@pwddd/skills-scanner 3.0.6 → 3.0.8

package/README.md

@@ -116,29 +116,22 @@ openclaw skills-scanner health
 
 ## 前置要求
 
-### 1. Python 3.10+（必需）
+### Python 3.10+（必需）
 
 ```bash
 # 检查 Python 版本
 python3 --version
-```
-
-### 2. 包管理器（二选一）
 
-**选项 A：uv（推荐，更快）**
+# macOS
+brew install python3
 
-```bash
-# macOS/Linux
-curl -LsSf https://astral.sh/uv/install.sh | sh
+# Linux
+apt-get install python3 python3-pip
 
-# 或使用 Homebrew
-brew install uv
+# Windows
+# 从 https://www.python.org/downloads/ 下载安装
 ```
 
-**选项 B：标准 pip（无需额外安装）**
-
-如果没有 uv，插件会自动使用 Python 自带的 `pip`。
-
 ### 2. 启动扫描 API 服务
 
 插件需要连接到 skill-scanner-api 服务进行实际的安全扫描。
@@ -165,14 +158,7 @@ skill-scanner-api
 ```bash
 # 手动安装依赖
 cd extensions/skills-scanner/skills/skills-scanner
-
-# 使用 uv（推荐）
-uv venv .venv --python 3.10
-uv pip install --python .venv/bin/python requests>=2.31.0
-
-# 或使用标准 Python
-python3 -m venv .venv
-.venv/bin/python -m pip install requests>=2.31.0
+python3 -m pip install --user "requests>=2.31.0"
 ```
 
 ### API 服务连接失败
@@ -216,8 +202,7 @@ extensions/skills-scanner/
 │   └── types.ts             # 类型定义
 └── skills/
     └── skills-scanner/
-        ├── scan.py          # Python 扫描脚本
-        └── .venv/           # Python 虚拟环境（自动创建）
+        └── scan.py          # Python 扫描脚本
 ```
 
 ## 许可证
@@ -403,17 +388,13 @@ openclaw skills-scanner clawhub https://clawhub.ai/username/project --json resul
 ## 依赖要求
 
 - Python 3.10+
-- uv（Python 包管理器）
 - skill-scanner-api 服务（需要单独运行）
 
 ### 安装依赖
 
 ```bash
-# macOS
-brew install uv
-
-# Linux
-curl -LsSf https://astral.sh/uv/install.sh | sh
+# 确保 Python 已安装
+python3 --version
 
 # 启动 API 服务
 skill-scanner-api
@@ -426,8 +407,7 @@ skill-scanner-api
 ```bash
 # 手动安装依赖
 cd extensions/skills-scanner/skills/skills-scanner
-uv venv .venv --python 3.10
-uv pip install --python .venv/bin/python requests
+python3 -m pip install --user "requests>=2.31.0"
 ```
 
 ### API 服务连接失败

package/index.ts

@@ -18,7 +18,7 @@ import {
   isFirstRun,
   markConfigReviewed,
 } from "./src/state.js";
-import { ensureDeps, isVenvReady } from "./src/deps.js";
+import { ensureDeps, getPythonCommand, isPythonReady } from "./src/deps.js";
 import { runScan } from "./src/scanner.js";
 import { buildDailyReport } from "./src/report.js";
 import { ensureCronJob } from "./src/cron.js";
@@ -31,11 +31,12 @@ import { HIGH_RISK_OPERATION_GUARD } from "./src/high-risk-operation-guard.js";
 // Constants
 const PLUGIN_ROOT = process.env.OPENCLAW_PLUGIN_ROOT || __dirname;
 const SKILL_DIR = join(PLUGIN_ROOT, "skills", "skills-scanner");
-const VENV_PYTHON = join(SKILL_DIR, ".venv", "bin", "python");
 const SCAN_SCRIPT = join(SKILL_DIR, "scan.py");
 const STATE_DIR = join(os.homedir(), ".openclaw", "skills-scanner");
 const QUARANTINE_DIR = join(STATE_DIR, "quarantine");
 
+const PYTHON_CMD = getPythonCommand();
+
 export default function register(api: OpenClawPluginApi) {
   const cfg: ScannerConfig =
     api.config?.plugins?.entries?.["skills-scanner"]?.config ?? {};
@@ -58,7 +59,7 @@ export default function register(api: OpenClawPluginApi) {
   api.logger.info(`[skills-scanner] API URL: ${apiUrl}`);
   api.logger.info(`[skills-scanner] Scan directories: ${scanDirs.join(", ")}`);
   api.logger.info(
-    `[skills-scanner] Python dependencies: ${isVenvReady(VENV_PYTHON) ? "✅ Ready" : "❌ Not installed"}`
+    `[skills-scanner] Python dependencies: ${isPythonReady(PYTHON_CMD) ? "✅ Ready" : "❌ Not installed"}`
   );
 
   // Inject system prompt guidance (can be disabled via config)
@@ -110,9 +111,9 @@ export default function register(api: OpenClawPluginApi) {
   }
 
   // Install dependencies immediately
-  if (!isVenvReady(VENV_PYTHON)) {
+  if (!isPythonReady(PYTHON_CMD)) {
     api.logger.info("[skills-scanner] Installing Python dependencies...");
-    ensureDeps(SKILL_DIR, VENV_PYTHON, api.logger)
+    ensureDeps(PYTHON_CMD, api.logger)
       .then((success) => {
         if (success) {
           api.logger.info("[skills-scanner] ✅ Dependencies installed");
@@ -140,7 +141,7 @@ export default function register(api: OpenClawPluginApi) {
     start: async () => {
       api.logger.info("[skills-scanner] 🚀 Service starting...");
 
-      const depsReady = await ensureDeps(SKILL_DIR, VENV_PYTHON, api.logger);
+      const depsReady = await ensureDeps(PYTHON_CMD, api.logger);
 
       if (!depsReady) {
         api.logger.error("[skills-scanner] ❌ Dependencies installation failed");
@@ -158,7 +159,7 @@ export default function register(api: OpenClawPluginApi) {
           policy,
           persistWatcherAlert,
           api.logger,
-          VENV_PYTHON,
+          PYTHON_CMD,
           SCAN_SCRIPT,
           QUARANTINE_DIR
         );
@@ -192,7 +193,7 @@ export default function register(api: OpenClawPluginApi) {
     policy,
     preInstallScan,
     onUnsafe,
-    VENV_PYTHON,
+    PYTHON_CMD,
     SCAN_SCRIPT,
     api.logger
   );
@@ -261,9 +262,9 @@ export default function register(api: OpenClawPluginApi) {
   api.registerGatewayMethod("skillsScanner.scan", async ({ respond, params }: any) => {
     const { path: p, mode = "scan", recursive = false, detailed = false } = params ?? {};
     if (!p) return respond(false, { error: "Missing path parameter" });
-    if (!isVenvReady(VENV_PYTHON))
+    if (!isPythonReady(PYTHON_CMD))
       return respond(false, { error: "Python dependencies not ready" });
-    const res = await runScan(VENV_PYTHON, SCAN_SCRIPT, mode === "batch" ? "batch" : "scan", expandPath(p), {
+    const res = await runScan(PYTHON_CMD, SCAN_SCRIPT, mode === "batch" ? "batch" : "scan", expandPath(p), {
       recursive,
       detailed,
       behavioral,
@@ -279,7 +280,7 @@ export default function register(api: OpenClawPluginApi) {
   });
 
   api.registerGatewayMethod("skillsScanner.report", async ({ respond }: any) => {
-    if (!isVenvReady(VENV_PYTHON))
+    if (!isPythonReady(PYTHON_CMD))
       return respond(false, { error: "Python dependencies not ready" });
     if (scanDirs.length === 0) return respond(false, { error: "No scan directories found" });
     const report = await buildDailyReport(
@@ -289,7 +290,7 @@ export default function register(api: OpenClawPluginApi) {
       useLLM,
       policy,
       api.logger,
-      VENV_PYTHON,
+      PYTHON_CMD,
       SCAN_SCRIPT
     );
     respond(true, { report, state: loadState() });
@@ -306,7 +307,7 @@ export default function register(api: OpenClawPluginApi) {
         .option("--detailed", "显示所有发现")
         .option("--behavioral", "启用行为分析")
         .action(async (p: string, opts: any) => {
-          const res = await runScan(VENV_PYTHON, SCAN_SCRIPT, "scan", expandPath(p), {
+          const res = await runScan(PYTHON_CMD, SCAN_SCRIPT, "scan", expandPath(p), {
             ...opts,
             apiUrl,
             useLLM,
@@ -323,7 +324,7 @@ export default function register(api: OpenClawPluginApi) {
         .option("--detailed", "显示所有发现")
         .option("--behavioral", "启用行为分析")
         .action(async (d: string, opts: any) => {
-          const res = await runScan(VENV_PYTHON, SCAN_SCRIPT, "batch", expandPath(d), {
+          const res = await runScan(PYTHON_CMD, SCAN_SCRIPT, "batch", expandPath(d), {
             ...opts,
             apiUrl,
             useLLM,
@@ -344,7 +345,7 @@ export default function register(api: OpenClawPluginApi) {
             useLLM,
             policy,
             console,
-            VENV_PYTHON,
+            PYTHON_CMD,
             SCAN_SCRIPT
           );
           console.log(report);
@@ -354,7 +355,7 @@ export default function register(api: OpenClawPluginApi) {
         .command("health")
         .description("检查 API 服务健康状态")
         .action(async () => {
-          if (!isVenvReady(VENV_PYTHON)) {
+          if (!isPythonReady(PYTHON_CMD)) {
             console.error("❌ Python 依赖未就绪");
             process.exit(1);
           }
@@ -364,7 +365,7 @@ export default function register(api: OpenClawPluginApi) {
             const { promisify } = await import("node:util");
             const execAsync = promisify(exec);
 
-            const cmd = `"${VENV_PYTHON}" "${SCAN_SCRIPT}" --api-url "${apiUrl}" health`;
+            const cmd = `"${PYTHON_CMD}" "${SCAN_SCRIPT}" --api-url "${apiUrl}" health`;
             const env = { ...process.env };
             delete env.http_proxy;
             delete env.https_proxy;
@@ -395,3 +396,6 @@ export default function register(api: OpenClawPluginApi) {
 
   api.logger.info("[skills-scanner] ✅ Plugin registered");
 }
+
+
+

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "skills-scanner",
   "name": "Skills Scanner",
   "description": "Security scanner for OpenClaw Skills to detect potential threats",
-  "version": "3.0.6",
+  "version": "3.0.8",
   "author": "pwddd",
   "skills": ["./skills"],
   "configSchema": {

package/package.json

@@ -1,6 +1,6 @@
 {
-  "name": "@pwddd/skills-scanner",
-  "version": "3.0.6",
+  "name": "@pwddd/skills-scanner",
+  "version": "3.0.8",
   "description": "OpenClaw Skills security scanner plugin - detect malicious code, data exfiltration, and prompt injection",
   "type": "module",
   "main": "./index.ts",