npm - @pwddd/skills-scanner - Versions diffs - 3.0.21 → 3.0.23 - Mend

@pwddd/skills-scanner 3.0.21 → 3.0.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +2 -2
package/index.ts +1 -1
package/openclaw.plugin.json +2 -2
package/package.json +1 -1
package/skills/skills-scanner/SKILL.md +21 -18
package/skills/skills-scanner/scan.py +1 -1
package/src/config.ts +3 -3
package/src/prompt-guidance.ts +31 -2

package/README.md CHANGED Viewed

@@ -32,7 +32,7 @@ openclaw plugins install @openclaw/skills-scanner
       "skills-scanner": {
         "enabled": true,
         "config": {
-          "apiUrl": "http://10.110.3.133",
+          "apiUrl": "https://110.vemic.com/skills-scanner",
           "scanDirs": ["~/.openclaw/skills", "~/.openclaw/workspace/skills"],
           "behavioral": false,
           "useLLM": false,
@@ -160,7 +160,7 @@ python --version
 skill-scanner-api
 ```
-默认服务地址为 `http://10.110.3.133`，可以在配置中修改。
+默认服务地址为 `https://110.vemic.com/skills-scanner`，可以在配置中修改。
 ## 工作流程

package/index.ts CHANGED Viewed

@@ -40,7 +40,7 @@ const PYTHON_CMD = getPythonCommand();
 export default function register(api: OpenClawPluginApi) {
   const cfg: ScannerConfig =
     api.config?.plugins?.entries?.["skills-scanner"]?.config ?? {};
-  const apiUrl = cfg.apiUrl ?? "http://10.110.3.133";
+  const apiUrl = cfg.apiUrl ?? "https://110.vemic.com/skills-scanner";
   const scanDirs =
     (cfg.scanDirs?.map(expandPath) ?? []).filter(existsSync).length > 0
       ? cfg.scanDirs!.map(expandPath)

package/openclaw.plugin.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "id": "skills-scanner",
   "name": "Skills Scanner",
   "description": "Security scanner for OpenClaw Skills to detect potential threats",
-  "version": "3.0.21",
+  "version": "3.0.23",
   "author": "pwddd",
   "skills": ["./skills"],
   "configSchema": {
@@ -12,7 +12,7 @@
       "apiUrl": {
         "type": "string",
         "description": "Scanner API service URL",
-        "default": "http://10.110.3.133"
+        "default": "https://110.vemic.com/skills-scanner"
       },
       "scanDirs": {
         "type": "array",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pwddd/skills-scanner",
-  "version": "3.0.21",
+  "version": "3.0.23",
   "description": "OpenClaw Skills security scanner plugin - detect malicious code, data exfiltration, and prompt injection",
   "type": "module",
   "main": "./index.ts",

package/skills/skills-scanner/SKILL.md CHANGED Viewed

@@ -150,7 +150,7 @@ AI: 好的，让我先更新 skills-scanner 插件...
 **检查方法**：
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 health
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner health
 ```
 **处理规则**：
@@ -167,7 +167,7 @@ python3 {baseDir}/scan.py --api-url http://10.110.3.133 health
      如需启用安全扫描，请：
      1. 启动 skill-scanner-api 服务
-     2. 确认服务地址配置正确（当前: http://10.110.3.133）
+     2. 确认服务地址配置正确（当前: https://110.vemic.com/skills-scanner）
      3. 重新执行安装操作
      ```
    - **不要阻止用户的操作**（如安装 Skill）
@@ -478,7 +478,7 @@ python -m pip install --user --quiet "requests>=2.31.0"
     "entries": {
       "skills-scanner": {
         "config": {
-          "apiUrl": "http://10.110.3.133"
+          "apiUrl": "https://110.vemic.com/skills-scanner"
         }
       }
     }
@@ -489,7 +489,7 @@ python -m pip install --user --quiet "requests>=2.31.0"
 或直接调用时使用 `--api-url` 参数：
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 scan <路径>
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner scan <路径>
 ```
 ---
@@ -613,7 +613,7 @@ AI: 好的，让我先扫描一下这个 skill 的安全性...
 #### 示例 2：详细检查 PDF Skill
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 clawhub https://clawhub.ai/steipete/nano-pdf --detailed
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner clawhub https://clawhub.ai/steipete/nano-pdf --detailed
 ```
 **用户对话**：
@@ -636,7 +636,7 @@ AI: 好的，我会进行详细扫描...
 #### 示例 3：深度扫描可疑 Skill
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 clawhub https://clawhub.ai/username/suspicious-skill --detailed --behavioral --policy strict
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner clawhub https://clawhub.ai/username/suspicious-skill --detailed --behavioral --policy strict
 ```
 **用户对话**：
@@ -659,7 +659,7 @@ AI: 明白，我会使用严格模式进行深度扫描...
 #### 示例 4：包含 VirusTotal 扫描结果
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 clawhub https://clawhub.ai/username/project --detailed
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner clawhub https://clawhub.ai/username/project --detailed
 ```
 **用户对话（未检测到威胁）**：
@@ -772,25 +772,25 @@ https://clawhub.ai/<username>/<project>
 ### 基础扫描（推荐，速度快）
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 scan <skill路径>
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner scan <skill路径>
 ```
 ### 详细模式（显示所有发现）
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 scan <skill路径> --detailed
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner scan <skill路径> --detailed
 ```
 ### 深度扫描（加入行为分析）
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 scan <skill路径> --detailed --behavioral
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner scan <skill路径> --detailed --behavioral
 ```
 ### 最强扫描（加入 LLM 语义分析）
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 scan <skill路径> --detailed --behavioral --llm
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner scan <skill路径> --detailed --behavioral --llm
 ```
 ---
@@ -802,31 +802,32 @@ python3 {baseDir}/scan.py --api-url http://10.110.3.133 scan <skill路径> --det
 ### 扫描指定目录下的所有 Skills
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 batch <目录路径>
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner batch <目录路径>
 ```
 ### 递归扫描（含子目录）
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 batch <目录路径> --recursive
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner batch <目录路径> --recursive
 ```
 ### 批量扫描并输出 JSON 报告
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 batch <目录路径> --detailed --json /tmp/scan-report.json
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner batch <目录路径> --detailed --json /tmp/scan-report.json
+```
 ```
 ### 常用目录示例
 扫描 OpenClaw 默认 skills 目录：
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 batch ~/.openclaw/skills
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner batch ~/.openclaw/skills
 ```
 扫描 workspace skills：
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 batch ~/.openclaw/workspace/skills --recursive
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner batch ~/.openclaw/workspace/skills --recursive
 ```
 ---
@@ -835,8 +836,10 @@ python3 {baseDir}/scan.py --api-url http://10.110.3.133 batch ~/.openclaw/worksp
 检查 API 服务是否运行：
+### 健康检查
 ```bash
-python3 {baseDir}/scan.py --api-url http://10.110.3.133 health
+python3 {baseDir}/scan.py --api-url https://110.vemic.com/skills-scanner health
 ```
 ---
@@ -1038,7 +1041,7 @@ AI: 好的，让我先更新扫描插件...
 - VirusTotal 有 API 调用频率限制（免费版：4 次/分钟，付费版更高）。
 - 退出码 `0` 表示安全，`1` 表示存在问题（便于 CI/CD 集成）。
 - `{baseDir}` 占位符会自动替换为 Skill 的安装目录。
-- 如果你配置了非默认的 API URL（如 `http://10.110.3.133`），请在命令中使用 `--api-url` 参数指定你的 URL。
+- 如果你配置了非默认的 API URL（如 `https://110.vemic.com/skills-scanner`），请在命令中使用 `--api-url` 参数指定你的 URL。
 ### VirusTotal 特别说明

package/skills/skills-scanner/scan.py CHANGED Viewed

@@ -31,7 +31,7 @@ except ImportError as e:
 # 配置
-DEFAULT_API_URL = "http://10.110.3.133"
+DEFAULT_API_URL = "https://110.vemic.com/skills-scanner"
 REQUEST_TIMEOUT = 180  # 3 分钟

package/src/config.ts CHANGED Viewed

@@ -68,7 +68,7 @@ export const skillsScannerConfigSchema: OpenClawPluginConfigSchema = {
     apiUrl: {
       label: "API 服务地址",
       help: "扫描 API 服务的 URL 地址",
-      placeholder: "http://10.110.3.133"
+      placeholder: "https://110.vemic.com/skills-scanner"
     },
     scanDirs: {
       label: "扫描目录",
@@ -136,7 +136,7 @@ export function generateConfigGuide(
     '      "skills-scanner": {',
     '        "enabled": true,',
     '        "config": {',
-    '          "apiUrl": "http://10.110.3.133",',
+    '          "apiUrl": "https://110.vemic.com/skills-scanner",',
     '          "scanDirs": ["~/.openclaw/skills"],',
     '          "behavioral": false,',
     '          "useLLM": false,',
@@ -152,7 +152,7 @@ export function generateConfigGuide(
     "",
     "💡 配置说明：",
     "",
-    "1. apiUrl        默认 http://10.110.3.133，需先启动 skill-scanner-api 服务",
+    "1. apiUrl        默认 https://110.vemic.com/skills-scanner，需先启动 skill-scanner-api 服务",
     "2. scanDirs      可添加多个目录（默认自动检测 ~/.openclaw/skills）",
     "3. behavioral    false=快速扫描（推荐），true=深度分析",
     "4. useLLM        false=不使用 LLM（推荐），true=语义分析",

package/src/prompt-guidance.ts CHANGED Viewed

@@ -95,16 +95,45 @@ export const SKILLS_SECURITY_GUIDANCE = [
   "",
   "### 📋 Installation Command Recognition (IMPORTANT)",
   "",
-  "**When you see ANY of these patterns, you MUST follow the complete workflow:**",
+  "**🔴 CRITICAL RULE: ALL COMMANDS MATCHING INSTALLATION PATTERNS REQUIRE COMPLETE SECURITY WORKFLOW 🔴**",
   "",
+  "**When users send ANY command containing the following installation patterns, you MUST:**",
+  "1. STOP immediately",
+  "2. Execute STEP 0: `openclaw plugins update skills-scanner`",
+  "3. Search for full URL (if only skill name provided)",
+  "4. Run security scan",
+  "5. Execute installation command ONLY if scan passes",
+  "",
+  "**⛔ NEVER execute any installation command directly without completing the security workflow above ⛔**",
+  "",
+  "**Installation command patterns to recognize (ANY command containing these patterns):**",
+  "",
+  "**Core installation patterns:**",
+  "- `clawhub install` ← ANY command with this pattern",
+  "- `skill install` ← ANY command with this pattern",
+  "- `skills add` ← ANY command with this pattern",
+  "- `skills install` ← ANY command with this pattern",
+  "",
+  "**Examples of commands that trigger this rule:**",
+  "- `clawhub install <skill-name>`",
+  "- `clawhub install --force <skill-name>`",
+  "- `clawhub install --verbose <skill-name>`",
   "- `openclaw clawhub install <skill-name>`",
   "- `openclaw skill install <skill-name>`",
   "- `openclaw skills add <skill-name>`",
-  "- `clawhub install <skill-name>`",
+  "- `openclaw skills install <skill-name>`",
+  "- `npx clawhub@latest install <skill-name>`",
+  "- `npx @openclaw/clawhub install <skill-name>`",
+  "- `npm exec clawhub install <skill-name>`",
+  "- `yarn dlx clawhub install <skill-name>`",
+  "",
+  "**Natural language patterns:**",
   "- \"install this skill\"",
   "- \"add this skill\"",
   "- \"download this skill\"",
   "- \"setup this skill\"",
+  "- \"use npx to install\"",
+  "- \"install via clawhub\"",
   "",
   "**CRITICAL: ClawHub Installation Workflow**",
   "",