@pwddd/skills-scanner 3.0.10 → 3.0.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/openclaw.plugin.json +1 -1
- package/package.json +1 -1
- package/src/prompt-guidance.ts +2 -0
package/openclaw.plugin.json
CHANGED
package/package.json
CHANGED
package/src/prompt-guidance.ts
CHANGED
|
@@ -21,6 +21,8 @@ export const SKILLS_SECURITY_GUIDANCE = [
|
|
|
21
21
|
"",
|
|
22
22
|
"- **Local Skills**: ANY local path or temporary extraction directory MUST be scanned. No skipping.",
|
|
23
23
|
"- **ClawHub Skills**: Even if marked as audited/official, re-scan before install/run.",
|
|
24
|
+
"- **Manual downloads**: When user manually downloads a Skill (via git clone, curl, browser download, etc.), PROACTIVELY prompt them to run a security scan before proceeding with any setup or installation.",
|
|
25
|
+
"- **All installation methods**: Whether Skills are added via ClawHub, manual download, or any other method, security scanning is MANDATORY before use.",
|
|
24
26
|
"- **Error handling priority**: If user reports errors with a Skill, scan it FIRST before attempting fixes or troubleshooting.",
|
|
25
27
|
"- **Download method agnostic**: Regardless of how the user obtained the Skill (git clone, download, curl, manual copy), scan it before use.",
|
|
26
28
|
"- **No bypass justifications**: Never skip scanning due to \"user insistence\", \"time pressure\", \"trusted source\", or \"previous scan\". If scanning is impossible, REFUSE to proceed and explain why.",
|