@pwddd/skills-scanner 3.0.17 → 3.0.18

package/README.md

@@ -6,7 +6,7 @@ OpenClaw Skills 安全扫描插件，用于检测 Skills 中的潜在安全威
 
 - 🔍 **自动扫描**: 监听 Skills 目录，自动扫描新安装的 Skill
 - 🌐 **ClawHub 扫描**: 直接扫描 ClawHub 上的 Skill，无需手动下载
-- 📊 **定时日报**: 每天自动生成安全扫描报告
+- 📊 **定时周报**: 每周一自动生成安全扫描报告
 - 🛡️ **多种策略**: 支持 strict/balanced/permissive 三种扫描策略
 - 🤖 **LLM 分析**: 可选的 LLM 语义分析
 - 🔒 **自动隔离**: 检测到不安全的 Skill 自动隔离或删除
@@ -168,7 +168,7 @@ skill-scanner-api
 2. **文件监控**: 监听配置的 Skills 目录
 3. **自动扫描**: 检测到新 Skill 时自动触发扫描
 4. **结果处理**: 根据配置隔离/删除/警告不安全的 Skill
-5. **定时日报**: 每天 08:00 生成安全报告
+5. **定时周报**: 每周一 12:05 自动生成安全报告
 
 ## 故障排除
 
@@ -225,14 +225,16 @@ Windows 使用反斜杠 `\` 作为路径分隔符，但插件会自动处理。
 
 ### 定时任务未注册
 
+定时任务会在插件启动时自动注册。如果需要手动注册：
+
 ```bash
 # 手动注册定时任务
-/skills-scanner cron register
+/skills-scanner cron setup
 
 # 或使用 CLI
 openclaw cron add \
-  --name "skills-daily-report" \
-  --cron "0 8 * * *" \
+  --name "skills-weekly-report" \
+  --cron "5 12 * * 1" \
   --tz "Asia/Shanghai" \
   --session isolated \
   --message "请执行 /skills-scanner scan --report 并把结果发送到此渠道" \

package/index.ts

@@ -170,8 +170,9 @@ export default function register(api: OpenClawPluginApi) {
         api.logger.info("[skills-scanner] ⏭️  Pre-install scan disabled");
       }
 
-      // Check if cron job needs setup
-      checkCronJobStatus(api.logger);
+      // Auto-register cron job
+      api.logger.info("[skills-scanner] 🕐 Setting up weekly report cron job...");
+      await ensureCronJob(api.logger);
     },
     stop: () => {
       api.logger.info("[skills-scanner] 🛑 Service stopping...");

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "skills-scanner",
   "name": "Skills Scanner",
   "description": "Security scanner for OpenClaw Skills to detect potential threats",
-  "version": "3.0.17",
+  "version": "3.0.18",
   "author": "pwddd",
   "skills": ["./skills"],
   "configSchema": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pwddd/skills-scanner",
-  "version": "3.0.17",
+  "version": "3.0.18",
   "description": "OpenClaw Skills security scanner plugin - detect malicious code, data exfiltration, and prompt injection",
   "type": "module",
   "main": "./index.ts",

package/src/cron.ts

@@ -5,8 +5,8 @@
 import { execSync } from "node:child_process";
 import { loadState, saveState } from "./state.js";
 
-const CRON_JOB_NAME = "skills-daily-report";
-const CRON_SCHEDULE = "0 8 * * *";
+const CRON_JOB_NAME = "skills-weekly-report";
+const CRON_SCHEDULE = "5 12 * * 1";  // 每周一 12:05
 const CRON_TIMEZONE = "Asia/Shanghai";
 
 /**
@@ -200,7 +200,7 @@ async function ensureCronJobViaCLI(logger: any): Promise<void> {
       saveState({ ...state, cronJobId });
       logger.info(`[skills-scanner] ✅ Job created successfully: ${cronJobId}`);
       logger.info(
-        `[skills-scanner] 📅 Schedule: Daily at ${CRON_SCHEDULE.split(" ")[1]}:${CRON_SCHEDULE.split(" ")[0]} (${CRON_TIMEZONE})`
+        `[skills-scanner] 📅 Schedule: Every Monday at 12:05 (${CRON_TIMEZONE})`
       );
       logger.info("[skills-scanner] 📬 Reports will be delivered to the last active channel");
     } else {
@@ -259,11 +259,11 @@ export function checkCronJobStatus(logger: any): void {
   
   if (state.cronJobId) {
     logger.info(`[skills-scanner] ✅ Cron job registered: ${state.cronJobId}`);
-    logger.info("[skills-scanner] 📅 Daily reports will be sent at 08:00 (Asia/Shanghai)");
+    logger.info("[skills-scanner] 📅 Weekly reports will be sent every Monday at 12:05 (Asia/Shanghai)");
   } else {
     logger.info("[skills-scanner] 💡 Cron job not configured yet");
     logger.info("[skills-scanner]");
-    logger.info("[skills-scanner] To enable daily security reports, run:");
+    logger.info("[skills-scanner] To enable weekly security reports, run:");
     logger.info("[skills-scanner]");
     logger.info("[skills-scanner]   npx openclaw cron add \\");
     logger.info(`[skills-scanner]     --name "${CRON_JOB_NAME}" \\`);