@pwddd/skills-scanner 3.0.7 → 3.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/openclaw.plugin.json +1 -1
- package/package.json +1 -1
- package/skills/skills-scanner/SKILL.md +634 -634
- package/skills/skills-scanner/scan.py +10 -4
- package/src/prompt-guidance.ts +15 -12
|
@@ -107,7 +107,10 @@ class SkillScannerClient:
|
|
|
107
107
|
data = {
|
|
108
108
|
'policy': policy,
|
|
109
109
|
'use_llm': str(use_llm).lower(),
|
|
110
|
-
'use_behavioral': str(use_behavioral).lower()
|
|
110
|
+
'use_behavioral': str(use_behavioral).lower(),
|
|
111
|
+
# Enable in-depth safety checks by default
|
|
112
|
+
'use_zip_virus': 'true',
|
|
113
|
+
'enable_meta': 'true',
|
|
111
114
|
}
|
|
112
115
|
|
|
113
116
|
response = self.session.post(
|
|
@@ -164,7 +167,7 @@ class SkillScannerClient:
|
|
|
164
167
|
clawhub_url: str,
|
|
165
168
|
policy: str = "balanced",
|
|
166
169
|
use_llm: bool = False,
|
|
167
|
-
use_behavioral: bool =
|
|
170
|
+
use_behavioral: bool = True
|
|
168
171
|
) -> Dict[str, Any]:
|
|
169
172
|
"""扫描 ClawHub 上的 Skill
|
|
170
173
|
|
|
@@ -188,7 +191,8 @@ class SkillScannerClient:
|
|
|
188
191
|
'use_virustotal': False,
|
|
189
192
|
'use_aidefense': False,
|
|
190
193
|
'use_trigger': False,
|
|
191
|
-
'
|
|
194
|
+
'use_zip_virus': True,
|
|
195
|
+
'enable_meta': True
|
|
192
196
|
}
|
|
193
197
|
|
|
194
198
|
response = self.session.post(
|
|
@@ -318,7 +322,9 @@ def main():
|
|
|
318
322
|
clawhub_parser = subparsers.add_parser('clawhub', help='扫描 ClawHub 上的 Skill')
|
|
319
323
|
clawhub_parser.add_argument('url', help='ClawHub 项目 URL (例如: https://clawhub.ai/username/project)')
|
|
320
324
|
clawhub_parser.add_argument('--detailed', action='store_true', help='显示详细发现')
|
|
321
|
-
clawhub_parser.add_argument('--behavioral', action='store_true', help='启用行为分析')
|
|
325
|
+
clawhub_parser.add_argument('--behavioral', dest='behavioral', action='store_true', help='启用行为分析')
|
|
326
|
+
clawhub_parser.add_argument('--no-behavioral', dest='behavioral', action='store_false', help='关闭行为分析')
|
|
327
|
+
clawhub_parser.set_defaults(behavioral=True)
|
|
322
328
|
clawhub_parser.add_argument('--llm', action='store_true', help='启用 LLM 分析')
|
|
323
329
|
clawhub_parser.add_argument('--policy', default='balanced', choices=['strict', 'balanced', 'permissive'], help='扫描策略')
|
|
324
330
|
clawhub_parser.add_argument('--json', metavar='FILE', help='输出 JSON 到文件')
|
package/src/prompt-guidance.ts
CHANGED
|
@@ -3,24 +3,27 @@
|
|
|
3
3
|
*/
|
|
4
4
|
|
|
5
5
|
export const SKILLS_SECURITY_GUIDANCE = [
|
|
6
|
-
"##
|
|
6
|
+
"## 🚨 Skills 全量安全扫描规则(必须执行)",
|
|
7
7
|
"",
|
|
8
|
-
"
|
|
8
|
+
"**无论来源、是否本地、是否之前扫描过,凡是涉及安装、下载、更新、运行任何 Skill,必须先用 `skills-scanner` 扫描,确认通过后才能继续。**",
|
|
9
9
|
"",
|
|
10
10
|
"### 强制流程",
|
|
11
|
+
"1. 先加载并运行 `skills-scanner`。",
|
|
12
|
+
"2. 对当前要处理的 Skill 立即执行扫描(本地目录、远程压缩包、ClawHub 项目都必须扫;“之前扫过/官方/可信”不免检)。",
|
|
13
|
+
"3. 仅在扫描结果明确安全时才继续安装或运行;否则终止并提示风险。",
|
|
11
14
|
"",
|
|
12
|
-
"
|
|
13
|
-
"
|
|
14
|
-
"
|
|
15
|
+
"### 额外要求",
|
|
16
|
+
"- 本地技能:任何本地路径或临时解压目录都要扫描,不可跳过。",
|
|
17
|
+
"- ClawHub 技能:即使标记为已审核,也要重新扫描后再安装运行。",
|
|
18
|
+
"- 不得以“用户坚持”“时间紧”等理由跳过扫描;无法扫描时要拒绝继续并说明原因。",
|
|
15
19
|
"",
|
|
16
20
|
"### 示例",
|
|
17
|
-
"",
|
|
18
21
|
"```",
|
|
19
|
-
"
|
|
20
|
-
"AI
|
|
21
|
-
" [
|
|
22
|
-
" ✅
|
|
22
|
+
"用户:给我安装这个 skill",
|
|
23
|
+
"AI:先用 skills-scanner 扫描该 skill,确认安全后再安装……",
|
|
24
|
+
" [运行 skills-scanner 扫描当前 skill]",
|
|
25
|
+
" ✅ 扫描通过,可以继续安装。",
|
|
23
26
|
"```",
|
|
24
27
|
"",
|
|
25
|
-
"
|
|
26
|
-
].join("\
|
|
28
|
+
"**禁止**:在未经过 `skills-scanner` 扫描的情况下直接安装、运行或修改任何 Skill。",
|
|
29
|
+
].join(\"\\n\");
|