npm - @pwddd/skills-scanner - Versions diffs - 2.0.0 → 2.1.0 - Mend

@pwddd/skills-scanner 2.0.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.ts +62 -11
package/package.json +3 -3
package/skills/skills-scanner/scan.py +39 -6

package/index.ts CHANGED Viewed

@@ -568,27 +568,78 @@ export default function register(api: any) {
       const lines = [
         "📋 *Skills Scanner 状态*",
+        `API 服务地址：${apiUrl}`,
         `Python 依赖：${isVenvReady() ? "✅ 就绪" : "❌ 未就绪"}`,
         `Python 路径：${VENV_PYTHON}`,
         `scan.py 路径：${SCAN_SCRIPT}`,
         `安装前扫描：${preInstallScan === "on" ? `✅ 监听中（${onUnsafe}）` : "❌ 已禁用"}`,
+        `扫描策略：${policy}`,
+        `LLM 分析：${useLLM ? "✅ 启用" : "❌ 禁用"}`,
+        `行为分析：${behavioral ? "✅ 启用" : "❌ 禁用"}`,
         `上次扫描：${state.lastScanAt ? new Date(state.lastScanAt).toLocaleString("zh-CN") : "从未"}`,
         `上次问题 Skills：${state.lastUnsafeSkills?.length ? state.lastUnsafeSkills.join(", ") : "无"}`,
         `扫描目录：\n${scanDirs.map(d => `  • ${d}`).join("\n")}`,
       ];
-      // 添加依赖检查
-      try {
-        const versionCheck = execSync(`"${VENV_PYTHON}" -c "import skill_scanner; print(skill_scanner.__version__)"`, { encoding: 'utf-8' });
-        lines.push(`cisco-ai-skill-scanner 版本：${versionCheck.trim()}`);
-      } catch (err: any) {
-        lines.push(`❌ 依赖检查失败：${err.message}`);
-        // 尝试列出已安装的包
+      // API 健康检查
+      if (isVenvReady()) {
+        lines.push("", "🔍 *API 服务检查*");
         try {
-          const pipList = execSync(`"${VENV_PYTHON}" -m pip list`, { encoding: 'utf-8' });
-          lines.push("", "已安装的包：", "```", pipList.trim(), "```");
-        } catch {}
+          // 调用 scan.py health 命令
+          const cmd = `"${VENV_PYTHON}" "${SCAN_SCRIPT}" --api-url "${apiUrl}" health`;
+          // 清除代理环境变量
+          const env = { ...process.env };
+          delete env.http_proxy;
+          delete env.https_proxy;
+          delete env.HTTP_PROXY;
+          delete env.HTTPS_PROXY;
+          delete env.all_proxy;
+          delete env.ALL_PROXY;
+          const { stdout, stderr } = await execAsync(cmd, { timeout: 5000, env });
+          const output = (stdout + stderr).trim();
+          if (output.includes("✓") || output.includes("正常")) {
+            lines.push(`API 服务：✅ 正常`);
+            // 尝试解析可用的分析器信息
+            if (output.includes("analyzers_available")) {
+              try {
+                // 从输出中提取 JSON（如果有的话）
+                const jsonMatch = output.match(/\{[\s\S]*\}/);
+                if (jsonMatch) {
+                  const healthData = JSON.parse(jsonMatch[0]);
+                  if (healthData.analyzers_available) {
+                    lines.push(`可用分析器：${healthData.analyzers_available.join(", ")}`);
+                  }
+                  if (healthData.version) {
+                    lines.push(`API 版本：${healthData.version}`);
+                  }
+                }
+              } catch {}
+            }
+          } else {
+            lines.push(`API 服务：❌ 不可用`);
+            lines.push(`响应：${output}`);
+          }
+        } catch (err: any) {
+          lines.push(`API 服务：❌ 连接失败`);
+          const errorMsg = err.message || err.toString();
+          if (errorMsg.includes("ECONNREFUSED") || errorMsg.includes("无法连接")) {
+            lines.push(`错误：无法连接到 ${apiUrl}`);
+          } else {
+            lines.push(`错误：${errorMsg}`);
+          }
+          lines.push("", "💡 请确保 skill-scanner-api 服务正在运行：");
+          lines.push("```");
+          lines.push("skill-scanner-api");
+          lines.push("# 或指定端口");
+          lines.push("skill-scanner-api --port 8080");
+          lines.push("```");
+        }
+      } else {
+        lines.push("", "⚠️ Python 依赖未就绪，无法检查 API 服务");
       }
       if (alerts.length > 0) {

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@pwddd/skills-scanner",
-  "version": "2.0.0",
-  "description": "OpenClaw Plugin：Skills 安全扫描、安装前拦截、安全日报",
+  "version": "2.1.0",
+  "description": "OpenClaw Plugin：Skills 安全扫描、安装前拦截、安全日报（HTTP API 客户端模式）",
   "main": "index.ts",
   "files": [
     "index.ts",
@@ -12,7 +12,7 @@
   "openclaw": {
     "extensions": ["./index.ts"]
   },
-  "keywords": ["openclaw", "openclaw-plugin", "security", "skill-scanner"],
+  "keywords": ["openclaw", "openclaw-plugin", "security", "skill-scanner", "http-client"],
   "license": "MIT",
   "publishConfig": {
     "access": "public"

package/skills/skills-scanner/scan.py CHANGED Viewed

@@ -57,13 +57,30 @@ class SkillScannerClient:
         self.base_url = base_url.rstrip('/')
         self.session = requests.Session()
-    def health_check(self) -> bool:
-        """健康检查"""
+    def health_check(self) -> Dict[str, Any]:
+        """健康检查，返回详细信息"""
         try:
             response = self.session.get(f"{self.base_url}/health", timeout=5)
-            return response.status_code == 200
-        except Exception:
-            return False
+            response.raise_for_status()
+            return {
+                'status': 'healthy',
+                'data': response.json()
+            }
+        except requests.exceptions.ConnectionError:
+            return {
+                'status': 'unreachable',
+                'error': f'无法连接到 {self.base_url}'
+            }
+        except requests.exceptions.Timeout:
+            return {
+                'status': 'timeout',
+                'error': '请求超时'
+            }
+        except Exception as e:
+            return {
+                'status': 'error',
+                'error': str(e)
+            }
     def scan_upload(
         self,
@@ -368,11 +385,27 @@ def main():
     try:
         if args.command == 'health':
-            if client.health_check():
+            health_result = client.health_check()
+            if health_result['status'] == 'healthy':
                 print(GREEN("✓") + " API 服务正常")
+                # 显示详细信息
+                data = health_result.get('data', {})
+                if data:
+                    print(f"  版本: {data.get('version', 'Unknown')}")
+                    analyzers = data.get('analyzers_available', [])
+                    if analyzers:
+                        print(f"  可用分析器: {', '.join(analyzers)}")
+                    # 输出 JSON 供程序解析
+                    print(json.dumps(data))
                 sys.exit(0)
             else:
                 print(RED("✗") + f" API 服务不可用: {args.api_url}")
+                error = health_result.get('error', '未知错误')
+                print(f"  错误: {error}")
                 sys.exit(1)
         elif args.command == 'scan':