npm - @pwddd/skills-scanner - Versions diffs - 1.2.4 → 2.1.0 - Mend

@pwddd/skills-scanner 1.2.4 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @pwddd/skills-scanner might be problematic. Click here for more details.

Files changed (5) hide show

package/README.md +130 -7
package/index.ts +170 -95
package/openclaw.plugin.json +22 -3
package/package.json +3 -3
package/skills/skills-scanner/scan.py +461 -240

package/skills/skills-scanner/scan.py CHANGED Viewed

@@ -1,11 +1,11 @@
 # /// script
 # dependencies = [
-#   "cisco-ai-skill-scanner>=0.1.0",
+#   "requests>=2.31.0",
 # ]
 # ///
 """
-OpenClaw Skills Security Scanner
-基于 cisco-ai-skill-scanner，支持单个/批量扫描
+OpenClaw Skills Security Scanner (HTTP Client)
+通过 HTTP API 调用远程 cisco-ai-skill-scanner 服务
 注意：此脚本必须使用 venv 中的 Python 运行
 """
@@ -14,36 +14,27 @@ import sys
 import os
 import json
 import argparse
+import tempfile
+import zipfile
+import time
 from pathlib import Path
+from typing import Optional, Dict, Any, List
 # ── 依赖检查 ──────────────────────────────────────────────────────────────────
 try:
-    from skill_scanner import SkillScanner
-    from skill_scanner.core.analyzers import (
-        StaticAnalyzer,
-        BehavioralAnalyzer,
-        PipelineAnalyzer,
-    )
+    import requests
 except ImportError as e:
-    print("❌ cisco-ai-skill-scanner 未安装。")
+    print("❌ requests 未安装。")
     print(f"   导入错误: {e}")
-    print("   请运行: uv pip install cisco-ai-skill-scanner")
-    print(f"   Python 路径: {sys.executable}")
-    print(f"   Python 版本: {sys.version}")
-    # 尝试显示 sys.path
-    print("   sys.path:")
-    for p in sys.path:
-        print(f"     - {p}")
-    sys.exit(1)
-except Exception as e:
-    print(f"❌ 导入时发生未知错误: {type(e).__name__}: {e}")
-    import traceback
-    traceback.print_exc()
+    print("   请运行: uv pip install requests")
     sys.exit(1)
+# ── 配置 ──────────────────────────────────────────────────────────────────────
+DEFAULT_API_URL = os.getenv("SKILL_SCANNER_API_URL", "http://localhost:8000")
+REQUEST_TIMEOUT = 180  # 3 分钟超时
 # ── 颜色输出 ──────────────────────────────────────────────────────────────────
 USE_COLOR = sys.stdout.isatty()
@@ -58,231 +49,461 @@ BOLD   = lambda t: c(t, "1")
 DIM    = lambda t: c(t, "2")
-# ── 严重级别 ──────────────────────────────────────────────────────────────────
-SEVERITY_COLORS = {
-    "CRITICAL": RED,
-    "HIGH":     RED,
-    "MEDIUM":   YELLOW,
-    "LOW":      GREEN,
-    "INFO":     CYAN,
-}
-def severity_label(sev: str) -> str:
-    sev = (sev or "INFO").upper()
-    color = SEVERITY_COLORS.get(sev, CYAN)
-    return color(f"[{sev}]")
-# ── 构建 Scanner ──────────────────────────────────────────────────────────────
-def build_scanner(use_behavioral: bool = False, use_llm: bool = False) -> SkillScanner:
-    analyzers = [StaticAnalyzer(), PipelineAnalyzer()]
-    if use_behavioral:
-        analyzers.append(BehavioralAnalyzer())
-    if use_llm:
+# ── HTTP 客户端 ───────────────────────────────────────────────────────────────
+class SkillScannerClient:
+    """cisco-ai-skill-scanner HTTP API 客户端"""
+    def __init__(self, base_url: str = DEFAULT_API_URL):
+        self.base_url = base_url.rstrip('/')
+        self.session = requests.Session()
+    def health_check(self) -> Dict[str, Any]:
+        """健康检查，返回详细信息"""
         try:
-            from skill_scanner.core.analyzers import LLMAnalyzer
-            api_key = os.environ.get("SKILL_SCANNER_LLM_API_KEY")
-            if not api_key:
-                print(YELLOW("⚠️  未设置 SKILL_SCANNER_LLM_API_KEY，跳过 LLM 分析器"))
-            else:
-                analyzers.append(LLMAnalyzer())
-        except ImportError:
-            print(YELLOW("⚠️  LLM 分析器不可用，请安装: pip install cisco-ai-skill-scanner[llm]"))
-    return SkillScanner(analyzers=analyzers)
-# ── 单个 Skill 扫描 ───────────────────────────────────────────────────────────
-def scan_single(path: str, args) -> dict:
-    skill_path = Path(path).expanduser().resolve()
-    if not skill_path.exists():
-        return {"path": str(skill_path), "error": "路径不存在", "is_safe": False}
-    if not skill_path.is_dir():
-        return {"path": str(skill_path), "error": "必须是目录（Skill 文件夹）", "is_safe": False}
-    skill_md = skill_path / "SKILL.md"
-    if not skill_md.exists():
-        return {"path": str(skill_path), "error": "未找到 SKILL.md，不是合法的 Skill", "is_safe": False}
-    print(f"\n{BOLD('🔍 扫描:')} {CYAN(str(skill_path))}")
-    scanner = build_scanner(
-        use_behavioral=getattr(args, "behavioral", False),
-        use_llm=getattr(args, "llm", False),
-    )
-    result = scanner.scan_skill(str(skill_path))
-    findings = result.findings if hasattr(result, "findings") else []
-    max_sev   = str(result.max_severity) if hasattr(result, "max_severity") else "UNKNOWN"
-    is_safe   = bool(result.is_safe) if hasattr(result, "is_safe") else len(findings) == 0
+            response = self.session.get(f"{self.base_url}/health", timeout=5)
+            response.raise_for_status()
+            return {
+                'status': 'healthy',
+                'data': response.json()
+            }
+        except requests.exceptions.ConnectionError:
+            return {
+                'status': 'unreachable',
+                'error': f'无法连接到 {self.base_url}'
+            }
+        except requests.exceptions.Timeout:
+            return {
+                'status': 'timeout',
+                'error': '请求超时'
+            }
+        except Exception as e:
+            return {
+                'status': 'error',
+                'error': str(e)
+            }
+    def scan_upload(
+        self,
+        skill_path: str,
+        policy: str = "balanced",
+        use_llm: bool = False,
+        use_behavioral: bool = False,
+        use_virustotal: bool = False,
+        use_aidefense: bool = False,
+        use_trigger: bool = False,
+        enable_meta: bool = False,
+        vt_api_key: Optional[str] = None,
+        aidefense_api_key: Optional[str] = None
+    ) -> Dict[str, Any]:
+        """上传 ZIP 文件扫描（单个 Skill）
+        对应 API: POST /scan-upload
+        - 上传 ZIP 文件
+        - 服务器解压并查找 SKILL.md
+        - 返回扫描结果
+        """
+        # 创建临时 ZIP 文件
+        with tempfile.NamedTemporaryFile(suffix='.zip', delete=False) as tmp_zip:
+            zip_path = tmp_zip.name
+        try:
+            # 打包 Skill 目录
+            self._create_zip(skill_path, zip_path)
+            # 准备请求
+            with open(zip_path, 'rb') as f:
+                files = {'file': (os.path.basename(skill_path) + '.zip', f, 'application/zip')}
+                data = {
+                    'policy': policy,
+                    'use_llm': str(use_llm).lower(),
+                    'use_behavioral': str(use_behavioral).lower(),
+                    'use_virustotal': str(use_virustotal).lower(),
+                    'use_aidefense': str(use_aidefense).lower(),
+                    'use_trigger': str(use_trigger).lower(),
+                    'enable_meta': str(enable_meta).lower()
+                }
+                # 添加认证头
+                headers = {}
+                if vt_api_key:
+                    headers['X-VirusTotal-Key'] = vt_api_key
+                if aidefense_api_key:
+                    headers['X-AIDefense-Key'] = aidefense_api_key
+                response = self.session.post(
+                    f"{self.base_url}/scan-upload",
+                    files=files,
+                    data=data,
+                    headers=headers,
+                    timeout=REQUEST_TIMEOUT
+                )
+                response.raise_for_status()
+                return response.json()
+        finally:
+            # 清理临时文件
+            if os.path.exists(zip_path):
+                os.unlink(zip_path)
+    def scan_batch_upload(
+        self,
+        skill_paths: List[str],
+        policy: str = "balanced",
+        use_llm: bool = False,
+        use_behavioral: bool = False,
+        max_concurrent: int = 3
+    ) -> List[Dict[str, Any]]:
+        """批量上传多个 Skill（客户端循环上传）
+        注意：API 不支持批量上传，这里是客户端实现
+        """
+        results = []
+        for i, skill_path in enumerate(skill_paths, 1):
+            print(f"[{i}/{len(skill_paths)}] 正在扫描: {skill_path}")
+            try:
+                result = self.scan_upload(
+                    skill_path,
+                    policy=policy,
+                    use_llm=use_llm,
+                    use_behavioral=use_behavioral
+                )
+                results.append({
+                    'path': skill_path,
+                    'success': True,
+                    'result': result
+                })
+                status = "✓" if result.get('is_safe', False) else "✗"
+                print(f"  {status} {result.get('skill_name', 'Unknown')}: {result.get('findings_count', 0)} 个发现")
+            except Exception as e:
+                results.append({
+                    'path': skill_path,
+                    'success': False,
+                    'error': str(e)
+                })
+                print(f"  ✗ 失败: {e}")
+        return results
+    def scan_batch(
+        self,
+        skills_dir: str,
+        recursive: bool = False,
+        check_overlap: bool = False,
+        policy: str = "balanced",
+        use_llm: bool = False,
+        use_behavioral: bool = False
+    ) -> str:
+        """批量异步扫描（服务器本地目录），返回 scan_id
+        对应 API: POST /scan-batch
+        - 扫描服务器本地目录中的多个技能
+        - 异步执行，返回 scan_id
+        - 需要轮询 GET /scan-batch/{scan_id} 获取结果
+        """
+        data = {
+            'skills_directory': skills_dir,
+            'recursive': recursive,
+            'check_overlap': check_overlap,
+            'policy': policy,
+            'use_llm': use_llm,
+            'use_behavioral': use_behavioral
+        }
+        response = self.session.post(
+            f"{self.base_url}/scan-batch",
+            json=data,
+            timeout=30
+        )
+        response.raise_for_status()
+        return response.json()['scan_id']
+    def get_batch_result(self, scan_id: str) -> Dict[str, Any]:
+        """获取批量扫描结果"""
+        response = self.session.get(
+            f"{self.base_url}/scan-batch/{scan_id}",
+            timeout=10
+        )
+        response.raise_for_status()
+        return response.json()
+    def wait_for_batch(self, scan_id: str, poll_interval: int = 5) -> Dict[str, Any]:
+        """等待批量扫描完成"""
+        while True:
+            result = self.get_batch_result(scan_id)
+            status = result.get('status')
+            if status == 'completed':
+                return result['result']
+            elif status == 'failed':
+                raise Exception(f"批量扫描失败: {result.get('error')}")
+            time.sleep(poll_interval)
+    @staticmethod
+    def _create_zip(source_dir: str, zip_path: str):
+        """创建 ZIP 文件"""
+        with zipfile.ZipFile(zip_path, 'w', zipfile.ZIP_DEFLATED) as zipf:
+            source_path = Path(source_dir)
+            for file_path in source_path.rglob('*'):
+                if file_path.is_file():
+                    arcname = file_path.relative_to(source_path.parent)
+                    zipf.write(file_path, arcname)
+# ── 格式化输出 ────────────────────────────────────────────────────────────────
+def format_scan_result(result: Dict[str, Any], detailed: bool = False) -> str:
+    """格式化扫描结果"""
+    lines = []
+    # 基本信息
+    skill_name = result.get('skill_name', 'Unknown')
+    is_safe = result.get('is_safe', False)
+    max_severity = result.get('max_severity', 'NONE')
+    findings_count = result.get('findings_count', 0)
     # 状态行
-    if is_safe:
-        status = GREEN("✅ 安全")
-    else:
-        status = RED("❌ 发现问题") if max_sev in ("CRITICAL", "HIGH") else YELLOW("⚠️  需关注")
-    print(f"  状态: {status}  |  最高严重级别: {severity_label(max_sev)}  |  发现: {len(findings)} 条")
-    # 详细 findings
-    if findings and getattr(args, "detailed", False):
-        print(f"\n  {BOLD('发现详情:')}")
-        for i, f in enumerate(findings, 1):
-            sev  = str(getattr(f, "severity", "INFO")).upper()
-            name = getattr(f, "rule_id", getattr(f, "name", "unknown"))
-            desc = getattr(f, "description", getattr(f, "message", ""))
-            loc  = getattr(f, "location", getattr(f, "file", ""))
-            print(f"  {DIM(str(i)+'.')} {severity_label(sev)} {BOLD(name)}")
-            if desc:
-                print(f"     {desc}")
-            if loc:
-                print(f"     {DIM('位置: ' + str(loc))}")
-    elif findings and not getattr(args, "detailed", False):
-        # 非 detailed 模式只显示 HIGH/CRITICAL
-        serious = [f for f in findings if str(getattr(f, "severity", "")).upper() in ("CRITICAL", "HIGH")]
-        if serious:
-            print(f"\n  {BOLD('HIGH/CRITICAL 问题:')}")
-            for f in serious:
-                sev  = str(getattr(f, "severity", "HIGH")).upper()
-                name = getattr(f, "rule_id", getattr(f, "name", "unknown"))
-                desc = getattr(f, "description", getattr(f, "message", ""))
-                print(f"    {severity_label(sev)} {BOLD(name)}: {desc}")
-    return {
-        "path":         str(skill_path),
-        "name":         skill_path.name,
-        "is_safe":      is_safe,
-        "max_severity": max_sev,
-        "findings":     len(findings),
-    }
-# ── 批量扫描 ──────────────────────────────────────────────────────────────────
-def scan_batch(directory: str, args) -> list[dict]:
-    base = Path(directory).expanduser().resolve()
-    if not base.exists() or not base.is_dir():
-        print(RED(f"❌ 目录不存在: {base}"))
-        return []
+    status_icon = GREEN("✓") if is_safe else RED("✗")
+    lines.append(f"{status_icon} {BOLD(skill_name)}")
+    lines.append(f"  严重性: {_severity_color(max_severity)}")
+    lines.append(f"  发现数: {findings_count}")
+    # 详细发现
+    if detailed and findings_count > 0:
+        findings = result.get('findings', [])
+        lines.append("")
+        lines.append(BOLD("发现详情:"))
+        for i, finding in enumerate(findings[:10], 1):  # 最多显示 10 条
+            severity = finding.get('severity', 'UNKNOWN')
+            category = finding.get('category', 'Unknown')
+            description = finding.get('description', 'No description')
+            lines.append(f"  {i}. [{_severity_color(severity)}] {category}")
+            lines.append(f"     {description}")
+        if len(findings) > 10:
+            lines.append(f"  ... 还有 {len(findings) - 10} 条发现")
+    return "\n".join(lines)
-    # 查找所有含 SKILL.md 的子目录
-    skills: list[Path] = []
-    if getattr(args, "recursive", False):
-        for skill_md in sorted(base.rglob("SKILL.md")):
-            skills.append(skill_md.parent)
+def format_batch_result(result: Dict[str, Any]) -> str:
+    """格式化批量扫描结果"""
+    lines = []
+    total = result.get('total_skills_scanned', 0)
+    safe = result.get('safe_skills', 0)
+    unsafe = result.get('unsafe_skills', 0)
+    lines.append(BOLD("批量扫描结果"))
+    lines.append(f"  总计: {total} 个 Skills")
+    lines.append(f"  安全: {GREEN(str(safe))}")
+    lines.append(f"  问题: {RED(str(unsafe))}")
+    # 问题 Skills 列表
+    if unsafe > 0:
+        skills = result.get('skills', [])
+        unsafe_skills = [s for s in skills if not s.get('is_safe', True)]
+        lines.append("")
+        lines.append(BOLD("问题 Skills:"))
+        for skill in unsafe_skills[:10]:
+            name = skill.get('skill_name', 'Unknown')
+            severity = skill.get('max_severity', 'UNKNOWN')
+            count = skill.get('findings_count', 0)
+            lines.append(f"  • {name} [{_severity_color(severity)}] - {count} 条发现")
+    return "\n".join(lines)
+def _severity_color(severity: str) -> str:
+    """严重性着色"""
+    severity_upper = severity.upper()
+    if severity_upper in ('CRITICAL', 'HIGH'):
+        return RED(severity_upper)
+    elif severity_upper == 'MEDIUM':
+        return YELLOW(severity_upper)
+    elif severity_upper == 'LOW':
+        return CYAN(severity_upper)
     else:
-        for entry in sorted(base.iterdir()):
-            if entry.is_dir() and (entry / "SKILL.md").exists():
-                skills.append(entry)
-    if not skills:
-        print(YELLOW(f"⚠️  在 {base} 中未找到任何 Skill（含 SKILL.md 的目录）"))
-        return []
-    print(f"\n{BOLD('📂 批量扫描目录:')} {CYAN(str(base))}")
-    print(f"   发现 {BOLD(str(len(skills)))} 个 Skill\n")
-    print("─" * 60)
-    results = []
-    safe_count    = 0
-    unsafe_count  = 0
-    error_count   = 0
-    for skill_path in skills:
-        r = scan_single(str(skill_path), args)
-        results.append(r)
-        if r.get("error"):
-            error_count += 1
-        elif r.get("is_safe"):
-            safe_count += 1
-        else:
-            unsafe_count += 1
-    # 汇总
-    print("\n" + "═" * 60)
-    print(BOLD("📊 批量扫描汇总"))
-    print("═" * 60)
-    print(f"  总计:    {len(results)} 个 Skill")
-    print(f"  {GREEN('✅ 安全:')}   {safe_count} 个")
-    print(f"  {RED('❌ 问题:')}   {unsafe_count} 个")
-    if error_count:
-        print(f"  {YELLOW('⚠️  错误:')}   {error_count} 个")
+        return DIM(severity_upper)
-    # 问题 Skill 列表
-    unsafe = [r for r in results if not r.get("is_safe") and not r.get("error")]
-    if unsafe:
-        print(f"\n  {BOLD(RED('需要关注的 Skills:'))}")
-        for r in unsafe:
-            sev = r.get("max_severity", "UNKNOWN")
-            print(f"    {severity_label(sev)} {r['name']}  ({r.get('findings', 0)} 条发现)")
-            print(f"        {DIM(r['path'])}")
-    return results
-# ── JSON 输出 ─────────────────────────────────────────────────────────────────
-def save_json(data, output_path: str):
-    with open(output_path, "w", encoding="utf-8") as f:
-        json.dump(data, f, ensure_ascii=False, indent=2)
-    print(f"\n{GREEN('💾 结果已保存:')} {output_path}")
-# ── CLI 入口 ──────────────────────────────────────────────────────────────────
+# ── 命令行接口 ────────────────────────────────────────────────────────────────
 def main():
     parser = argparse.ArgumentParser(
-        prog="scan.py",
-        description="OpenClaw Skills 安全扫描器（基于 cisco-ai-skill-scanner）",
-        formatter_class=argparse.RawDescriptionHelpFormatter,
-        epilog="""
-示例:
-  单个扫描:
-    python scan.py scan ~/.openclaw/skills/my-skill
-    python scan.py scan ./my-skill --detailed --behavioral
-  批量扫描:
-    python scan.py batch ~/.openclaw/skills
-    python scan.py batch ~/.openclaw/skills --recursive --json results.json
-    python scan.py batch ./skills --detailed --llm
-        """,
+        description="OpenClaw Skills Security Scanner (HTTP Client)",
+        formatter_class=argparse.RawDescriptionHelpFormatter
     )
-    sub = parser.add_subparsers(dest="command", required=True)
-    # -- scan 子命令
-    p_scan = sub.add_parser("scan", help="扫描单个 Skill 目录")
-    p_scan.add_argument("path", help="Skill 目录路径（含 SKILL.md 的文件夹）")
-    p_scan.add_argument("--detailed",   action="store_true", help="显示所有 findings 详情")
-    p_scan.add_argument("--behavioral", action="store_true", help="启用行为分析器（AST dataflow）")
-    p_scan.add_argument("--llm",        action="store_true", help="启用 LLM 语义分析器（需要 API Key）")
-    p_scan.add_argument("--json",       metavar="FILE",      help="将结果保存为 JSON 文件")
-    # -- batch 子命令
-    p_batch = sub.add_parser("batch", help="批量扫描目录下所有 Skills")
-    p_batch.add_argument("directory", help="包含多个 Skill 的目录")
-    p_batch.add_argument("--recursive",  action="store_true", help="递归扫描子目录")
-    p_batch.add_argument("--detailed",   action="store_true", help="显示所有 findings 详情")
-    p_batch.add_argument("--behavioral", action="store_true", help="启用行为分析器")
-    p_batch.add_argument("--llm",        action="store_true", help="启用 LLM 语义分析器")
-    p_batch.add_argument("--json",       metavar="FILE",      help="将结果保存为 JSON 文件")
+    parser.add_argument(
+        '--api-url',
+        default=DEFAULT_API_URL,
+        help=f'API 服务地址 (默认: {DEFAULT_API_URL})'
+    )
+    subparsers = parser.add_subparsers(dest='command', help='命令')
+    # scan 命令
+    scan_parser = subparsers.add_parser('scan', help='扫描单个 Skill（上传 ZIP）')
+    scan_parser.add_argument('path', help='Skill 目录路径')
+    scan_parser.add_argument('--detailed', action='store_true', help='显示详细发现')
+    scan_parser.add_argument('--behavioral', action='store_true', help='启用行为分析')
+    scan_parser.add_argument('--llm', action='store_true', help='启用 LLM 分析')
+    scan_parser.add_argument('--virustotal', action='store_true', help='启用 VirusTotal')
+    scan_parser.add_argument('--aidefense', action='store_true', help='启用 AI Defense')
+    scan_parser.add_argument('--trigger', action='store_true', help='启用触发器分析')
+    scan_parser.add_argument('--meta', action='store_true', help='启用元分析（误报过滤）')
+    scan_parser.add_argument('--policy', default='balanced', help='扫描策略')
+    scan_parser.add_argument('--json', metavar='FILE', help='输出 JSON 到文件')
+    # batch 命令（服务器本地路径批量扫描）
+    batch_parser = subparsers.add_parser('batch', help='批量扫描（服务器本地目录）')
+    batch_parser.add_argument('path', help='Skills 目录路径（服务器本地）')
+    batch_parser.add_argument('--recursive', action='store_true', help='递归扫描')
+    batch_parser.add_argument('--check-overlap', action='store_true', help='检查技能描述重叠')
+    batch_parser.add_argument('--policy', default='balanced', help='扫描策略')
+    batch_parser.add_argument('--json', metavar='FILE', help='输出 JSON 到文件')
+    # batch-upload 命令（客户端批量上传）
+    batch_upload_parser = subparsers.add_parser('batch-upload', help='批量上传多个 Skills（客户端循环）')
+    batch_upload_parser.add_argument('paths', nargs='+', help='多个 Skill 目录路径')
+    batch_upload_parser.add_argument('--behavioral', action='store_true', help='启用行为分析')
+    batch_upload_parser.add_argument('--llm', action='store_true', help='启用 LLM 分析')
+    batch_upload_parser.add_argument('--policy', default='balanced', help='扫描策略')
+    batch_upload_parser.add_argument('--json', metavar='FILE', help='输出 JSON 到文件')
+    # health 命令
+    subparsers.add_parser('health', help='健康检查')
     args = parser.parse_args()
-    if args.command == "scan":
-        result = scan_single(args.path, args)
-        if args.json:
-            save_json(result, args.json)
-        # 退出码：不安全返回 1
-        sys.exit(0 if result.get("is_safe") else 1)
-    elif args.command == "batch":
-        results = scan_batch(args.directory, args)
-        if args.json:
-            save_json(results, args.json)
-        unsafe = [r for r in results if not r.get("is_safe")]
-        sys.exit(0 if not unsafe else 1)
-if __name__ == "__main__":
+    if not args.command:
+        parser.print_help()
+        sys.exit(1)
+    # 创建客户端
+    client = SkillScannerClient(args.api_url)
+    try:
+        if args.command == 'health':
+            health_result = client.health_check()
+            if health_result['status'] == 'healthy':
+                print(GREEN("✓") + " API 服务正常")
+                # 显示详细信息
+                data = health_result.get('data', {})
+                if data:
+                    print(f"  版本: {data.get('version', 'Unknown')}")
+                    analyzers = data.get('analyzers_available', [])
+                    if analyzers:
+                        print(f"  可用分析器: {', '.join(analyzers)}")
+                    # 输出 JSON 供程序解析
+                    print(json.dumps(data))
+                sys.exit(0)
+            else:
+                print(RED("✗") + f" API 服务不可用: {args.api_url}")
+                error = health_result.get('error', '未知错误')
+                print(f"  错误: {error}")
+                sys.exit(1)
+        elif args.command == 'scan':
+            print(f"正在扫描: {args.path}")
+            result = client.scan_upload(
+                args.path,
+                policy=args.policy,
+                use_llm=args.llm,
+                use_behavioral=args.behavioral,
+                use_virustotal=args.virustotal if hasattr(args, 'virustotal') else False,
+                use_aidefense=args.aidefense if hasattr(args, 'aidefense') else False,
+                use_trigger=args.trigger if hasattr(args, 'trigger') else False,
+                enable_meta=args.meta if hasattr(args, 'meta') else False
+            )
+            # 输出结果
+            if args.json:
+                with open(args.json, 'w') as f:
+                    json.dump(result, f, indent=2)
+                print(f"结果已保存到: {args.json}")
+            else:
+                print(format_scan_result(result, args.detailed))
+            # 退出码
+            sys.exit(0 if result.get('is_safe', False) else 1)
+        elif args.command == 'batch':
+            print(f"正在批量扫描: {args.path}")
+            scan_id = client.scan_batch(
+                args.path,
+                recursive=args.recursive,
+                check_overlap=args.check_overlap if hasattr(args, 'check_overlap') else False,
+                policy=args.policy
+            )
+            print(f"扫描 ID: {scan_id}")
+            print("等待扫描完成...")
+            result = client.wait_for_batch(scan_id)
+            # 输出结果
+            if args.json:
+                with open(args.json, 'w') as f:
+                    json.dump(result, f, indent=2)
+                print(f"结果已保存到: {args.json}")
+            else:
+                print(format_batch_result(result))
+            # 退出码
+            unsafe = result.get('unsafe_skills', 0)
+            sys.exit(0 if unsafe == 0 else 1)
+        elif args.command == 'batch-upload':
+            print(f"正在批量上传 {len(args.paths)} 个 Skills...")
+            results = client.scan_batch_upload(
+                args.paths,
+                policy=args.policy,
+                use_llm=args.llm,
+                use_behavioral=args.behavioral
+            )
+            # 统计结果
+            total = len(results)
+            success = sum(1 for r in results if r['success'])
+            failed = total - success
+            # 输出结果
+            if args.json:
+                with open(args.json, 'w') as f:
+                    json.dump(results, f, indent=2)
+                print(f"\n结果已保存到: {args.json}")
+            print(f"\n批量上传完成: {success}/{total} 成功, {failed} 失败")
+            # 退出码
+            sys.exit(0 if failed == 0 else 1)
+    except requests.exceptions.ConnectionError:
+        print(RED("✗") + f" 无法连接到 API 服务: {args.api_url}")
+        print("请确保 skill-scanner-api 服务正在运行")
+        sys.exit(1)
+    except requests.exceptions.Timeout:
+        print(RED("✗") + " 请求超时")
+        sys.exit(1)
+    except requests.exceptions.HTTPError as e:
+        print(RED("✗") + f" HTTP 错误: {e}")
+        if e.response is not None:
+            try:
+                error_detail = e.response.json()
+                print(f"详情: {error_detail}")
+            except:
+                print(f"响应: {e.response.text}")
+        sys.exit(1)
+    except Exception as e:
+        print(RED("✗") + f" 错误: {e}")
+        import traceback
+        traceback.print_exc()
+        sys.exit(1)
+if __name__ == '__main__':
     main()