@pwddd/skills-scanner 3.0.4 → 3.0.6

package/README.md

@@ -71,7 +71,7 @@ openclaw plugins install @openclaw/skills-scanner
 ```
 /skills-scanner scan <路径> [选项]    # 扫描 Skill
 /skills-scanner scan clawhub <URL> [选项]  # 扫描 ClawHub Skill
-/skills-scanner status                # 查看状态
+/skills-scanner health                # 健康检查
 /skills-scanner config [操作]         # 配置管理
 /skills-scanner cron [操作]           # 定时任务管理
 /skills-scanner help                  # 帮助信息
@@ -92,7 +92,7 @@ openclaw plugins install @openclaw/skills-scanner
 /skills-scanner scan ~/.openclaw/skills --report
 /skills-scanner scan clawhub https://clawhub.ai/username/project
 /skills-scanner scan clawhub https://clawhub.ai/Asleep123/caldav-calendar --detailed
-/skills-scanner status
+/skills-scanner health
 ```
 
 ### CLI 命令
@@ -111,12 +111,21 @@ openclaw skills-scan batch <directory> [--recursive] [--detailed]
 openclaw skills-scan report
 
 # 检查 API 服务健康状态
-openclaw skills-scan health
+openclaw skills-scanner health
 ```
 
 ## 前置要求
 
-### 1. 安装 uv（Python 包管理器）
+### 1. Python 3.10+（必需）
+
+```bash
+# 检查 Python 版本
+python3 --version
+```
+
+### 2. 包管理器（二选一）
+
+**选项 A：uv（推荐，更快）**
 
 ```bash
 # macOS/Linux
@@ -126,6 +135,10 @@ curl -LsSf https://astral.sh/uv/install.sh | sh
 brew install uv
 ```
 
+**选项 B：标准 pip（无需额外安装）**
+
+如果没有 uv，插件会自动使用 Python 自带的 `pip`。
+
 ### 2. 启动扫描 API 服务
 
 插件需要连接到 skill-scanner-api 服务进行实际的安全扫描。
@@ -152,8 +165,14 @@ skill-scanner-api
 ```bash
 # 手动安装依赖
 cd extensions/skills-scanner/skills/skills-scanner
+
+# 使用 uv（推荐）
 uv venv .venv --python 3.10
 uv pip install --python .venv/bin/python requests>=2.31.0
+
+# 或使用标准 Python
+python3 -m venv .venv
+.venv/bin/python -m pip install requests>=2.31.0
 ```
 
 ### API 服务连接失败
@@ -286,8 +305,8 @@ AI: 好的，让我先进行安全扫描...
 # 生成日报
 /skills-scanner scan ~/.openclaw/skills --report
 
-# 查看状态
-/skills-scanner status
+# 健康检查
+/skills-scanner health
 
 # 配置管理
 /skills-scanner config show

package/index.ts

@@ -213,7 +213,7 @@ export default function register(api: OpenClawPluginApi) {
             "",
             "可用命令:",
             "• `/skills-scanner scan <路径> [选项]` - 扫描 Skill",
-            "• `/skills-scanner status` - 查看状态",
+            "• `/skills-scanner health` - 健康检查",
             "• `/skills-scanner config [操作]` - 配置管理",
             "• `/skills-scanner cron [操作]` - 定时任务管理",
             "",
@@ -227,7 +227,7 @@ export default function register(api: OpenClawPluginApi) {
             "```",
             "/skills-scanner scan ~/my-skill",
             "/skills-scanner scan ~/skills --recursive",
-            "/skills-scanner status",
+            "/skills-scanner health",
             "```",
             "",
             "💡 使用 `/skills-scanner help` 查看详细帮助",
@@ -241,8 +241,8 @@ export default function register(api: OpenClawPluginApi) {
 
       if (subCommand === "scan") {
         return await handlers.handleScanCommand(subArgs);
-      } else if (subCommand === "status") {
-        return await handlers.handleStatusCommand();
+      } else if (subCommand === "health") {
+        return await handlers.handleHealthCommand();
       } else if (subCommand === "config") {
         return await handlers.handleConfigCommand(subArgs);
       } else if (subCommand === "cron") {

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "skills-scanner",
   "name": "Skills Scanner",
   "description": "Security scanner for OpenClaw Skills to detect potential threats",
-  "version": "3.0.4",
+  "version": "3.0.6",
   "author": "pwddd",
   "skills": ["./skills"],
   "configSchema": {
@@ -54,6 +54,16 @@
         "type": "boolean",
         "description": "Inject Skills security guidance into system prompt (requires AI to scan before installing Skills)",
         "default": true
+      },
+      "enablePromptInjectionGuard": {
+        "type": "boolean",
+        "description": "Enable prompt injection detection guard",
+        "default": true
+      },
+      "enableHighRiskOperationGuard": {
+        "type": "boolean",
+        "description": "Enable high-risk operation confirmation guard",
+        "default": true
       }
     }
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pwddd/skills-scanner",
-  "version": "3.0.4",
+  "version": "3.0.6",
   "description": "OpenClaw Skills security scanner plugin - detect malicious code, data exfiltration, and prompt injection",
   "type": "module",
   "main": "./index.ts",

package/skills/skills-scanner/SKILL.md

@@ -3,7 +3,7 @@ name: skills-scanner
 description: OpenClaw Skills 安全扫描工具，使用 AI Skill Scanner 检测恶意代码、数据窃取、提示注入等威胁。
 version: 1.0.0
 user-invocable: true
-metadata: {"openclaw": {"emoji": "🔍", "requires": {"bins": ["uv", "python3"]}, "install": [{"id": "uv-brew", "kind": "brew", "formula": "uv", "bins": ["uv"], "label": "安装 uv (macOS)", "os": ["darwin"]}, {"id": "uv-curl", "kind": "download", "url": "https://astral.sh/uv/install.sh", "label": "安装 uv (Linux)", "os": ["linux"]}]}}
+metadata: {"openclaw": {"emoji": "🔍", "requires": {"bins": ["python3"]}}}
 ---
 
 # Skills 安全扫描工具 🔍
@@ -143,15 +143,20 @@ VirusTotal 是业界权威的多引擎病毒扫描服务，其结果具有极高
 首次运行前，检查并安装依赖：
 
 ```bash
-# 检查 uv 是否可用
-which uv || echo "请安装 uv: brew install uv 或 curl -LsSf https://astral.sh/uv/install.sh | sh"
+# 检查 Python 是否可用
+which python3 || echo "请安装 Python 3.10+"
 
-# 安装依赖到隔离虚拟环境
+# 方式 1：使用 uv（推荐，更快）
+which uv || echo "安装 uv: brew install uv 或 curl -LsSf https://astral.sh/uv/install.sh | sh"
 uv venv {baseDir}/.venv --python 3.10 --quiet
 uv pip install --python {baseDir}/.venv/bin/python requests --quiet
+
+# 方式 2：使用标准 Python（无需 uv）
+python3 -m venv {baseDir}/.venv
+{baseDir}/.venv/bin/python -m pip install --quiet requests
 ```
 
-安装只需执行一次。
+安装只需执行一次。插件会自动选择可用的工具（优先使用 uv，回退到 python3）。
 
 ## 配置
 

package/skills/skills-scanner/scan.py

@@ -26,7 +26,7 @@ try:
 except ImportError as e:
     print("❌ requests 未安装。")
     print(f"   导入错误: {e}")
-    print("   请运行: uv pip install requests")
+    print("   请运行: pip install requests 或 uv pip install requests")
     sys.exit(1)
 
 

package/src/commands.ts

@@ -118,7 +118,7 @@ export function createCommandHandlers(
     }
   }
 
-  async function handleStatusCommand(): Promise<any> {
+  async function handleHealthCommand(): Promise<any> {
     const state = loadState() as any;
     const alerts: string[] = state.pendingAlerts ?? [];
 
@@ -286,7 +286,7 @@ export function createCommandHandlers(
       "```",
       "",
       "═══ 其他命令 ═══",
-      "• `/skills-scanner status` - 查看状态",
+      "• `/skills-scanner health` - 健康检查",
       "• `/skills-scanner config [show|reset]` - 配置管理",
       "• `/skills-scanner cron [register|unregister|status]` - 定时任务管理",
     ].join("\n");
@@ -294,7 +294,7 @@ export function createCommandHandlers(
 
   return {
     handleScanCommand,
-    handleStatusCommand,
+    handleHealthCommand,
     handleConfigCommand,
     handleCronCommand,
     getHelpText,

package/src/config.ts

@@ -162,7 +162,7 @@ export function generateConfigGuide(
     "",
     "🚀 快速开始：",
     "  编辑配置文件后重启 Gateway",
-    "  /skills-scanner status",
+    "  /skills-scanner health",
     "",
     "提示：此消息只在首次运行时显示。",
     "════════════════════════════════════════════════════════════════",

package/src/deps.ts

@@ -19,6 +19,29 @@ export function hasUv(): boolean {
   }
 }
 
+export function hasPython(): boolean {
+  try {
+    execSync("python3 --version", { stdio: "ignore" });
+    return true;
+  } catch {
+    try {
+      execSync("python --version", { stdio: "ignore" });
+      return true;
+    } catch {
+      return false;
+    }
+  }
+}
+
+export function getPythonCommand(): string {
+  try {
+    execSync("python3 --version", { stdio: "ignore" });
+    return "python3";
+  } catch {
+    return "python";
+  }
+}
+
 export function isVenvReady(venvPython: string): boolean {
   if (!existsSync(venvPython)) return false;
 
@@ -40,14 +63,19 @@ export async function ensureDeps(
     return true;
   }
 
-  if (!hasUv()) {
-    logger.warn(
-      "[skills-scanner] uv not installed: brew install uv or curl -LsSf https://astral.sh/uv/install.sh | sh"
+  const useUv = hasUv();
+  const usePython = !useUv && hasPython();
+
+  if (!useUv && !usePython) {
+    logger.error(
+      "[skills-scanner] Neither uv nor python3 found. Please install one of them:"
     );
+    logger.error("[skills-scanner]   - uv: brew install uv or curl -LsSf https://astral.sh/uv/install.sh | sh");
+    logger.error("[skills-scanner]   - python3: brew install python3 or apt-get install python3 python3-venv python3-pip");
     return false;
   }
 
-  logger.info("[skills-scanner] Installing Python dependencies...");
+  logger.info(`[skills-scanner] Installing Python dependencies using ${useUv ? "uv" : "python3"}...`);
 
   try {
     const venvDir = join(skillDir, ".venv");
@@ -57,11 +85,22 @@ export async function ensureDeps(
       rmSync(venvDir, { recursive: true, force: true });
     }
 
-    await execAsync(`uv venv "${venvDir}" --python 3.10`);
-    logger.info("[skills-scanner] Virtual environment created");
+    if (useUv) {
+      // Use uv (faster)
+      await execAsync(`uv venv "${venvDir}" --python 3.10`);
+      logger.info("[skills-scanner] Virtual environment created (uv)");
+
+      logger.info("[skills-scanner] Installing requests...");
+      await execAsync(`uv pip install --python "${venvPython}" requests>=2.31.0`);
+    } else {
+      // Fallback to standard Python venv + pip
+      const pythonCmd = getPythonCommand();
+      await execAsync(`${pythonCmd} -m venv "${venvDir}"`);
+      logger.info("[skills-scanner] Virtual environment created (python -m venv)");
 
-    logger.info("[skills-scanner] Installing requests...");
-    await execAsync(`uv pip install --python "${venvPython}" requests>=2.31.0`);
+      logger.info("[skills-scanner] Installing requests...");
+      await execAsync(`"${venvPython}" -m pip install --quiet requests>=2.31.0`);
+    }
 
     execSync(`"${venvPython}" -c "import requests"`, { stdio: "ignore" });
     logger.info("[skills-scanner] ✅ Dependencies installed successfully");