claude-skill-antivirus 2.0.1 → 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +37 -0
- package/README.zh-TW.md +34 -0
- package/package.json +2 -2
- package/src/index.js +1 -1
- package/src/utils/downloader.js +16 -0
package/README.md
CHANGED
|
@@ -1,7 +1,18 @@
|
|
|
1
1
|
# Claude Skill Antivirus
|
|
2
2
|
|
|
3
|
+
[](https://www.npmjs.com/package/claude-skill-antivirus)
|
|
4
|
+
[](https://github.com/claude-world/claude-skill-antivirus/actions/workflows/ci.yml)
|
|
5
|
+
[](https://opensource.org/licenses/MIT)
|
|
6
|
+
[](https://nodejs.org/)
|
|
7
|
+
[](https://docs.anthropic.com/en/docs/claude-code)
|
|
8
|
+
|
|
9
|
+
<!-- TODO: Replace with actual GIF -->
|
|
10
|
+
<img src="assets/demo.gif" alt="Claude Skill Antivirus scanning a CLAUDE.md file for prompt injection" title="Demo shows: trigger scan → detect patterns → show results" />
|
|
11
|
+
|
|
3
12
|
A security scanner and safe installer for Claude Code Skills. Detects malicious patterns, data exfiltration attempts, and dangerous operations before installing third-party skills.
|
|
4
13
|
|
|
14
|
+
Compatible with Claude Code using Opus 4.6, Sonnet 4.6, and Haiku 4.5 models.
|
|
15
|
+
|
|
5
16
|
[繁體中文說明](./README.zh-TW.md) | [SkillsMP Scan Report](./SCAN-REPORT.md)
|
|
6
17
|
|
|
7
18
|
## SkillsMP Platform Scan Results
|
|
@@ -327,6 +338,31 @@ claude-skill-antivirus/
|
|
|
327
338
|
└── README.md
|
|
328
339
|
```
|
|
329
340
|
|
|
341
|
+
## Latest Updates
|
|
342
|
+
|
|
343
|
+
### v2.1.0 (2026-03-13)
|
|
344
|
+
- Verified compatibility with Claude Code Opus 4.6
|
|
345
|
+
- Updated documentation and metadata
|
|
346
|
+
|
|
347
|
+
### v2.0.1
|
|
348
|
+
- Separated capability warnings from actual threats in permission scanner
|
|
349
|
+
- Fixed array format handling in `allowed-tools`
|
|
350
|
+
|
|
351
|
+
### v2.0.0
|
|
352
|
+
- Added 4 new scanning engines: MCP Security, SSRF, Dependency, and Sub-agent scanners (total: 9 engines)
|
|
353
|
+
- Added i18n support (English + Traditional Chinese)
|
|
354
|
+
- Added batch scanner for SkillsMP platform
|
|
355
|
+
- Scanned all 71,577 skills on SkillsMP
|
|
356
|
+
|
|
357
|
+
### v1.0.0
|
|
358
|
+
- Initial release with 5 core scanning engines
|
|
359
|
+
- CLI installer with interactive prompts
|
|
360
|
+
|
|
361
|
+
## Related Projects
|
|
362
|
+
|
|
363
|
+
- [cf-browser](https://github.com/claude-world/cf-browser) - Open-source Cloudflare Browser Rendering proxy with 9 MCP tools for Claude Code
|
|
364
|
+
- [claude-world.com](https://claude-world.com) - Claude Code advanced usage community
|
|
365
|
+
|
|
330
366
|
## Contributing
|
|
331
367
|
|
|
332
368
|
Contributions are welcome! Please feel free to submit issues and pull requests.
|
|
@@ -350,4 +386,5 @@ Lucas Wang <support@claude-world.com>
|
|
|
350
386
|
## Links
|
|
351
387
|
|
|
352
388
|
- [GitHub Repository](https://github.com/claude-world/claude-skill-antivirus)
|
|
389
|
+
- [npm Package](https://www.npmjs.com/package/claude-skill-antivirus)
|
|
353
390
|
- [Report Issues](https://github.com/claude-world/claude-skill-antivirus/issues)
|
package/README.zh-TW.md
CHANGED
|
@@ -1,9 +1,17 @@
|
|
|
1
1
|
# Claude Skill Antivirus
|
|
2
2
|
|
|
3
|
+
[](https://www.npmjs.com/package/claude-skill-antivirus)
|
|
4
|
+
[](https://github.com/claude-world/claude-skill-antivirus/actions/workflows/ci.yml)
|
|
5
|
+
[](https://opensource.org/licenses/MIT)
|
|
6
|
+
[](https://nodejs.org/)
|
|
7
|
+
[](https://docs.anthropic.com/en/docs/claude-code)
|
|
8
|
+
|
|
3
9
|
一個安全的 Claude Skills 安裝器,內建完整的惡意行為偵測引擎。
|
|
4
10
|
|
|
5
11
|
**Skills Installer + Antivirus for Claude**
|
|
6
12
|
|
|
13
|
+
支援 Claude Code Opus 4.6、Sonnet 4.6、Haiku 4.5 模型。
|
|
14
|
+
|
|
7
15
|
[English](./README.md) | [SkillsMP 掃描報告](./SCAN-REPORT.md)
|
|
8
16
|
|
|
9
17
|
## SkillsMP 平台掃描結果
|
|
@@ -320,6 +328,31 @@ claude-skill-antivirus/
|
|
|
320
328
|
└── README.md
|
|
321
329
|
```
|
|
322
330
|
|
|
331
|
+
## 更新紀錄
|
|
332
|
+
|
|
333
|
+
### v2.1.0 (2026-03-13)
|
|
334
|
+
- 確認相容 Claude Code Opus 4.6
|
|
335
|
+
- 更新文件與中繼資料
|
|
336
|
+
|
|
337
|
+
### v2.0.1
|
|
338
|
+
- 權限掃描器分離能力警告與實際威脅
|
|
339
|
+
- 修復 `allowed-tools` 的陣列格式處理
|
|
340
|
+
|
|
341
|
+
### v2.0.0
|
|
342
|
+
- 新增 4 個掃描引擎:MCP 安全、SSRF、依賴、Sub-agent 偵測(共 9 個引擎)
|
|
343
|
+
- 新增多語言支援(英文 + 繁體中文)
|
|
344
|
+
- 新增 SkillsMP 批次掃描功能
|
|
345
|
+
- 掃描 SkillsMP 上所有 71,577 個技能
|
|
346
|
+
|
|
347
|
+
### v1.0.0
|
|
348
|
+
- 首次發布,包含 5 個核心掃描引擎
|
|
349
|
+
- CLI 安裝器,含互動式提示
|
|
350
|
+
|
|
351
|
+
## 相關專案
|
|
352
|
+
|
|
353
|
+
- [cf-browser](https://github.com/claude-world/cf-browser) - 開源 Cloudflare 瀏覽器渲染代理,提供 9 個 MCP 工具給 Claude Code 使用
|
|
354
|
+
- [claude-world.com](https://claude-world.com) - Claude Code 進階使用社群
|
|
355
|
+
|
|
323
356
|
## 貢獻
|
|
324
357
|
|
|
325
358
|
歡迎貢獻!請隨時提交 issues 和 pull requests。
|
|
@@ -343,4 +376,5 @@ Lucas Wang <support@claude-world.com>
|
|
|
343
376
|
## 連結
|
|
344
377
|
|
|
345
378
|
- [GitHub Repository](https://github.com/claude-world/claude-skill-antivirus)
|
|
379
|
+
- [npm 套件](https://www.npmjs.com/package/claude-skill-antivirus)
|
|
346
380
|
- [回報問題](https://github.com/claude-world/claude-skill-antivirus/issues)
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claude-skill-antivirus",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.1.2",
|
|
4
4
|
"description": "A secure Claude Skills installer with comprehensive malicious operation detection - Skills 安裝器 + 防毒軟體",
|
|
5
5
|
"main": "src/index.js",
|
|
6
6
|
"type": "module",
|
|
@@ -39,7 +39,7 @@
|
|
|
39
39
|
],
|
|
40
40
|
"dependencies": {
|
|
41
41
|
"chalk": "^5.3.0",
|
|
42
|
-
"commander": "^
|
|
42
|
+
"commander": "^14.0.3",
|
|
43
43
|
"ora": "^8.0.1",
|
|
44
44
|
"inquirer": "^9.2.12",
|
|
45
45
|
"node-fetch": "^3.3.2",
|
package/src/index.js
CHANGED
|
@@ -14,7 +14,7 @@ const program = new Command();
|
|
|
14
14
|
program
|
|
15
15
|
.name('skill-install')
|
|
16
16
|
.description('A secure Claude Skills installer with malicious operation detection')
|
|
17
|
-
.version('2.
|
|
17
|
+
.version('2.1.1');
|
|
18
18
|
|
|
19
19
|
program
|
|
20
20
|
.argument('<source>', 'Skill URL (SkillsMP link) or local path')
|
package/src/utils/downloader.js
CHANGED
|
@@ -171,6 +171,22 @@ ${description}
|
|
|
171
171
|
}
|
|
172
172
|
|
|
173
173
|
async fetchFromGitHub(url) {
|
|
174
|
+
// If URL points to a repo root (no file path), try SKILL.md on default branch
|
|
175
|
+
const repoRootMatch = url.match(/^https?:\/\/github\.com\/([^/]+)\/([^/]+)\/?$/);
|
|
176
|
+
if (repoRootMatch) {
|
|
177
|
+
const [, owner, repo] = repoRootMatch;
|
|
178
|
+
// Try common default branches
|
|
179
|
+
for (const branch of ['main', 'master']) {
|
|
180
|
+
const rawUrl = `https://raw.githubusercontent.com/${owner}/${repo}/${branch}/SKILL.md`;
|
|
181
|
+
const response = await fetch(rawUrl);
|
|
182
|
+
if (response.ok) {
|
|
183
|
+
const content = await response.text();
|
|
184
|
+
return this.parseSkillMd(content, url);
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
throw new Error(`No SKILL.md found at ${url} (tried main and master branches)`);
|
|
188
|
+
}
|
|
189
|
+
|
|
174
190
|
// Convert GitHub URL to raw content URL
|
|
175
191
|
const rawUrl = this.convertToGitHubRaw(url);
|
|
176
192
|
|