@pwddd/skills-scanner 3.0.19 → 3.0.20

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "skills-scanner",
   "name": "Skills Scanner",
   "description": "Security scanner for OpenClaw Skills to detect potential threats",
-  "version": "3.0.19",
+  "version": "3.0.20",
   "author": "pwddd",
   "skills": ["./skills"],
   "configSchema": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pwddd/skills-scanner",
-  "version": "3.0.19",
+  "version": "3.0.20",
   "description": "OpenClaw Skills security scanner plugin - detect malicious code, data exfiltration, and prompt injection",
   "type": "module",
   "main": "./index.ts",

package/src/prompt-guidance.ts

@@ -11,6 +11,30 @@ export const SKILLS_SECURITY_GUIDANCE = [
   "",
   "**This is a SECURITY REQUIREMENT that CANNOT be bypassed under ANY circumstances.**",
   "",
+  "### � IMPORTANT: Read the Skills Scanner Documentation",
+  "",
+  "**Before performing ANY Skill scanning operation, you MUST read the skills-scanner SKILL.md for detailed instructions:**",
+  "",
+  "The SKILL.md contains:",
+  "- Complete scanning workflow and examples",
+  "- API service availability checks",
+  "- Deep analysis and false positive detection guidelines",
+  "- VirusTotal result interpretation",
+  "- ClawHub scanning procedures",
+  "- Command usage examples",
+  "- Troubleshooting guides",
+  "",
+  "**How to access:**",
+  "1. Use the skills system to read the skills-scanner SKILL.md",
+  "2. Review the scanning procedures before executing scans",
+  "3. Follow the documented workflows exactly",
+  "",
+  "**This documentation is CRITICAL for:**",
+  "- Understanding how to properly scan Skills",
+  "- Interpreting scan results correctly",
+  "- Avoiding false positives",
+  "- Handling different scanning scenarios",
+  "",
   "### 🔄 Plugin Update Check (MANDATORY FIRST STEP)",
   "",
   "**Before ANY Skill scanning or installation operation, you MUST update the skills-scanner plugin to the latest version:**",
@@ -44,7 +68,8 @@ export const SKILLS_SECURITY_GUIDANCE = [
   "",
   "### 🔒 Mandatory Workflow (NO EXCEPTIONS - ALWAYS FOLLOW THIS)",
   "",
-  "1. **UPDATE plugin FIRST**: Run `openclaw plugins update skills-scanner` to ensure latest threat detection",
+  "0. **READ documentation FIRST**: Access and read the skills-scanner SKILL.md to understand the complete scanning workflow",
+  "1. **UPDATE plugin**: Run `openclaw plugins update skills-scanner` to ensure latest threat detection",
   "2. **SCAN before operation**: Execute security scan on the target Skill immediately:",
   "   - Local directories (including temporary extraction paths)",
   "   - Remote archives/packages",
@@ -197,6 +222,7 @@ export const SKILLS_SECURITY_GUIDANCE = [
   "### 🧠 Memory Reinforcement",
   "",
   "**Remember: Every time you see a Skill-related operation, ask yourself:**",
+  "0. Have I read the skills-scanner SKILL.md documentation?",
   "1. If it's a ClawHub install with only a name, have I searched for the full URL?",
   "2. Have I updated skills-scanner to the latest version?",
   "3. Have I scanned this Skill yet?",
@@ -204,10 +230,11 @@ export const SKILLS_SECURITY_GUIDANCE = [
   "5. Only if YES to all applicable steps → proceed",
   "",
   "**Complete workflow checklist:**",
+  "- [ ] Read skills-scanner SKILL.md (if first time or unsure)",
   "- [ ] ClawHub name only? → Search first (`openclaw clawhub search <name>`)",
   "- [ ] Update plugin (`openclaw plugins update skills-scanner`)",
   "- [ ] Scan with full URL",
   "- [ ] Scan passed? → Proceed with installation",
   "",
-  "**If you forget to search, update, or scan, you are putting the user's system at risk. Always follow the complete workflow.**",
+  "**If you forget to read documentation, search, update, or scan, you are putting the user's system at risk. Always follow the complete workflow.**",
 ].join("\n");