HTTP API 端点说明
+本插件使用以下 API 端点：
+| 端点 | 方法 | 用途 |
+|---|---|---|
+| `/health` | GET | 健康检查 |
+| `/scan-upload` | POST | 上传 ZIP 文件扫描（单个 Skill） |
+| `/scan-batch` | POST | 批量异步扫描（服务器本地目录） |
+| `/scan-batch/{scan_id}` | GET | 查询批量扫描结果 |
+### 扫描方式
+1. **单个 Skill 扫描**：使用 `/scan-upload` 端点
+   - 客户端将 Skill 目录打包成 ZIP
+   - 上传到服务器
+   - 服务器解压并扫描
+   - 返回扫描结果
+2. **批量扫描（服务器本地）**：使用 `/scan-batch` 端点
+   - 适用于服务器本地目录
+   - 异步执行，返回 scan_id
+   - 轮询 `/scan-batch/{scan_id}` 获取结果
+3. **批量扫描（客户端上传）**：客户端循环调用 `/scan-upload`
+   - 适用于客户端本地多个 Skills
+   - 逐个打包上传扫描
+---
+## 故障排查
+### 1. 连接失败
+```
+✗ 无法连接到 API 服务: http://localhost:8000
+```
+**解决方法**：
+- 确认 `skill-scanner-api` 服务正在运行
+- 检查配置中的 `apiUrl` 是否正确
+- 测试连接：`curl http://localhost:8000/health`
+### 2. 代理问题
+如果遇到代理相关错误，插件会自动清除代理环境变量。如果仍有问题，手动清除：
+```bash
+unset http_proxy https_proxy all_proxy HTTP_PROXY HTTPS_PROXY ALL_PROXY
+```
+### 3. Python 依赖问题
+```
+⏳ Python 依赖尚未就绪
+```
+**解决方法**：
+- 检查 `uv` 是否安装：`uv --version`
+- 手动安装依赖：
+  ```bash
+  cd ~/.openclaw/extensions/skills-scanner/skills/skills-scanner
+  uv venv .venv --python 3.10
+  uv pip install --python .venv/bin/python requests>=2.31.0
+  ```
 ---
 ## 发布到 npm
 ```bash
-# 修改 package.json 里的 name 为你的 scope
+# 已发布为 @pwddd/skills-scanner
 npm login
 npm publish --access public
 ```

package/index.ts CHANGED Viewed

@@ -42,10 +42,16 @@ const QUARANTINE_DIR = join(STATE_DIR, "quarantine");
 // ── 型別 ──────────────────────────────────────────────────────────────────────
 interface ScannerConfig {
+  /** API 服务地址 */
+  apiUrl?: string;
   /** 扫描目录列表，默认自动检测 */
   scanDirs?: string[];
   /** 是否启用行为分析（较慢但更准确） */
   behavioral?: boolean;
+  /** 是否启用 LLM 分析 */
+  useLLM?: boolean;
+  /** 扫描策略 */
+  policy?: "strict" | "balanced" | "permissive";
   /**
    * 安装前扫描（fs.watch）：
    * - "on"  监听所有 scanDirs（默认）
@@ -75,10 +81,10 @@ function hasUv(): boolean {
 function isVenvReady(): boolean {
   if (!existsSync(VENV_PYTHON)) return false;
-  // 检查 cisco-ai-skill-scanner 是否真的安装
+  // 检查 requests 是否安装
   try {
-    execSync(`"${VENV_PYTHON}" -c "import skill_scanner"`, { stdio: 'ignore' });
+    execSync(`"${VENV_PYTHON}" -c "import requests"`, { stdio: 'ignore' });
     return true;
   } catch {
     return false;
@@ -115,74 +121,40 @@ function saveState(s: ScanState) {
 async function ensureDeps(logger: any): Promise<boolean> {
   if (isVenvReady()) {
-    logger.info("[skills-scanner] Python 依赖已就绪（cisco-ai-skill-scanner 已安装）");
+    logger.info("[skills-scanner] Python 依赖已就绪（requests 已安装）");
     return true;
   }
   if (!hasUv()) {
     logger.warn("[skills-scanner] uv 未安装：brew install uv 或 curl -LsSf https://astral.sh/uv/install.sh | sh");
     return false;
   }
-  logger.info("[skills-scanner] 正在安装 cisco-ai-skill-scanner...");
+  logger.info("[skills-scanner] 正在安装 Python 依赖...");
   try {
-    // 使用 uv 创建 venv 并安装包（一步完成）
-    logger.info("[skills-scanner] 创建虚拟环境并安装依赖...");
     const venvDir = join(SKILL_DIR, ".venv");
     // 如果 venv 已存在，先删除
     if (existsSync(venvDir)) {
       logger.info("[skills-scanner] 清理旧的虚拟环境...");
       rmSync(venvDir, { recursive: true, force: true });
     }
-    // 使用 uv 创建 venv
+    // 创建 venv
     await execAsync(`uv venv "${venvDir}" --python 3.10`);
     logger.info("[skills-scanner] 虚拟环境创建完成");
-    // 使用 uv pip 安装包（这是关键！）
-    logger.info("[skills-scanner] 安装 cisco-ai-skill-scanner...");
-    const installCmd = `uv pip install --python "${VENV_PYTHON}" cisco-ai-skill-scanner`;
-    logger.debug(`[skills-scanner] 执行命令: ${installCmd}`);
-    const installResult = await execAsync(installCmd);
-    logger.info(`[skills-scanner] 安装输出: ${installResult.stdout.trim()}`);
-    if (installResult.stderr) {
-      logger.warn(`[skills-scanner] 安装警告: ${installResult.stderr.trim()}`);
-    }
+    // 安装 requests
+    logger.info("[skills-scanner] 安装 requests...");
+    await execAsync(`uv pip install --python "${VENV_PYTHON}" requests>=2.31.0`);
     // 验证安装
-    logger.info("[skills-scanner] 验证安装...");
-    try {
-      const verifyResult = execSync(`"${VENV_PYTHON}" -c "import skill_scanner; print('Version:', skill_scanner.__version__)"`, { encoding: 'utf-8' });
-      logger.info(`[skills-scanner] ✅ 验证成功: ${verifyResult.trim()}`);
-      return true;
-    } catch (verifyErr: any) {
-      logger.error("[skills-scanner] ❌ 验证失败");
-      logger.error(`[skills-scanner] 错误: ${verifyErr.message}`);
-      // 尝试手动检查文件
-      try {
-        const sitePackages = join(venvDir, "lib");
-        logger.debug(`[skills-scanner] 检查 site-packages: ${sitePackages}`);
-        if (existsSync(sitePackages)) {
-          const { stdout } = await execAsync(`find "${sitePackages}" -name "skill_scanner*" -type d`);
-          logger.debug(`[skills-scanner] 找到的包: ${stdout.trim() || "无"}`);
-        }
-      } catch {}
-      return false;
-    }
+    execSync(`"${VENV_PYTHON}" -c "import requests"`, { stdio: 'ignore' });
+    logger.info("[skills-scanner] ✅ 依赖安装完成");
+    return true;
   } catch (err: any) {
     logger.error(`[skills-scanner] ⚠️  依赖安装失败: ${err.message}`);
-    if (err.stdout) logger.error(`[skills-scanner] stdout: ${err.stdout}`);
-    if (err.stderr) logger.error(`[skills-scanner] stderr: ${err.stderr}`);
-    logger.error(`[skills-scanner] 请手动运行:`);
-    logger.error(`[skills-scanner]   cd ~/.openclaw/extensions/skills-scanner/skills/skills-scanner`);
-    logger.error(`[skills-scanner]   rm -rf .venv`);
-    logger.error(`[skills-scanner]   uv venv .venv --python 3.10`);
-    logger.error(`[skills-scanner]   uv pip install --python .venv/bin/python cisco-ai-skill-scanner`);
     return false;
   }
 }
@@ -190,25 +162,24 @@ async function ensureDeps(logger: any): Promise<boolean> {
 async function runScan(
   mode: "scan" | "batch",
   target: string,
-  opts: { detailed?: boolean; behavioral?: boolean; recursive?: boolean; jsonOut?: string } = {}
+  opts: { detailed?: boolean; behavioral?: boolean; recursive?: boolean; jsonOut?: string; apiUrl?: string; useLLM?: boolean; policy?: string } = {}
 ): Promise<{ exitCode: number; output: string }> {
   const args = [mode, target];
   if (opts.detailed)   args.push("--detailed");
   if (opts.behavioral) args.push("--behavioral");
   if (opts.recursive)  args.push("--recursive");
+  if (opts.useLLM)     args.push("--llm");
+  if (opts.policy)     args.push("--policy", opts.policy);
   if (opts.jsonOut)    args.push("--json", opts.jsonOut);
+  if (opts.apiUrl)     args.unshift("--api-url", opts.apiUrl);
   const cmd = `"${VENV_PYTHON}" "${SCAN_SCRIPT}" ${args.map(a => `"${a}"`).join(" ")}`;
   // 调试日志
   console.log(`[skills-scanner] 执行命令: ${cmd}`);
-  console.log(`[skills-scanner] VENV_PYTHON: ${VENV_PYTHON}`);
-  console.log(`[skills-scanner] SCAN_SCRIPT: ${SCAN_SCRIPT}`);
-  console.log(`[skills-scanner] Python 存在: ${existsSync(VENV_PYTHON)}`);
-  console.log(`[skills-scanner] Script 存在: ${existsSync(SCAN_SCRIPT)}`);
   try {
-    // 清除代理环境变量，避免 LiteLLM 加载时出错
+    // 清除代理环境变量，避免连接问题
     const env = { ...process.env };
     delete env.http_proxy;
     delete env.https_proxy;
@@ -216,10 +187,10 @@ async function runScan(
     delete env.HTTPS_PROXY;
     delete env.all_proxy;
     delete env.ALL_PROXY;
-    const { stdout, stderr } = await execAsync(cmd, {
+    const { stdout, stderr } = await execAsync(cmd, {
       timeout: 180_000,
-      env
+      env
     });
     return { exitCode: 0, output: (stdout + stderr).trim() };
   } catch (err: any) {
@@ -230,7 +201,14 @@ async function runScan(
 // ── 日报 ──────────────────────────────────────────────────────────────────────
-async function buildDailyReport(dirs: string[], behavioral: boolean, logger: any): Promise<string> {
+async function buildDailyReport(
+  dirs: string[],
+  behavioral: boolean,
+  apiUrl: string,
+  useLLM: boolean,
+  policy: string,
+  logger: any
+): Promise<string> {
   const now     = new Date();
   const dateStr = now.toLocaleDateString("zh-CN", { year: "numeric", month: "2-digit", day: "2-digit" });
   const timeStr = now.toLocaleTimeString("zh-CN", { hour: "2-digit", minute: "2-digit" });
@@ -245,7 +223,14 @@ async function buildDailyReport(dirs: string[], behavioral: boolean, logger: any
     const expanded = expandPath(dir);
     if (!existsSync(expanded)) continue;
     const tmpJson = join(STATE_DIR, `tmp-${Date.now()}.json`);
-    await runScan("batch", expanded, { behavioral, recursive: true, jsonOut: tmpJson });
+    await runScan("batch", expanded, {
+      behavioral,
+      recursive: true,
+      jsonOut: tmpJson,
+      apiUrl,
+      useLLM,
+      policy
+    });
     try {
       const rows: any[] = JSON.parse(readFileSync(tmpJson, "utf-8"));
       try { rmSync(tmpJson); } catch {}
@@ -294,6 +279,9 @@ async function handleNewSkill(
   skillPath: string,
   onUnsafe: "quarantine" | "delete" | "warn",
   behavioral: boolean,
+  apiUrl: string,
+  useLLM: boolean,
+  policy: string,
   notifyFn: (msg: string) => void,
   logger: any
 ) {
@@ -302,7 +290,13 @@ async function handleNewSkill(
   logger.info(`[skills-scanner] 🔍 检测到新 Skill，开始安装前扫描: ${name}`);
   notifyFn(`🔍 检测到新 Skill \`${name}\`，正在安全扫描...`);
-  const res = await runScan("scan", skillPath, { behavioral, detailed: true });
+  const res = await runScan("scan", skillPath, {
+    behavioral,
+    detailed: true,
+    apiUrl,
+    useLLM,
+    policy
+  });
   if (res.exitCode === 0) {
     notifyFn(`✅ \`${name}\` 安全检查通过，可以正常使用。`);
@@ -340,6 +334,9 @@ function startWatcher(
   dirs: string[],
   onUnsafe: "quarantine" | "delete" | "warn",
   behavioral: boolean,
+  apiUrl: string,
+  useLLM: boolean,
+  policy: string,
   notifyFn: (msg: string) => void,
   logger: any
 ): () => void {
@@ -360,7 +357,7 @@ function startWatcher(
       if (prev) clearTimeout(prev);
       timers.set(skillPath, setTimeout(() => {
         timers.delete(skillPath);
-        handleNewSkill(skillPath, onUnsafe, behavioral, notifyFn, logger);
+        handleNewSkill(skillPath, onUnsafe, behavioral, apiUrl, useLLM, policy, notifyFn, logger);
       }, 500));
     });
   });
@@ -377,15 +374,19 @@ function startWatcher(
 export default function register(api: any) {
   const cfg: ScannerConfig = api.config?.plugins?.entries?.["skills-scanner"]?.config ?? {};
+  const apiUrl         = cfg.apiUrl         ?? "http://localhost:8000";
   const scanDirs       = (cfg.scanDirs?.map(expandPath) ?? []).filter(existsSync).length > 0
     ? (cfg.scanDirs!.map(expandPath))
     : defaultScanDirs();
   const behavioral     = cfg.behavioral     ?? false;
+  const useLLM         = cfg.useLLM         ?? false;
+  const policy         = cfg.policy         ?? "balanced";
   const preInstallScan = cfg.preInstallScan ?? "on";
   const onUnsafe       = cfg.onUnsafe       ?? "quarantine";
   api.logger.info("[skills-scanner] ═══════════════════════════════════════");
   api.logger.info("[skills-scanner] Plugin 正在加载...");
+  api.logger.info(`[skills-scanner] API 服务地址: ${apiUrl}`);
   api.logger.info(`[skills-scanner] PLUGIN_ROOT: ${PLUGIN_ROOT}`);
   api.logger.info(`[skills-scanner] SKILL_DIR: ${SKILL_DIR}`);
   api.logger.info(`[skills-scanner] VENV_PYTHON: ${VENV_PYTHON}`);
@@ -434,7 +435,7 @@ export default function register(api: any) {
       if (preInstallScan === "on" && scanDirs.length > 0) {
         api.logger.info(`[skills-scanner] 📁 启动文件监控: ${scanDirs.length} 个目录`);
-        stopWatcher = startWatcher(scanDirs, onUnsafe, behavioral, persistWatcherAlert, api.logger);
+        stopWatcher = startWatcher(scanDirs, onUnsafe, behavioral, apiUrl, useLLM, policy, persistWatcherAlert, api.logger);
         api.logger.info("[skills-scanner] ✅ 文件监控已启动");
       } else {
         api.logger.info("[skills-scanner] ⏭️  安装前扫描已禁用");
@@ -493,20 +494,19 @@ export default function register(api: any) {
       if (!isVenvReady()) {
         return { text: "⏳ Python 依赖尚未就绪，请稍后重试或查看日志" };
       }
-      // 测试 Python 能否导入
-      try {
-        execSync(`"${VENV_PYTHON}" -c "import skill_scanner; print('Import OK')"`, { encoding: 'utf-8' });
-      } catch (err: any) {
-        return { text: `❌ Python 导入测试失败:\n\`\`\`\n${err.message}\n\`\`\`` };
-      }
       const parts      = raw.split(/\s+/);
       const skillPath  = expandPath(parts.find(p => !p.startsWith("--")) ?? "");
       const detailed   = parts.includes("--detailed");
       const useBehav   = parts.includes("--behavioral") || behavioral;
-      const res = await runScan("scan", skillPath, { detailed, behavioral: useBehav });
+      const res = await runScan("scan", skillPath, {
+        detailed,
+        behavioral: useBehav,
+        apiUrl,
+        useLLM,
+        policy
+      });
       const icon = res.exitCode === 0 ? "✅" : "❌";
       return { text: `${icon} 扫描完成\n\`\`\`\n${res.output}\n\`\`\`` };
     },
@@ -529,7 +529,14 @@ export default function register(api: any) {
       const detailed  = parts.includes("--detailed");
       const useBehav  = parts.includes("--behavioral") || behavioral;
-      const res = await runScan("batch", dirPath, { recursive, detailed, behavioral: useBehav });
+      const res = await runScan("batch", dirPath, {
+        recursive,
+        detailed,
+        behavioral: useBehav,
+        apiUrl,
+        useLLM,
+        policy
+      });
       const icon = res.exitCode === 0 ? "✅" : "❌";
       return { text: `${icon} 批量扫描完成\n\`\`\`\n${res.output}\n\`\`\`` };
     },
@@ -544,7 +551,7 @@ export default function register(api: any) {
     handler: async (_ctx: any) => {
       if (!isVenvReady()) return { text: "⏳ Python 依赖尚未就绪，请稍后重试" };
       if (scanDirs.length === 0) return { text: "⚠️ 未找到可扫描目录，请检查配置" };
-      const report = await buildDailyReport(scanDirs, behavioral, api.logger);
+      const report = await buildDailyReport(scanDirs, behavioral, apiUrl, useLLM, policy, api.logger);
       return { text: report };
     },
   });
@@ -561,27 +568,78 @@ export default function register(api: any) {
       const lines = [
         "📋 *Skills Scanner 状态*",
+        `API 服务地址：${apiUrl}`,
         `Python 依赖：${isVenvReady() ? "✅ 就绪" : "❌ 未就绪"}`,
         `Python 路径：${VENV_PYTHON}`,
         `scan.py 路径：${SCAN_SCRIPT}`,
         `安装前扫描：${preInstallScan === "on" ? `✅ 监听中（${onUnsafe}）` : "❌ 已禁用"}`,
+        `扫描策略：${policy}`,
+        `LLM 分析：${useLLM ? "✅ 启用" : "❌ 禁用"}`,
+        `行为分析：${behavioral ? "✅ 启用" : "❌ 禁用"}`,
         `上次扫描：${state.lastScanAt ? new Date(state.lastScanAt).toLocaleString("zh-CN") : "从未"}`,
         `上次问题 Skills：${state.lastUnsafeSkills?.length ? state.lastUnsafeSkills.join(", ") : "无"}`,
         `扫描目录：\n${scanDirs.map(d => `  • ${d}`).join("\n")}`,
       ];
-      // 添加依赖检查
-      try {
-        const versionCheck = execSync(`"${VENV_PYTHON}" -c "import skill_scanner; print(skill_scanner.__version__)"`, { encoding: 'utf-8' });
-        lines.push(`cisco-ai-skill-scanner 版本：${versionCheck.trim()}`);
-      } catch (err: any) {
-        lines.push(`❌ 依赖检查失败：${err.message}`);
-        // 尝试列出已安装的包
+      // API 健康检查
+      if (isVenvReady()) {
+        lines.push("", "🔍 *API 服务检查*");
         try {
-          const pipList = execSync(`"${VENV_PYTHON}" -m pip list`, { encoding: 'utf-8' });
-          lines.push("", "已安装的包：", "```", pipList.trim(), "```");
-        } catch {}
+          // 调用 scan.py health 命令
+          const cmd = `"${VENV_PYTHON}" "${SCAN_SCRIPT}" --api-url "${apiUrl}" health`;
+          // 清除代理环境变量
+          const env = { ...process.env };
+          delete env.http_proxy;
+          delete env.https_proxy;
+          delete env.HTTP_PROXY;
+          delete env.HTTPS_PROXY;
+          delete env.all_proxy;
+          delete env.ALL_PROXY;
+          const { stdout, stderr } = await execAsync(cmd, { timeout: 5000, env });
+          const output = (stdout + stderr).trim();
+          if (output.includes("✓") || output.includes("正常")) {
+            lines.push(`API 服务：✅ 正常`);
+            // 尝试解析可用的分析器信息
+            if (output.includes("analyzers_available")) {
+              try {
+                // 从输出中提取 JSON（如果有的话）
+                const jsonMatch = output.match(/\{[\s\S]*\}/);
+                if (jsonMatch) {
+                  const healthData = JSON.parse(jsonMatch[0]);
+                  if (healthData.analyzers_available) {
+                    lines.push(`可用分析器：${healthData.analyzers_available.join(", ")}`);
+                  }
+                  if (healthData.version) {
+                    lines.push(`API 版本：${healthData.version}`);
+                  }
+                }
+              } catch {}
+            }
+          } else {
+            lines.push(`API 服务：❌ 不可用`);
+            lines.push(`响应：${output}`);
+          }
+        } catch (err: any) {
+          lines.push(`API 服务：❌ 连接失败`);
+          const errorMsg = err.message || err.toString();
+          if (errorMsg.includes("ECONNREFUSED") || errorMsg.includes("无法连接")) {
+            lines.push(`错误：无法连接到 ${apiUrl}`);
+          } else {
+            lines.push(`错误：${errorMsg}`);
+          }
+          lines.push("", "💡 请确保 skill-scanner-api 服务正在运行：");
+          lines.push("```");
+          lines.push("skill-scanner-api");
+          lines.push("# 或指定端口");
+          lines.push("skill-scanner-api --port 8080");
+          lines.push("```");
+        }
+      } else {
+        lines.push("", "⚠️ Python 依赖未就绪，无法检查 API 服务");
       }
       if (alerts.length > 0) {
@@ -612,14 +670,21 @@ export default function register(api: any) {
     const { path: p, mode = "scan", recursive = false, detailed = false } = params ?? {};
     if (!p)             return respond(false, { error: "缺少 path 参数" });
     if (!isVenvReady()) return respond(false, { error: "Python 依赖未就绪" });
-    const res = await runScan(mode === "batch" ? "batch" : "scan", expandPath(p), { recursive, detailed, behavioral });
+    const res = await runScan(mode === "batch" ? "batch" : "scan", expandPath(p), {
+      recursive,
+      detailed,
+      behavioral,
+      apiUrl,
+      useLLM,
+      policy
+    });
     respond(res.exitCode === 0, { output: res.output, exitCode: res.exitCode, is_safe: res.exitCode === 0 });
   });
   api.registerGatewayMethod("skillsScanner.report", async ({ respond }: any) => {
     if (!isVenvReady())          return respond(false, { error: "Python 依赖未就绪" });
     if (scanDirs.length === 0)   return respond(false, { error: "未找到可扫描目录" });
-    const report = await buildDailyReport(scanDirs, behavioral, api.logger);
+    const report = await buildDailyReport(scanDirs, behavioral, apiUrl, useLLM, policy, api.logger);
     respond(true, { report, state: loadState() });
   });
@@ -632,7 +697,12 @@ export default function register(api: any) {
       .option("--detailed",   "显示所有 findings")
       .option("--behavioral", "启用行为分析")
       .action(async (p: string, opts: any) => {
-        const res = await runScan("scan", expandPath(p), opts);
+        const res = await runScan("scan", expandPath(p), {
+          ...opts,
+          apiUrl,
+          useLLM,
+          policy
+        });
         console.log(res.output);
         process.exit(res.exitCode);
       });
@@ -643,7 +713,12 @@ export default function register(api: any) {
       .option("--detailed",   "显示所有 findings")
       .option("--behavioral", "启用行为分析")
       .action(async (d: string, opts: any) => {
-        const res = await runScan("batch", expandPath(d), opts);
+        const res = await runScan("batch", expandPath(d), {
+          ...opts,
+          apiUrl,
+          useLLM,
+          policy
+        });
         console.log(res.output);
         process.exit(res.exitCode);
       });
@@ -651,7 +726,7 @@ export default function register(api: any) {
     cmd.command("report")
       .description("立即执行全量扫描并打印日报")
       .action(async () => {
-        const report = await buildDailyReport(scanDirs, behavioral, console);
+        const report = await buildDailyReport(scanDirs, behavioral, apiUrl, useLLM, policy, console);
         console.log(report);
       });
   }, { commands: ["skills-scan"] });