agentaudit 3.9.6 → 3.9.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.mjs +22 -1
- package/package.json +1 -1
package/index.mjs
CHANGED
|
@@ -557,13 +557,34 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
557
557
|
const data = await res.json();
|
|
558
558
|
const risk = data.risk_score ?? data.latest_risk_score ?? 'unknown';
|
|
559
559
|
const official = data.has_official_audit ? '✅ Officially audited' : 'Community audit';
|
|
560
|
+
const findings = data.total_findings ?? 0;
|
|
561
|
+
const maxSev = data.latest_max_severity;
|
|
562
|
+
const auditedAt = data.last_audited_at ? new Date(data.last_audited_at).toLocaleDateString('en-US', { year: 'numeric', month: 'short', day: 'numeric' }) : 'unknown';
|
|
563
|
+
const version = data.latest_known_version || null;
|
|
564
|
+
const isOutdated = data.is_outdated;
|
|
560
565
|
|
|
561
566
|
let summary = `# ${package_name}\n\n`;
|
|
562
567
|
summary += `**Risk Score:** ${risk}/100\n`;
|
|
563
568
|
summary += `**Status:** ${official}\n`;
|
|
569
|
+
summary += `**Findings:** ${findings}${maxSev ? ` (max severity: ${maxSev})` : ''}\n`;
|
|
570
|
+
summary += `**Last Audited:** ${auditedAt}\n`;
|
|
571
|
+
if (version) summary += `**Audited Version:** ${version}\n`;
|
|
572
|
+
if (isOutdated) summary += `**⚠️ OUTDATED:** The package has been updated since the last audit!\n`;
|
|
564
573
|
if (data.source_url) summary += `**Source:** ${data.source_url}\n`;
|
|
565
574
|
summary += `**Registry:** ${REGISTRY_URL}/skills/${package_name}\n\n`;
|
|
566
|
-
|
|
575
|
+
|
|
576
|
+
// Agent instructions based on risk level
|
|
577
|
+
if (typeof risk === 'number' && risk >= 40) {
|
|
578
|
+
summary += `\n🚨 HIGH RISK (${risk}/100): IMPORTANT — Tell the user this package has significant security findings and may be UNSAFE to install. Recommend reviewing the findings at ${REGISTRY_URL}/skills/${package_name} before proceeding. If the user still wants to install, strongly warn about the risks.\n`;
|
|
579
|
+
} else if (typeof risk === 'number' && risk >= 20) {
|
|
580
|
+
summary += `\n⚠️ MODERATE RISK (${risk}/100): Inform the user that this package has some security findings. Recommend reviewing them at ${REGISTRY_URL}/skills/${package_name} before installing.\n`;
|
|
581
|
+
} else if (typeof risk === 'number') {
|
|
582
|
+
summary += `\n✅ LOW RISK (${risk}/100): This package appears safe based on its security audit. The user can proceed with installation.\n`;
|
|
583
|
+
}
|
|
584
|
+
|
|
585
|
+
if (isOutdated) {
|
|
586
|
+
summary += `\n⚠️ NOTE: The audit may be outdated — the package has changed since it was last reviewed. Consider running a fresh audit with audit_package.\n`;
|
|
587
|
+
}
|
|
567
588
|
|
|
568
589
|
return { content: [{ type: 'text', text: summary }] };
|
|
569
590
|
} catch (err) {
|