guardskills 1.1.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +24 -5
- package/dist/cli.cjs +524 -109
- package/dist/cli.js +524 -109
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# guardskills
|
|
2
2
|
|
|
3
|
-
`guardskills` is a security wrapper around `skills`
|
|
3
|
+
`guardskills` is a security wrapper around skill installation CLIs (`skills`, `playbooks`, `openskills`, `skillkit`).
|
|
4
4
|
|
|
5
5
|
GitHub: https://github.com/felixondesk/guardskills
|
|
6
6
|
|
|
@@ -16,12 +16,24 @@ use:
|
|
|
16
16
|
npx guardskills add https://github.com/vercel-labs/skills --skill find-skills
|
|
17
17
|
```
|
|
18
18
|
|
|
19
|
+
Or provider-prefixed wrappers:
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
npx guardskills skills add https://github.com/vercel-labs/skills --skill find-skills
|
|
23
|
+
npx guardskills skills add planetscale/database-skills
|
|
24
|
+
npx guardskills playbooks add skill anthropics/skills --skill frontend-design
|
|
25
|
+
npx guardskills openskills install anthropics/skills frontend-design
|
|
26
|
+
npx guardskills openskills install anthropics/skills
|
|
27
|
+
npx guardskills skillkit install rohitg00/skillkit dev-tools
|
|
28
|
+
npx guardskills skillkit install rohitg00/skillkit
|
|
29
|
+
```
|
|
30
|
+
|
|
19
31
|
## What It Does
|
|
20
32
|
|
|
21
33
|
1. Resolves a skill from GitHub.
|
|
22
34
|
2. Scans resolved files for malicious patterns.
|
|
23
35
|
3. Computes a risk decision (`SAFE`, `WARNING`, `UNSAFE`, `CRITICAL`, `UNVERIFIABLE`).
|
|
24
|
-
4. Proceeds to
|
|
36
|
+
4. Proceeds to the selected installer CLI only if gate policy allows.
|
|
25
37
|
|
|
26
38
|
## Security Notice
|
|
27
39
|
|
|
@@ -33,12 +45,19 @@ npx guardskills add https://github.com/vercel-labs/skills --skill find-skills
|
|
|
33
45
|
|
|
34
46
|
## Current Readiness
|
|
35
47
|
|
|
36
|
-
- Current stage: **stable (v1.
|
|
48
|
+
- Current stage: **stable (v1.2.1)**.
|
|
37
49
|
- Suitable for production use with standard security review practices.
|
|
38
50
|
|
|
39
51
|
## Implemented Features
|
|
40
52
|
|
|
41
|
-
- `guardskills add <repo> --skill <name>`
|
|
53
|
+
- `guardskills add <repo> --skill <name>` (legacy alias for `guardskills skills add`)
|
|
54
|
+
- `guardskills skills add <repo> --skill <name>`
|
|
55
|
+
- `guardskills skills add <repo>` (scan all discovered skills, then skills.sh interactive selection)
|
|
56
|
+
- `guardskills playbooks add skill <repo> --skill <name>`
|
|
57
|
+
- `guardskills openskills install <repo> <skill>`
|
|
58
|
+
- `guardskills openskills install <repo>` (scan all discovered skills, then openskills interactive selection)
|
|
59
|
+
- `guardskills skillkit install <repo> <skill>`
|
|
60
|
+
- `guardskills skillkit install <repo>` (scan all discovered skills, then skillkit install flow)
|
|
42
61
|
- `guardskills scan-local <path>`
|
|
43
62
|
- `guardskills scan-clawhub <identifier>`
|
|
44
63
|
- GitHub resolver (`owner/repo` and `https://github.com/...`)
|
|
@@ -61,7 +80,7 @@ npx guardskills add https://github.com/vercel-labs/skills --skill find-skills
|
|
|
61
80
|
- `--max-file-bytes`
|
|
62
81
|
- `--max-aux-files`
|
|
63
82
|
- `--max-total-files`
|
|
64
|
-
- Installer handoff to `npx skills
|
|
83
|
+
- Installer handoff to `npx skills|playbooks|openskills|skillkit ...` when allowed
|
|
65
84
|
- Structured resolver error taxonomy + retry/backoff
|
|
66
85
|
- Tests:
|
|
67
86
|
- fixture scanner tests (`safe`, `warning`, `malicious`, `prose-only`)
|