@pwddd/skills-scanner 3.0.16 → 3.0.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -9
- package/index.ts +4 -3
- package/openclaw.plugin.json +3 -3
- package/package.json +1 -1
- package/src/config.ts +3 -3
- package/src/cron.ts +5 -5
package/README.md
CHANGED
|
@@ -6,7 +6,7 @@ OpenClaw Skills 安全扫描插件,用于检测 Skills 中的潜在安全威
|
|
|
6
6
|
|
|
7
7
|
- 🔍 **自动扫描**: 监听 Skills 目录,自动扫描新安装的 Skill
|
|
8
8
|
- 🌐 **ClawHub 扫描**: 直接扫描 ClawHub 上的 Skill,无需手动下载
|
|
9
|
-
- 📊
|
|
9
|
+
- 📊 **定时周报**: 每周一自动生成安全扫描报告
|
|
10
10
|
- 🛡️ **多种策略**: 支持 strict/balanced/permissive 三种扫描策略
|
|
11
11
|
- 🤖 **LLM 分析**: 可选的 LLM 语义分析
|
|
12
12
|
- 🔒 **自动隔离**: 检测到不安全的 Skill 自动隔离或删除
|
|
@@ -38,7 +38,7 @@ openclaw plugins install @openclaw/skills-scanner
|
|
|
38
38
|
"useLLM": false,
|
|
39
39
|
"policy": "balanced",
|
|
40
40
|
"preInstallScan": "on",
|
|
41
|
-
"onUnsafe": "
|
|
41
|
+
"onUnsafe": "warn"
|
|
42
42
|
}
|
|
43
43
|
}
|
|
44
44
|
}
|
|
@@ -60,9 +60,9 @@ openclaw plugins install @openclaw/skills-scanner
|
|
|
60
60
|
- `on`: 启用(推荐)
|
|
61
61
|
- `off`: 禁用
|
|
62
62
|
- `onUnsafe`: 发现不安全 Skill 的处理方式
|
|
63
|
-
- `
|
|
63
|
+
- `warn`: 仅警告,不处理(推荐)
|
|
64
|
+
- `quarantine`: 移入隔离目录
|
|
64
65
|
- `delete`: 直接删除
|
|
65
|
-
- `warn`: 仅警告,不处理
|
|
66
66
|
|
|
67
67
|
## 使用方法
|
|
68
68
|
|
|
@@ -168,7 +168,7 @@ skill-scanner-api
|
|
|
168
168
|
2. **文件监控**: 监听配置的 Skills 目录
|
|
169
169
|
3. **自动扫描**: 检测到新 Skill 时自动触发扫描
|
|
170
170
|
4. **结果处理**: 根据配置隔离/删除/警告不安全的 Skill
|
|
171
|
-
5.
|
|
171
|
+
5. **定时周报**: 每周一 12:05 自动生成安全报告
|
|
172
172
|
|
|
173
173
|
## 故障排除
|
|
174
174
|
|
|
@@ -225,14 +225,16 @@ Windows 使用反斜杠 `\` 作为路径分隔符,但插件会自动处理。
|
|
|
225
225
|
|
|
226
226
|
### 定时任务未注册
|
|
227
227
|
|
|
228
|
+
定时任务会在插件启动时自动注册。如果需要手动注册:
|
|
229
|
+
|
|
228
230
|
```bash
|
|
229
231
|
# 手动注册定时任务
|
|
230
|
-
/skills-scanner cron
|
|
232
|
+
/skills-scanner cron setup
|
|
231
233
|
|
|
232
234
|
# 或使用 CLI
|
|
233
235
|
openclaw cron add \
|
|
234
|
-
--name "skills-
|
|
235
|
-
--cron "
|
|
236
|
+
--name "skills-weekly-report" \
|
|
237
|
+
--cron "5 12 * * 1" \
|
|
236
238
|
--tz "Asia/Shanghai" \
|
|
237
239
|
--session isolated \
|
|
238
240
|
--message "请执行 /skills-scanner scan --report 并把结果发送到此渠道" \
|
|
@@ -269,7 +271,7 @@ MIT
|
|
|
269
271
|
- `useLLM`: 启用 LLM 语义分析
|
|
270
272
|
- `policy`: 扫描策略 (`strict` / `balanced` / `permissive`)
|
|
271
273
|
- `preInstallScan`: 安装前扫描 (`on` / `off`)
|
|
272
|
-
- `onUnsafe`: 不安全时的处理 (`
|
|
274
|
+
- `onUnsafe`: 不安全时的处理 (`warn` / `quarantine` / `delete`)
|
|
273
275
|
- `injectSecurityGuidance`: 向 AI 系统提示词注入安全规则(默认 `true`)
|
|
274
276
|
|
|
275
277
|
## 🆕 AI 安全提示功能
|
package/index.ts
CHANGED
|
@@ -49,7 +49,7 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
49
49
|
const useLLM = cfg.useLLM ?? false;
|
|
50
50
|
const policy = cfg.policy ?? "balanced";
|
|
51
51
|
const preInstallScan = cfg.preInstallScan ?? "on";
|
|
52
|
-
const onUnsafe = cfg.onUnsafe ?? "
|
|
52
|
+
const onUnsafe = cfg.onUnsafe ?? "warn";
|
|
53
53
|
const injectSecurityGuidance = cfg.injectSecurityGuidance ?? true;
|
|
54
54
|
const enablePromptInjectionGuard = cfg.enablePromptInjectionGuard ?? false;
|
|
55
55
|
const enableHighRiskOperationGuard = cfg.enableHighRiskOperationGuard ?? false;
|
|
@@ -170,8 +170,9 @@ export default function register(api: OpenClawPluginApi) {
|
|
|
170
170
|
api.logger.info("[skills-scanner] ⏭️ Pre-install scan disabled");
|
|
171
171
|
}
|
|
172
172
|
|
|
173
|
-
//
|
|
174
|
-
|
|
173
|
+
// Auto-register cron job
|
|
174
|
+
api.logger.info("[skills-scanner] 🕐 Setting up weekly report cron job...");
|
|
175
|
+
await ensureCronJob(api.logger);
|
|
175
176
|
},
|
|
176
177
|
stop: () => {
|
|
177
178
|
api.logger.info("[skills-scanner] 🛑 Service stopping...");
|
package/openclaw.plugin.json
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"id": "skills-scanner",
|
|
3
3
|
"name": "Skills Scanner",
|
|
4
4
|
"description": "Security scanner for OpenClaw Skills to detect potential threats",
|
|
5
|
-
"version": "3.0.
|
|
5
|
+
"version": "3.0.18",
|
|
6
6
|
"author": "pwddd",
|
|
7
7
|
"skills": ["./skills"],
|
|
8
8
|
"configSchema": {
|
|
@@ -47,8 +47,8 @@
|
|
|
47
47
|
"onUnsafe": {
|
|
48
48
|
"type": "string",
|
|
49
49
|
"enum": ["quarantine", "delete", "warn"],
|
|
50
|
-
"description": "Action to take when unsafe Skill is detected: quarantine
|
|
51
|
-
"default": "
|
|
50
|
+
"description": "Action to take when unsafe Skill is detected: quarantine / delete / warn (recommended)",
|
|
51
|
+
"default": "warn"
|
|
52
52
|
},
|
|
53
53
|
"injectSecurityGuidance": {
|
|
54
54
|
"type": "boolean",
|
package/package.json
CHANGED
package/src/config.ts
CHANGED
|
@@ -92,7 +92,7 @@ export const skillsScannerConfigSchema: OpenClawPluginConfigSchema = {
|
|
|
92
92
|
},
|
|
93
93
|
onUnsafe: {
|
|
94
94
|
label: "不安全处理",
|
|
95
|
-
help: "quarantine
|
|
95
|
+
help: "warn=仅警告(推荐)/ quarantine=隔离 / delete=删除"
|
|
96
96
|
}
|
|
97
97
|
}
|
|
98
98
|
};
|
|
@@ -142,7 +142,7 @@ export function generateConfigGuide(
|
|
|
142
142
|
' "useLLM": false,',
|
|
143
143
|
' "policy": "balanced",',
|
|
144
144
|
' "preInstallScan": "on",',
|
|
145
|
-
' "onUnsafe": "
|
|
145
|
+
' "onUnsafe": "warn"',
|
|
146
146
|
' }',
|
|
147
147
|
' }',
|
|
148
148
|
' }',
|
|
@@ -158,7 +158,7 @@ export function generateConfigGuide(
|
|
|
158
158
|
"4. useLLM false=不使用 LLM(推荐),true=语义分析",
|
|
159
159
|
"5. policy strict / balanced(推荐)/ permissive",
|
|
160
160
|
"6. preInstallScan on=监听新 Skill 并自动扫描(推荐),off=禁用",
|
|
161
|
-
"7. onUnsafe quarantine
|
|
161
|
+
"7. onUnsafe warn=仅警告(推荐),quarantine=隔离,delete=删除",
|
|
162
162
|
"",
|
|
163
163
|
"🚀 快速开始:",
|
|
164
164
|
" 编辑配置文件后重启 Gateway",
|
package/src/cron.ts
CHANGED
|
@@ -5,8 +5,8 @@
|
|
|
5
5
|
import { execSync } from "node:child_process";
|
|
6
6
|
import { loadState, saveState } from "./state.js";
|
|
7
7
|
|
|
8
|
-
const CRON_JOB_NAME = "skills-
|
|
9
|
-
const CRON_SCHEDULE = "
|
|
8
|
+
const CRON_JOB_NAME = "skills-weekly-report";
|
|
9
|
+
const CRON_SCHEDULE = "5 12 * * 1"; // 每周一 12:05
|
|
10
10
|
const CRON_TIMEZONE = "Asia/Shanghai";
|
|
11
11
|
|
|
12
12
|
/**
|
|
@@ -200,7 +200,7 @@ async function ensureCronJobViaCLI(logger: any): Promise<void> {
|
|
|
200
200
|
saveState({ ...state, cronJobId });
|
|
201
201
|
logger.info(`[skills-scanner] ✅ Job created successfully: ${cronJobId}`);
|
|
202
202
|
logger.info(
|
|
203
|
-
`[skills-scanner] 📅 Schedule:
|
|
203
|
+
`[skills-scanner] 📅 Schedule: Every Monday at 12:05 (${CRON_TIMEZONE})`
|
|
204
204
|
);
|
|
205
205
|
logger.info("[skills-scanner] 📬 Reports will be delivered to the last active channel");
|
|
206
206
|
} else {
|
|
@@ -259,11 +259,11 @@ export function checkCronJobStatus(logger: any): void {
|
|
|
259
259
|
|
|
260
260
|
if (state.cronJobId) {
|
|
261
261
|
logger.info(`[skills-scanner] ✅ Cron job registered: ${state.cronJobId}`);
|
|
262
|
-
logger.info("[skills-scanner] 📅
|
|
262
|
+
logger.info("[skills-scanner] 📅 Weekly reports will be sent every Monday at 12:05 (Asia/Shanghai)");
|
|
263
263
|
} else {
|
|
264
264
|
logger.info("[skills-scanner] 💡 Cron job not configured yet");
|
|
265
265
|
logger.info("[skills-scanner]");
|
|
266
|
-
logger.info("[skills-scanner] To enable
|
|
266
|
+
logger.info("[skills-scanner] To enable weekly security reports, run:");
|
|
267
267
|
logger.info("[skills-scanner]");
|
|
268
268
|
logger.info("[skills-scanner] npx openclaw cron add \\");
|
|
269
269
|
logger.info(`[skills-scanner] --name "${CRON_JOB_NAME}" \\`);
|