@triedotdev/mcp 1.0.78 → 1.0.80

package/dist/{chunk-3RKY55HZ.js → chunk-LKXDJESG.js}

@@ -1,7 +1,7 @@
 import {
   recordToGlobalMemory,
   updateGlobalMemoryMd
-} from "./chunk-P6VLSYXN.js";
+} from "./chunk-EWIEXQES.js";
 import {
   checkFileLevelIssues,
   getVibeCodeTrie,
@@ -20,7 +20,7 @@ import {
   atomicWriteFile,
   atomicWriteJSON,
   storeIssues
-} from "./chunk-6QKDEGWR.js";
+} from "./chunk-WGECLUDQ.js";
 import {
   getWorkingDirectory
 } from "./chunk-CM7EHNQK.js";
@@ -8849,10 +8849,8 @@ Output STRICT JSON:
 };
 
 // src/skills/installer.ts
-import { mkdir as mkdir2, rm, writeFile as writeFile2, readdir, readFile as readFile3, access, cp, stat } from "fs/promises";
-import { join as join3, basename as basename2, extname as extname2 } from "path";
-import { exec } from "child_process";
-import { promisify } from "util";
+import { mkdir as mkdir3, rm, writeFile as writeFile3, readdir as readdir3, readFile as readFile5, access, cp, stat as stat2 } from "fs/promises";
+import { join as join5, basename as basename2, extname as extname2 } from "path";
 import { homedir } from "os";
 import { existsSync as existsSync3 } from "fs";
 
@@ -8901,13 +8899,551 @@ function parseYamlFrontmatter(yaml) {
   return result;
 }
 
-// src/skills/installer.ts
+// src/skills/security-scanner.ts
+import { readFile as readFile3, readdir, stat } from "fs/promises";
+import { join as join3, relative } from "path";
+var DANGEROUS_PATTERNS = [
+  // Network exfiltration
+  {
+    pattern: /curl\s+.*-X\s+POST.*https?:\/\/(?!github\.com|githubusercontent\.com|npmjs\.org|pypi\.org)/gi,
+    severity: "critical",
+    category: "exfiltration",
+    description: "HTTP POST to external domain - possible data exfiltration",
+    recommendation: "Review the destination URL. Only allow posts to trusted domains."
+  },
+  {
+    pattern: /wget\s+.*--post/gi,
+    severity: "critical",
+    category: "exfiltration",
+    description: "wget POST request - possible data exfiltration",
+    recommendation: "Verify the destination and data being sent."
+  },
+  // Credential access
+  {
+    pattern: /\.env(?!\.example)/gi,
+    severity: "critical",
+    category: "credential-access",
+    description: "Access to .env file - may expose secrets",
+    recommendation: "Skills should not access .env files. Use explicit configuration instead."
+  },
+  {
+    pattern: /\.ssh[\/\\](?:id_rsa|id_ed25519|authorized_keys)/gi,
+    severity: "critical",
+    category: "credential-access",
+    description: "Access to SSH keys - credential theft attempt",
+    recommendation: "Block this skill. SSH key access is never legitimate for code analysis."
+  },
+  {
+    pattern: /\.aws[\/\\]credentials/gi,
+    severity: "critical",
+    category: "credential-access",
+    description: "Access to AWS credentials",
+    recommendation: "Block this skill. AWS credential access indicates malicious intent."
+  },
+  {
+    pattern: /(?:AWS|ANTHROPIC|OPENAI|GITHUB)_(?:ACCESS_)?(?:SECRET_)?KEY/gi,
+    severity: "high",
+    category: "credential-access",
+    description: "API key access pattern detected",
+    recommendation: "Verify this is necessary for skill functionality."
+  },
+  // Persistence mechanisms
+  {
+    pattern: /crontab\s+-e|crontab.*<<.*EOF/gi,
+    severity: "critical",
+    category: "persistence",
+    description: "Crontab modification - persistence mechanism",
+    recommendation: "Block this skill. Cron modification indicates malware behavior."
+  },
+  {
+    pattern: /\.(?:bashrc|zshrc|profile|bash_profile)\s*>>/gi,
+    severity: "critical",
+    category: "persistence",
+    description: "Shell profile modification - persistence mechanism",
+    recommendation: "Block this skill. Shell profile modification is malicious."
+  },
+  // Shell execution (context-dependent)
+  {
+    pattern: /(?:bash|sh)\s+-c\s+["'].*(?:curl|wget)/gi,
+    severity: "high",
+    category: "shell-execution",
+    description: "Shell command with network access",
+    recommendation: "Review the command. Should use proper APIs instead of shell."
+  },
+  {
+    pattern: /eval\s*\(/gi,
+    severity: "high",
+    category: "shell-execution",
+    description: "eval() usage - potential code injection",
+    recommendation: "eval() should be avoided. Review for necessity."
+  },
+  // Reconnaissance
+  {
+    pattern: /\b(?:hostname|whoami|uname|id)\b(?:\s|$|;|\||&)/gi,
+    severity: "medium",
+    category: "reconnaissance",
+    description: "System reconnaissance command",
+    recommendation: "Review if system info is necessary for skill functionality."
+  },
+  {
+    pattern: /env\s*(?:$|;|\||>>)/gim,
+    severity: "medium",
+    category: "reconnaissance",
+    description: "Environment variable enumeration",
+    recommendation: "Skills should not need to enumerate all env variables."
+  },
+  // File enumeration
+  {
+    pattern: /find\s+.*-name\s+['"].*\.(?:env|pem|key|credentials)/gi,
+    severity: "high",
+    category: "credential-access",
+    description: "Searching for credential files",
+    recommendation: "Block this skill. Credential file enumeration is malicious."
+  },
+  {
+    pattern: /grep\s+-r.*(?:password|secret|token|key)/gi,
+    severity: "high",
+    category: "credential-access",
+    description: "Recursive search for secrets",
+    recommendation: "Skills should use static analysis, not grep for secrets."
+  },
+  // Encoding/obfuscation (often used for evasion)
+  {
+    pattern: /base64.*\|\s*(?:curl|wget|bash|sh)/gi,
+    severity: "critical",
+    category: "exfiltration",
+    description: "Base64 encoding with command execution - obfuscation technique",
+    recommendation: "Block this skill. Base64 piping indicates malicious behavior."
+  },
+  {
+    pattern: /tar\s+.*\|\s*(?:curl|wget)/gi,
+    severity: "critical",
+    category: "exfiltration",
+    description: "Archiving and sending data externally",
+    recommendation: "Block this skill. Tar piping indicates data exfiltration."
+  },
+  // Network access to suspicious TLDs
+  {
+    pattern: /https?:\/\/[^\s'"]+\.(?:tk|ml|ga|cf|gq|top|xyz)\b/gi,
+    severity: "high",
+    category: "network-access",
+    description: "Access to domain with suspicious TLD",
+    recommendation: "Free TLDs are often used for malicious infrastructure. Verify legitimacy."
+  }
+];
+var SAFE_DOMAINS = [
+  "github.com",
+  "githubusercontent.com",
+  "api.github.com",
+  "raw.githubusercontent.com",
+  "npmjs.org",
+  "registry.npmjs.org",
+  "pypi.org",
+  "anthropic.com",
+  "openai.com"
+];
+async function findAllFiles(dir, files = []) {
+  const entries = await readdir(dir, { withFileTypes: true });
+  for (const entry of entries) {
+    const fullPath = join3(dir, entry.name);
+    if (entry.isDirectory()) {
+      if (!entry.name.startsWith(".") && entry.name !== "node_modules") {
+        await findAllFiles(fullPath, files);
+      }
+    } else if (entry.isFile()) {
+      const ext = entry.name.split(".").pop()?.toLowerCase();
+      if (ext && ["md", "txt", "js", "ts", "py", "sh", "bash", "json", "yaml", "yml"].includes(ext)) {
+        files.push(fullPath);
+      }
+    }
+  }
+  return files;
+}
+function getLineNumber(text, index) {
+  return text.substring(0, index).split("\n").length;
+}
+function extractUrls(text) {
+  const urlPattern = /https?:\/\/[^\s'"<>)]+/gi;
+  return Array.from(text.matchAll(urlPattern), (m) => m[0]);
+}
+function isSafeDomain(url) {
+  try {
+    const hostname = new URL(url).hostname.toLowerCase();
+    return SAFE_DOMAINS.some(
+      (safe) => hostname === safe || hostname.endsWith("." + safe)
+    );
+  } catch {
+    return false;
+  }
+}
+async function scanSkillForThreats(skillPath) {
+  const startTime = Date.now();
+  const risks = [];
+  const permissions = /* @__PURE__ */ new Set();
+  const files = await findAllFiles(skillPath);
+  for (const file of files) {
+    const relPath = relative(skillPath, file);
+    try {
+      const stats = await stat(file);
+      if (stats.size > 1024 * 1024) {
+        continue;
+      }
+      const content = await readFile3(file, "utf-8");
+      for (const rule of DANGEROUS_PATTERNS) {
+        const matches = content.matchAll(rule.pattern);
+        for (const match of matches) {
+          const lineNum = getLineNumber(content, match.index ?? 0);
+          risks.push({
+            severity: rule.severity,
+            category: rule.category,
+            description: rule.description,
+            location: `${relPath}:${lineNum}`,
+            pattern: match[0].substring(0, 100),
+            // Limit pattern length
+            recommendation: rule.recommendation
+          });
+          if (rule.category === "shell-execution") {
+            permissions.add("shell:execute");
+          } else if (rule.category === "network-access") {
+            permissions.add("network:access");
+          } else if (rule.category === "credential-access") {
+            permissions.add("credential:read");
+          }
+        }
+      }
+      const urls = extractUrls(content);
+      for (const url of urls) {
+        if (!isSafeDomain(url)) {
+          risks.push({
+            severity: "medium",
+            category: "network-access",
+            description: `External URL: ${url}`,
+            location: relPath,
+            pattern: url,
+            recommendation: "Verify this domain is necessary and trustworthy."
+          });
+          permissions.add("network:access");
+        }
+      }
+    } catch (error) {
+      continue;
+    }
+  }
+  const criticalRisks = risks.filter((r) => r.severity === "critical");
+  const highRisks = risks.filter((r) => r.severity === "high");
+  const safe = criticalRisks.length === 0 && highRisks.length < 3;
+  const requiredPermissions = Array.from(permissions).map((perm) => ({
+    name: perm,
+    description: getPermissionDescription(perm),
+    required: true
+  }));
+  return {
+    safe,
+    risks: risks.sort((a, b) => {
+      const severityOrder = { critical: 0, high: 1, medium: 2, low: 3 };
+      return severityOrder[a.severity] - severityOrder[b.severity];
+    }),
+    requiredPermissions,
+    filesScanned: files.length,
+    scanDuration: Date.now() - startTime
+  };
+}
+function getPermissionDescription(permission) {
+  const descriptions = {
+    "shell:execute": "Execute shell commands on your system",
+    "network:access": "Make network requests to external servers",
+    "credential:read": "Access credential files and environment variables",
+    "file:write": "Modify files in your project",
+    "file:read": "Read files in your project"
+  };
+  return descriptions[permission] || permission;
+}
+function formatSecuritySummary(result) {
+  if (result.risks.length === 0) {
+    return "\u2705 No security risks detected";
+  }
+  const critical = result.risks.filter((r) => r.severity === "critical").length;
+  const high = result.risks.filter((r) => r.severity === "high").length;
+  const medium = result.risks.filter((r) => r.severity === "medium").length;
+  const low = result.risks.filter((r) => r.severity === "low").length;
+  const parts = [];
+  if (critical > 0) parts.push(`\u{1F534} ${critical} critical`);
+  if (high > 0) parts.push(`\u{1F7E0} ${high} high`);
+  if (medium > 0) parts.push(`\u{1F7E1} ${medium} medium`);
+  if (low > 0) parts.push(`\u{1F535} ${low} low`);
+  return parts.join(", ") + " risk" + (result.risks.length === 1 ? "" : "s");
+}
+
+// src/utils/command-runner.ts
+import { exec, execFile, execSync } from "child_process";
+import { promisify } from "util";
+
+// src/skills/audit-logger.ts
+import { writeFile as writeFile2, mkdir as mkdir2, readdir as readdir2, readFile as readFile4 } from "fs/promises";
+import { join as join4 } from "path";
+async function logSkillExecution(execution) {
+  const workDir = getWorkingDirectory(void 0, true);
+  const auditDir = join4(workDir, ".trie", "audit");
+  await mkdir2(auditDir, { recursive: true });
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
+  const safeSkillName = execution.skillName.replace(/[^a-z0-9-]/gi, "_");
+  const filename = `${timestamp}_${safeSkillName}.json`;
+  const filepath = join4(auditDir, filename);
+  if (!execution.endTime) {
+    execution.endTime = Date.now();
+  }
+  if (!execution.duration) {
+    execution.duration = execution.endTime - execution.startTime;
+  }
+  await writeFile2(filepath, JSON.stringify(execution, null, 2), "utf-8");
+}
+function createAuditEntry(skillName, skillSource, triggeredBy, targetPath) {
+  return {
+    skillName,
+    skillSource,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    startTime: Date.now(),
+    success: false,
+    triggeredBy,
+    targetPath,
+    commands: [],
+    networkCalls: [],
+    filesAccessed: [],
+    filesModified: []
+  };
+}
+function completeAuditEntry(entry, success, error) {
+  const base = {
+    ...entry,
+    success,
+    endTime: Date.now(),
+    duration: Date.now() - entry.startTime
+  };
+  return error ? { ...base, error } : base;
+}
+async function getRecentAuditLogs(limit = 10) {
+  const workDir = getWorkingDirectory(void 0, true);
+  const auditDir = join4(workDir, ".trie", "audit");
+  try {
+    const files = await readdir2(auditDir);
+    const sorted = files.filter((f) => f.endsWith(".json")).sort().reverse().slice(0, limit);
+    const logs = [];
+    for (const file of sorted) {
+      try {
+        const content = await readFile4(join4(auditDir, file), "utf-8");
+        logs.push(JSON.parse(content));
+      } catch {
+      }
+    }
+    return logs;
+  } catch {
+    return [];
+  }
+}
+async function getSkillAuditLogs(skillName) {
+  const workDir = getWorkingDirectory(void 0, true);
+  const auditDir = join4(workDir, ".trie", "audit");
+  const safeSkillName = skillName.replace(/[^a-z0-9-]/gi, "_");
+  try {
+    const files = await readdir2(auditDir);
+    const skillFiles = files.filter(
+      (f) => f.includes(`_${safeSkillName}.json`)
+    );
+    const logs = [];
+    for (const file of skillFiles) {
+      try {
+        const content = await readFile4(join4(auditDir, file), "utf-8");
+        logs.push(JSON.parse(content));
+      } catch {
+      }
+    }
+    return logs.sort(
+      (a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime()
+    );
+  } catch {
+    return [];
+  }
+}
+async function getAuditStatistics() {
+  const logs = await getRecentAuditLogs(1e3);
+  const skills = /* @__PURE__ */ new Set();
+  let totalCommands = 0;
+  let totalNetworkCalls = 0;
+  let blockedCommands = 0;
+  let blockedNetworkCalls = 0;
+  for (const log of logs) {
+    skills.add(log.skillName);
+    totalCommands += log.commands?.length ?? 0;
+    totalNetworkCalls += log.networkCalls?.length ?? 0;
+    blockedCommands += log.commands?.filter((c) => c.blockedBy).length ?? 0;
+    blockedNetworkCalls += log.networkCalls?.filter((c) => c.blocked).length ?? 0;
+  }
+  return {
+    totalExecutions: logs.length,
+    successfulExecutions: logs.filter((l) => l.success).length,
+    failedExecutions: logs.filter((l) => !l.success).length,
+    uniqueSkills: skills.size,
+    totalCommands,
+    totalNetworkCalls,
+    blockedCommands,
+    blockedNetworkCalls
+  };
+}
+function formatAuditLog(log) {
+  const lines = [];
+  const status = log.success ? "\u2705" : "\u274C";
+  const duration = log.duration ? `${log.duration}ms` : "unknown";
+  lines.push(`${status} ${log.skillName} (${duration})`);
+  lines.push(`   Time: ${new Date(log.timestamp).toLocaleString()}`);
+  lines.push(`   Triggered by: ${log.triggeredBy}`);
+  lines.push(`   Target: ${log.targetPath}`);
+  if (log.commands && log.commands.length > 0) {
+    lines.push(`   Commands executed: ${log.commands.length}`);
+    const blocked = log.commands.filter((c) => c.blockedBy).length;
+    if (blocked > 0) {
+      lines.push(`   \u26A0\uFE0F  Commands blocked: ${blocked}`);
+    }
+  }
+  if (log.networkCalls && log.networkCalls.length > 0) {
+    lines.push(`   Network calls: ${log.networkCalls.length}`);
+    const blocked = log.networkCalls.filter((c) => c.blocked).length;
+    if (blocked > 0) {
+      lines.push(`   \u26A0\uFE0F  Network calls blocked: ${blocked}`);
+    }
+  }
+  if (log.error) {
+    lines.push(`   Error: ${log.error}`);
+  }
+  return lines.join("\n");
+}
+
+// src/utils/command-runner.ts
 var execAsync = promisify(exec);
+var execFileAsync = promisify(execFile);
+function redact(text) {
+  return text.replace(/\b(AWS|ANTHROPIC|OPENAI|GITHUB)_[A-Z0-9_]*\s*=\s*([^\s"'`]+)/gi, "$1_<REDACTED>=<REDACTED>").replace(/\bBearer\s+[A-Za-z0-9\-._~+/]+=*\b/g, "Bearer <REDACTED>").replace(/\bghp_[A-Za-z0-9]{20,}\b/g, "ghp_<REDACTED>").replace(/\b(?:xox[baprs]-)[A-Za-z0-9-]{10,}\b/g, "<REDACTED_SLACK_TOKEN>").replace(/\bAKIA[0-9A-Z]{16}\b/g, "AKIA<REDACTED>");
+}
+function clampOutput(text, maxChars) {
+  if (text.length <= maxChars) return text;
+  return text.slice(0, maxChars) + `
+\u2026(truncated ${text.length - maxChars} chars)`;
+}
+function buildCommandRecord(command) {
+  return {
+    command,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+async function finalizeAndWrite(entry, cmd, outcome, options) {
+  const duration = Date.now() - outcome.startedAt;
+  cmd.duration = duration;
+  if (outcome.exitCode !== void 0) {
+    cmd.exitCode = outcome.exitCode;
+  }
+  const captureOutput = options?.captureOutput ?? false;
+  const redactOutput = options?.redactOutput ?? true;
+  const maxOutputChars = options?.maxOutputChars ?? 2e3;
+  if (captureOutput) {
+    const out = outcome.stdout ?? "";
+    const err = outcome.stderr ?? "";
+    cmd.stdout = redactOutput ? redact(clampOutput(out, maxOutputChars)) : clampOutput(out, maxOutputChars);
+    cmd.stderr = redactOutput ? redact(clampOutput(err, maxOutputChars)) : clampOutput(err, maxOutputChars);
+  }
+  const completed = completeAuditEntry(entry, outcome.success, outcome.error);
+  await logSkillExecution(completed);
+}
+async function runShellCommand(command, audit, options) {
+  const startedAt = Date.now();
+  const entry = createAuditEntry(audit.actor, audit.source ?? "trie", audit.triggeredBy, audit.targetPath);
+  const cmd = buildCommandRecord(command);
+  entry.commands?.push(cmd);
+  try {
+    const { stdout, stderr } = await execAsync(command, {
+      cwd: options?.cwd,
+      timeout: options?.timeoutMs,
+      maxBuffer: options?.maxBuffer
+    });
+    await finalizeAndWrite(entry, cmd, { success: true, exitCode: 0, stdout, stderr, startedAt }, options);
+    return { stdout: stdout ?? "", stderr: stderr ?? "", exitCode: 0 };
+  } catch (e) {
+    const err = e;
+    const stdout = typeof err.stdout === "string" ? err.stdout : "";
+    const stderr = typeof err.stderr === "string" ? err.stderr : "";
+    const exitCode = typeof err.code === "number" ? err.code : 1;
+    await finalizeAndWrite(
+      entry,
+      cmd,
+      { success: false, exitCode, stdout, stderr, error: err.message, startedAt },
+      // Capture output for failures by default (so audits are useful)
+      { ...options, captureOutput: options?.captureOutput ?? true }
+    );
+    return { stdout, stderr, exitCode };
+  }
+}
+function runShellCommandSync(command, audit, options) {
+  const startedAt = Date.now();
+  const entry = createAuditEntry(audit.actor, audit.source ?? "trie", audit.triggeredBy, audit.targetPath);
+  const cmd = buildCommandRecord(command);
+  entry.commands?.push(cmd);
+  try {
+    const stdout = execSync(command, {
+      cwd: options?.cwd,
+      timeout: options?.timeoutMs,
+      maxBuffer: options?.maxBuffer,
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    });
+    void finalizeAndWrite(entry, cmd, { success: true, exitCode: 0, stdout, stderr: "", startedAt }, options);
+    return { stdout: stdout ?? "", exitCode: 0 };
+  } catch (e) {
+    const err = e;
+    const stdout = typeof err.stdout === "string" ? err.stdout : "";
+    const stderr = typeof err.stderr === "string" ? err.stderr : "";
+    const exitCode = typeof err.status === "number" ? err.status : 1;
+    void finalizeAndWrite(
+      entry,
+      cmd,
+      { success: false, exitCode, stdout, stderr, error: err.message, startedAt },
+      { ...options, captureOutput: options?.captureOutput ?? true }
+    );
+    return { stdout, exitCode };
+  }
+}
+async function runExecFile(file, args, audit, options) {
+  const startedAt = Date.now();
+  const command = [file, ...args].join(" ");
+  const entry = createAuditEntry(audit.actor, audit.source ?? "trie", audit.triggeredBy, audit.targetPath);
+  const cmd = buildCommandRecord(command);
+  entry.commands?.push(cmd);
+  try {
+    const { stdout, stderr } = await execFileAsync(file, args, {
+      cwd: options?.cwd,
+      timeout: options?.timeoutMs,
+      maxBuffer: options?.maxBuffer
+    });
+    await finalizeAndWrite(entry, cmd, { success: true, exitCode: 0, stdout: String(stdout ?? ""), stderr: String(stderr ?? ""), startedAt }, options);
+    return { stdout: String(stdout ?? ""), stderr: String(stderr ?? ""), exitCode: 0 };
+  } catch (e) {
+    const err = e;
+    const stdout = typeof err.stdout === "string" ? err.stdout : "";
+    const stderr = typeof err.stderr === "string" ? err.stderr : "";
+    const exitCode = typeof err.code === "number" ? err.code : 1;
+    await finalizeAndWrite(
+      entry,
+      cmd,
+      { success: false, exitCode, stdout, stderr, error: err.message, startedAt },
+      { ...options, captureOutput: options?.captureOutput ?? true }
+    );
+    return { stdout, stderr, exitCode };
+  }
+}
+
+// src/skills/installer.ts
 var GLOBAL_SKILLS_DIRS = {
-  trie: join3(homedir(), ".trie", "skills"),
-  cursor: join3(homedir(), ".cursor", "skills"),
-  claude: join3(homedir(), ".claude", "skills"),
-  opencode: join3(homedir(), ".config", "opencode", "skills")
+  trie: join5(homedir(), ".trie", "skills"),
+  cursor: join5(homedir(), ".cursor", "skills"),
+  claude: join5(homedir(), ".claude", "skills"),
+  opencode: join5(homedir(), ".config", "opencode", "skills")
 };
 var GLOBAL_SKILLS_DIR = GLOBAL_SKILLS_DIRS.trie;
 function getAllGlobalSkillDirs() {
@@ -8941,26 +9477,74 @@ async function installSkill(source, skillName) {
   }
   const { owner, repo, skill: parsedSkill } = parsed;
   const specifiedSkill = skillName || parsedSkill;
-  const skillsDir = join3(getWorkingDirectory(void 0, true), ".trie", "skills");
-  const tempDir = join3(skillsDir, `.temp-${Date.now()}`);
+  const skillsDir = join5(getWorkingDirectory(void 0, true), ".trie", "skills");
+  const tempDir = join5(skillsDir, `.temp-${Date.now()}`);
   try {
-    await mkdir2(skillsDir, { recursive: true });
+    await mkdir3(skillsDir, { recursive: true });
+    console.log("Cloning repository...");
     const repoUrl = `https://github.com/${owner}/${repo}.git`;
-    await execAsync(`git clone --depth 1 "${repoUrl}" "${tempDir}"`, { timeout: 6e4 });
+    if (!repoUrl.startsWith("https://github.com/") || repoUrl.includes("..") || repoUrl.includes("~")) {
+      throw new Error("Invalid repository URL");
+    }
+    await runShellCommand(
+      `git clone --depth 1 "${repoUrl}" "${tempDir}"`,
+      { actor: "internal:skills-installer", triggeredBy: "manual", targetPath: getWorkingDirectory(void 0, true) },
+      { timeoutMs: 6e4, captureOutput: false }
+    );
     const sourcePath = await findSkillPath(tempDir, specifiedSkill);
     if (!sourcePath) {
       throw new Error(`SKILL.md not found in repository. Searched in: root, skills/, ${specifiedSkill || "subdirectories"}`);
     }
+    console.log("Running security scan...");
+    const securityScan = await scanSkillForThreats(sourcePath);
+    console.log(`Security scan: ${formatSecuritySummary(securityScan)}`);
+    if (securityScan.risks.length > 0) {
+      console.warn("\n\u26A0\uFE0F  SECURITY RISKS DETECTED\n");
+      const criticalRisks = securityScan.risks.filter((r) => r.severity === "critical");
+      const highRisks = securityScan.risks.filter((r) => r.severity === "high");
+      for (const risk of criticalRisks) {
+        console.warn(`\u{1F534} CRITICAL: ${risk.description}`);
+        console.warn(`   ${risk.location}: ${risk.pattern}`);
+        console.warn(`   \u2192 ${risk.recommendation}
+`);
+      }
+      for (const risk of highRisks) {
+        console.warn(`\u{1F7E0} HIGH: ${risk.description}`);
+        console.warn(`   ${risk.location}`);
+        console.warn(`   \u2192 ${risk.recommendation}
+`);
+      }
+      if (criticalRisks.length > 0) {
+        console.warn("\u26A0\uFE0F  This skill has CRITICAL security risks. Use with extreme caution.\n");
+      } else {
+        console.warn("\u26A0\uFE0F  Review these risks before using this skill.\n");
+      }
+    }
     const parsed2 = await parseSkillMd(sourcePath);
     const name = parsed2.frontmatter.name;
-    const targetPath = join3(skillsDir, name);
+    const targetPath = join5(skillsDir, name);
     await rm(targetPath, { recursive: true, force: true });
     await cp(sourcePath, targetPath, { recursive: true });
-    await writeFile2(join3(targetPath, ".installed.json"), JSON.stringify({
+    await writeFile3(join5(targetPath, ".installed.json"), JSON.stringify({
       installedFrom: source,
       installedAt: (/* @__PURE__ */ new Date()).toISOString(),
-      repository: `${owner}/${repo}`
+      repository: `${owner}/${repo}`,
+      securityScan: {
+        safe: securityScan.safe,
+        riskCount: securityScan.risks.length,
+        criticalRisks: securityScan.risks.filter((r) => r.severity === "critical").length,
+        highRisks: securityScan.risks.filter((r) => r.severity === "high").length,
+        scannedAt: (/* @__PURE__ */ new Date()).toISOString()
+      },
+      risks: securityScan.risks,
+      // Store full risk details
+      permissions: securityScan.requiredPermissions
     }, null, 2));
+    if (securityScan.risks.length > 0) {
+      console.log(`
+\u26A0\uFE0F  View security details with: trie skills info ${name}
+`);
+    }
     return { success: true, name, path: targetPath };
   } catch (error) {
     const message = error instanceof Error ? error.message : String(error);
@@ -8974,22 +9558,22 @@ async function findSkillPath(repoPath, skillName) {
   const searchPaths = [];
   if (skillName) {
     searchPaths.push(
-      join3(repoPath, "skills", skillName),
-      join3(repoPath, skillName)
+      join5(repoPath, "skills", skillName),
+      join5(repoPath, skillName)
     );
   }
   searchPaths.push(
     repoPath,
-    join3(repoPath, "skill")
+    join5(repoPath, "skill")
   );
   if (!skillName) {
     try {
-      const skillsSubdir = join3(repoPath, "skills");
+      const skillsSubdir = join5(repoPath, "skills");
       await access(skillsSubdir);
-      const entries = await readdir(skillsSubdir, { withFileTypes: true });
+      const entries = await readdir3(skillsSubdir, { withFileTypes: true });
       for (const entry of entries) {
         if (entry.isDirectory() && !entry.name.startsWith(".")) {
-          searchPaths.push(join3(skillsSubdir, entry.name));
+          searchPaths.push(join5(skillsSubdir, entry.name));
         }
       }
     } catch {
@@ -9019,10 +9603,10 @@ async function findClaudeCodeSubagent(repoPath, skillName) {
     skillName.replace(/-expert$/, "-expert.md")
   ];
   for (const fileName of searchNames) {
-    const filePath = join3(repoPath, fileName);
+    const filePath = join5(repoPath, fileName);
     try {
       await access(filePath);
-      const content = await readFile3(filePath, "utf-8");
+      const content = await readFile5(filePath, "utf-8");
       if (content.startsWith("---")) {
         return await convertClaudeCodeToSkillMd(repoPath, filePath, skillName);
       }
@@ -9030,7 +9614,7 @@ async function findClaudeCodeSubagent(repoPath, skillName) {
     }
   }
   try {
-    const entries = await readdir(repoPath);
+    const entries = await readdir3(repoPath);
     const mdFiles = entries.filter((e) => e.endsWith(".md") && !e.toLowerCase().includes("readme") && !e.toLowerCase().includes("license"));
     if (mdFiles.length > 0) {
       const availableSkills = mdFiles.map((f) => f.replace(".md", "")).join(", ");
@@ -9044,7 +9628,7 @@ async function findClaudeCodeSubagent(repoPath, skillName) {
   return null;
 }
 async function convertClaudeCodeToSkillMd(repoPath, filePath, skillName) {
-  const content = await readFile3(filePath, "utf-8");
+  const content = await readFile5(filePath, "utf-8");
   const fmMatch = content.match(/^---\n([\s\S]*?)\n---\n([\s\S]*)$/);
   if (!fmMatch) {
     throw new Error("Invalid frontmatter format");
@@ -9057,8 +9641,8 @@ async function convertClaudeCodeToSkillMd(repoPath, filePath, skillName) {
   const name = nameMatch ? nameMatch[1].trim() : skillName;
   const description = descMatch ? descMatch[1].trim() : `Skill from Claude Code subagent: ${name}`;
   const model = modelMatch ? modelMatch[1].trim() : void 0;
-  const tempSkillDir = join3(repoPath, ".converted-skill", name);
-  await mkdir2(tempSkillDir, { recursive: true });
+  const tempSkillDir = join5(repoPath, ".converted-skill", name);
+  await mkdir3(tempSkillDir, { recursive: true });
   let newContent = `---
 name: ${name}
 description: ${description}
@@ -9070,23 +9654,23 @@ tags: [claude-code, subagent${model ? `, ${model}` : ""}]
 
 ${body}
 `;
-  await writeFile2(join3(tempSkillDir, "SKILL.md"), newContent, "utf-8");
+  await writeFile3(join5(tempSkillDir, "SKILL.md"), newContent, "utf-8");
   return tempSkillDir;
 }
 async function listInstalledSkills() {
-  const skillsDir = join3(getWorkingDirectory(void 0, true), ".trie", "skills");
+  const skillsDir = join5(getWorkingDirectory(void 0, true), ".trie", "skills");
   const skills = [];
   try {
-    const entries = await readdir(skillsDir, { withFileTypes: true });
+    const entries = await readdir3(skillsDir, { withFileTypes: true });
     for (const entry of entries) {
       if (!entry.isDirectory() || entry.name.startsWith(".")) continue;
-      const skillPath = join3(skillsDir, entry.name);
+      const skillPath = join5(skillsDir, entry.name);
       try {
         const parsed = await parseSkillMd(skillPath);
-        const metaPath = join3(skillPath, ".installed.json");
+        const metaPath = join5(skillPath, ".installed.json");
         let meta = { installedFrom: "unknown", installedAt: (/* @__PURE__ */ new Date()).toISOString() };
         try {
-          meta = JSON.parse(await readFile3(metaPath, "utf-8"));
+          meta = JSON.parse(await readFile5(metaPath, "utf-8"));
         } catch {
         }
         skills.push({
@@ -9104,8 +9688,8 @@ async function listInstalledSkills() {
   return skills;
 }
 async function removeSkill(skillName) {
-  const skillsDir = join3(getWorkingDirectory(void 0, true), ".trie", "skills");
-  const skillPath = join3(skillsDir, skillName);
+  const skillsDir = join5(getWorkingDirectory(void 0, true), ".trie", "skills");
+  const skillPath = join5(skillsDir, skillName);
   try {
     await rm(skillPath, { recursive: true });
     return true;
@@ -9116,16 +9700,16 @@ async function removeSkill(skillName) {
 async function listGlobalSkills() {
   const skills = [];
   try {
-    const entries = await readdir(GLOBAL_SKILLS_DIR, { withFileTypes: true });
+    const entries = await readdir3(GLOBAL_SKILLS_DIR, { withFileTypes: true });
     for (const entry of entries) {
       if (!entry.isDirectory() || entry.name.startsWith(".")) continue;
-      const skillPath = join3(GLOBAL_SKILLS_DIR, entry.name);
+      const skillPath = join5(GLOBAL_SKILLS_DIR, entry.name);
       try {
         const parsed = await parseSkillMd(skillPath);
-        const metaPath = join3(skillPath, ".installed.json");
+        const metaPath = join5(skillPath, ".installed.json");
         let meta = { installedFrom: "custom", installedAt: (/* @__PURE__ */ new Date()).toISOString() };
         try {
-          meta = JSON.parse(await readFile3(metaPath, "utf-8"));
+          meta = JSON.parse(await readFile5(metaPath, "utf-8"));
         } catch {
         }
         skills.push({
@@ -9147,14 +9731,14 @@ async function writeSkillToAllDirs(name, skillMdContent, metadata) {
   let primaryPath = "";
   for (const [tool, baseDir] of Object.entries(GLOBAL_SKILLS_DIRS)) {
     try {
-      await mkdir2(baseDir, { recursive: true });
-      const skillPath = join3(baseDir, name);
+      await mkdir3(baseDir, { recursive: true });
+      const skillPath = join5(baseDir, name);
       if (existsSync3(skillPath)) {
         continue;
       }
-      await mkdir2(skillPath, { recursive: true });
-      await writeFile2(join3(skillPath, "SKILL.md"), skillMdContent, "utf-8");
-      await writeFile2(join3(skillPath, ".installed.json"), JSON.stringify(metadata, null, 2));
+      await mkdir3(skillPath, { recursive: true });
+      await writeFile3(join5(skillPath, "SKILL.md"), skillMdContent, "utf-8");
+      await writeFile3(join5(skillPath, ".installed.json"), JSON.stringify(metadata, null, 2));
       writtenTo.push(tool);
       if (tool === "trie") {
         primaryPath = skillPath;
@@ -9165,25 +9749,25 @@ async function writeSkillToAllDirs(name, skillMdContent, metadata) {
   if (!primaryPath && writtenTo.length > 0) {
     const firstTool = writtenTo[0];
     if (firstTool) {
-      primaryPath = join3(GLOBAL_SKILLS_DIRS[firstTool], name);
+      primaryPath = join5(GLOBAL_SKILLS_DIRS[firstTool], name);
     }
   }
   return { primaryPath, writtenTo };
 }
 async function createSkillFromFile(filePath, skillName, description) {
   try {
-    const stats = await stat(filePath);
+    const stats = await stat2(filePath);
     if (!stats.isFile()) {
       return { success: false, name: "unknown", error: "Path is not a file" };
     }
-    const content = await readFile3(filePath, "utf-8");
+    const content = await readFile5(filePath, "utf-8");
     if (!content.trim()) {
       return { success: false, name: "unknown", error: "File is empty" };
     }
     const ext = extname2(filePath);
     const baseFileName = basename2(filePath, ext);
     const name = skillName || baseFileName.toLowerCase().replace(/[^a-z0-9-]/g, "-").replace(/-+/g, "-");
-    const primarySkillPath = join3(GLOBAL_SKILLS_DIR, name);
+    const primarySkillPath = join5(GLOBAL_SKILLS_DIR, name);
     if (existsSync3(primarySkillPath)) {
       return { success: false, name, error: `Skill "${name}" already exists. Use a different name or remove the existing skill.` };
     }
@@ -9223,7 +9807,7 @@ ${content}
 async function removeGlobalSkill(skillName) {
   let removed = false;
   for (const baseDir of getAllGlobalSkillDirs()) {
-    const skillPath = join3(baseDir, skillName);
+    const skillPath = join5(baseDir, skillName);
     try {
       if (existsSync3(skillPath)) {
         await rm(skillPath, { recursive: true });
@@ -9236,18 +9820,18 @@ async function removeGlobalSkill(skillName) {
 }
 
 // src/utils/context-state.ts
-import { readFile as readFile4, mkdir as mkdir3 } from "fs/promises";
+import { readFile as readFile6, mkdir as mkdir4 } from "fs/promises";
 import { existsSync as existsSync4 } from "fs";
-import { join as join4, basename as basename3 } from "path";
+import { join as join6, basename as basename3 } from "path";
 var AGENTS_MD_PATH = ".trie/AGENTS.md";
 var STATE_JSON_PATH = ".trie/state.json";
 async function loadContextState() {
   const workDir = getWorkingDirectory(void 0, true);
-  const statePath = join4(workDir, STATE_JSON_PATH);
+  const statePath = join6(workDir, STATE_JSON_PATH);
   const defaults = getDefaultState();
   try {
     if (existsSync4(statePath)) {
-      const content = await readFile4(statePath, "utf-8");
+      const content = await readFile6(statePath, "utf-8");
       const loaded = JSON.parse(content);
       return {
         ...defaults,
@@ -9261,9 +9845,9 @@ async function loadContextState() {
 }
 async function saveContextState(state) {
   const workDir = getWorkingDirectory(void 0, true);
-  const trieDir = join4(workDir, ".trie");
-  const statePath = join4(workDir, STATE_JSON_PATH);
-  await mkdir3(trieDir, { recursive: true });
+  const trieDir = join6(workDir, ".trie");
+  const statePath = join6(workDir, STATE_JSON_PATH);
+  await mkdir4(trieDir, { recursive: true });
   await atomicWriteJSON(statePath, state);
 }
 async function updateContextAfterScan(results, filesScanned, contextSignals, duration) {
@@ -9322,10 +9906,10 @@ async function updateContextAfterScan(results, filesScanned, contextSignals, dur
 }
 async function updateAgentsMd(state) {
   const workDir = getWorkingDirectory(void 0, true);
-  const mdPath = join4(workDir, AGENTS_MD_PATH);
+  const mdPath = join6(workDir, AGENTS_MD_PATH);
   let content;
   try {
-    content = await readFile4(mdPath, "utf-8");
+    content = await readFile6(mdPath, "utf-8");
   } catch {
     content = getAgentsMdTemplate();
   }
@@ -9658,9 +10242,8 @@ async function getContextForAI() {
 
 // src/skills/gating.ts
 import { existsSync as existsSync5 } from "fs";
-import { readFile as readFile5 } from "fs/promises";
-import { join as join5 } from "path";
-import { execSync } from "child_process";
+import { readFile as readFile7 } from "fs/promises";
+import { join as join7 } from "path";
 async function checkSkillRequirements(frontmatter, projectDir) {
   const result = { allowed: true };
   if (frontmatter.requires && frontmatter.requires.length > 0) {
@@ -9716,7 +10299,7 @@ async function checkSkillRequirements(frontmatter, projectDir) {
     }
   }
   if (reqs.configFiles && reqs.configFiles.length > 0) {
-    const missing = reqs.configFiles.filter((file) => !existsSync5(join5(projectDir, file)));
+    const missing = reqs.configFiles.filter((file) => !existsSync5(join7(projectDir, file)));
     if (missing.length > 0) {
       result.allowed = false;
       result.missingConfigs = missing;
@@ -9728,11 +10311,11 @@ async function checkSkillRequirements(frontmatter, projectDir) {
 }
 async function getProjectDependencies(projectDir) {
   try {
-    const pkgPath = join5(projectDir, "package.json");
+    const pkgPath = join7(projectDir, "package.json");
     if (!existsSync5(pkgPath)) {
       return /* @__PURE__ */ new Set();
     }
-    const pkg = JSON.parse(await readFile5(pkgPath, "utf-8"));
+    const pkg = JSON.parse(await readFile7(pkgPath, "utf-8"));
     return /* @__PURE__ */ new Set([
       ...Object.keys(pkg.dependencies || {}),
       ...Object.keys(pkg.devDependencies || {})
@@ -9742,13 +10325,13 @@ async function getProjectDependencies(projectDir) {
   }
 }
 function isBinaryAvailable(binary) {
-  try {
-    const command = process.platform === "win32" ? `where ${binary}` : `which ${binary}`;
-    execSync(command, { stdio: "ignore" });
-    return true;
-  } catch {
-    return false;
-  }
+  const command = process.platform === "win32" ? `where ${binary}` : `which ${binary}`;
+  const { exitCode } = runShellCommandSync(
+    command,
+    { actor: "internal:skill-gating", triggeredBy: "scan", targetPath: process.cwd() },
+    { captureOutput: false }
+  );
+  return exitCode === 0;
 }
 function formatGatingReason(result) {
   if (result.allowed) return "Allowed";
@@ -10198,8 +10781,8 @@ var CustomSkill = class extends BaseSkill {
 };
 
 // src/skills/built-in/registry.ts
-import { readdir as readdir2, readFile as readFile6 } from "fs/promises";
-import { join as join6 } from "path";
+import { readdir as readdir4, readFile as readFile8 } from "fs/promises";
+import { join as join8 } from "path";
 var SkillRegistryImpl = class {
   skills = /* @__PURE__ */ new Map();
   customSkillsLoaded = false;
@@ -10255,14 +10838,14 @@ var SkillRegistryImpl = class {
   async loadCustomSkills() {
     if (this.customSkillsLoaded) return;
     try {
-      const skillsDir = join6(getWorkingDirectory(void 0, true), ".trie", "agents");
-      const files = await readdir2(skillsDir);
+      const skillsDir = join8(getWorkingDirectory(void 0, true), ".trie", "agents");
+      const files = await readdir4(skillsDir);
       const jsonFiles = files.filter((f) => f.endsWith(".json"));
       let loadedCount = 0;
       for (const file of jsonFiles) {
         try {
-          const configPath = join6(skillsDir, file);
-          const content = await readFile6(configPath, "utf-8");
+          const configPath = join8(skillsDir, file);
+          const content = await readFile8(configPath, "utf-8");
           const config = JSON.parse(content);
           const skill = new CustomSkill(config);
           this.skills.set(skill.name, skill);
@@ -10430,6 +11013,13 @@ function getSkillRegistry() {
 export {
   SuperReviewerSkill,
   CRITICAL_REVIEW_CHECKLIST,
+  getRecentAuditLogs,
+  getSkillAuditLogs,
+  getAuditStatistics,
+  formatAuditLog,
+  runShellCommand,
+  runShellCommandSync,
+  runExecFile,
   installSkill,
   listInstalledSkills,
   removeSkill,
@@ -10451,4 +11041,4 @@ export {
   CustomSkill,
   getSkillRegistry
 };
-//# sourceMappingURL=chunk-3RKY55HZ.js.map
+//# sourceMappingURL=chunk-LKXDJESG.js.map