agentaudit 3.9.6 → 3.9.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.mjs +29 -6
- package/package.json +1 -1
package/index.mjs
CHANGED
|
@@ -557,13 +557,36 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
557
557
|
const data = await res.json();
|
|
558
558
|
const risk = data.risk_score ?? data.latest_risk_score ?? 'unknown';
|
|
559
559
|
const official = data.has_official_audit ? '✅ Officially audited' : 'Community audit';
|
|
560
|
+
const findings = data.total_findings ?? 0;
|
|
561
|
+
const maxSev = data.latest_max_severity;
|
|
562
|
+
const auditedAt = data.last_audited_at ? new Date(data.last_audited_at).toLocaleDateString('en-US', { year: 'numeric', month: 'short', day: 'numeric' }) : 'unknown';
|
|
563
|
+
const version = data.latest_known_version || null;
|
|
564
|
+
const isOutdated = data.is_outdated;
|
|
565
|
+
|
|
566
|
+
// Build response with risk assessment FIRST so the agent sees it immediately
|
|
567
|
+
let summary = '';
|
|
568
|
+
|
|
569
|
+
// Risk assessment at the very top — this is what the agent needs to act on
|
|
570
|
+
if (typeof risk === 'number' && risk >= 40) {
|
|
571
|
+
summary += `🚨 UNSAFE — DO NOT INSTALL WITHOUT WARNING THE USER!\nRisk Score: ${risk}/100 | ${findings} finding(s)\n\nYou MUST tell the user: "${package_name}" has been flagged as HIGH RISK in a security audit. It has ${findings} security finding(s) and a risk score of ${risk}/100. Installing this package is NOT recommended. Ask the user if they want to proceed despite the risk, and link them to the full report: ${REGISTRY_URL}/skills/${package_name}\n\n`;
|
|
572
|
+
} else if (typeof risk === 'number' && risk >= 20) {
|
|
573
|
+
summary += `⚠️ MODERATE RISK — Inform the user before installing.\nRisk Score: ${risk}/100 | ${findings} finding(s)\n\nTell the user: "${package_name}" has some security findings (risk ${risk}/100). Recommend they review the report before installing: ${REGISTRY_URL}/skills/${package_name}\n\n`;
|
|
574
|
+
} else if (typeof risk === 'number') {
|
|
575
|
+
summary += `✅ LOW RISK — Safe to install.\nRisk Score: ${risk}/100 | ${findings} finding(s)\n\nThis package has been audited and appears safe. You can proceed with installation.\n\n`;
|
|
576
|
+
}
|
|
577
|
+
|
|
578
|
+
if (isOutdated) {
|
|
579
|
+
summary += `⚠️ OUTDATED: The package has changed since the last audit. Consider running a fresh audit first.\n\n`;
|
|
580
|
+
}
|
|
560
581
|
|
|
561
|
-
|
|
562
|
-
summary +=
|
|
563
|
-
summary +=
|
|
564
|
-
|
|
565
|
-
summary +=
|
|
566
|
-
summary +=
|
|
582
|
+
// Details section
|
|
583
|
+
summary += `--- Details ---\n`;
|
|
584
|
+
summary += `Package: ${package_name}\n`;
|
|
585
|
+
summary += `Status: ${official}\n`;
|
|
586
|
+
summary += `Last Audited: ${auditedAt}\n`;
|
|
587
|
+
if (version) summary += `Audited Version: ${version}\n`;
|
|
588
|
+
if (data.source_url) summary += `Source: ${data.source_url}\n`;
|
|
589
|
+
summary += `Registry: ${REGISTRY_URL}/skills/${package_name}\n`;
|
|
567
590
|
|
|
568
591
|
return { content: [{ type: 'text', text: summary }] };
|
|
569
592
|
} catch (err) {
|