agentaudit 3.10.4 → 3.10.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +12 -2
- package/package.json +1 -1
package/cli.mjs
CHANGED
|
@@ -1796,8 +1796,9 @@ async function auditRepo(url) {
|
|
|
1796
1796
|
`After analysis, respond with ONLY a valid JSON object. No markdown fences, no explanation, no text before or after. Just the raw JSON:`,
|
|
1797
1797
|
`{ "skill_slug": "${slug}", "source_url": "${url}", "package_type": "<mcp-server|agent-skill|library|cli-tool>",`,
|
|
1798
1798
|
` "risk_score": <0-100>, "result": "<safe|caution|unsafe>", "max_severity": "<none|low|medium|high|critical>",`,
|
|
1799
|
-
` "findings_count": <n>, "findings": [{ "
|
|
1800
|
-
` "description": "...", "file": "...", "line": <n>, "
|
|
1799
|
+
` "findings_count": <n>, "findings": [{ "pattern_id": "CMD_INJECT_001", "title": "...", "severity": "...", "category": "...",`,
|
|
1800
|
+
` "cwe_id": "CWE-78", "description": "...", "file": "...", "line": <n>, "content": "...", "remediation": "...",`,
|
|
1801
|
+
` "confidence": "high|medium|low", "by_design": false, "score_impact": -15 }] }`,
|
|
1801
1802
|
``,
|
|
1802
1803
|
`## Source Code`,
|
|
1803
1804
|
codeBlock,
|
|
@@ -1965,6 +1966,10 @@ async function auditRepo(url) {
|
|
|
1965
1966
|
return null;
|
|
1966
1967
|
}
|
|
1967
1968
|
|
|
1969
|
+
// Add scan metadata for benchmarking
|
|
1970
|
+
report.audit_duration_ms = Date.now() - start;
|
|
1971
|
+
report.files_scanned = files.length;
|
|
1972
|
+
|
|
1968
1973
|
// Display results
|
|
1969
1974
|
console.log();
|
|
1970
1975
|
const riskScore = report.risk_score || 0;
|
|
@@ -2008,7 +2013,12 @@ async function auditRepo(url) {
|
|
|
2008
2013
|
console.log(` ${c.green}done${c.reset}`);
|
|
2009
2014
|
console.log(` ${c.dim}Report: ${REGISTRY_URL}/skills/${slug}${c.reset}`);
|
|
2010
2015
|
} else {
|
|
2016
|
+
let errBody = '';
|
|
2017
|
+
try { errBody = await res.text(); } catch {}
|
|
2011
2018
|
console.log(` ${c.yellow}failed (HTTP ${res.status})${c.reset}`);
|
|
2019
|
+
if (errBody && process.argv.includes('--debug')) {
|
|
2020
|
+
console.log(` ${c.dim}Server: ${errBody.slice(0, 300)}${c.reset}`);
|
|
2021
|
+
}
|
|
2012
2022
|
}
|
|
2013
2023
|
} catch (err) {
|
|
2014
2024
|
console.log(` ${c.yellow}failed${c.reset}`);
|