skill-checker 0.1.11 → 0.1.12

package/dist/cli.js

@@ -328,6 +328,70 @@ var structuralChecks = {
   }
 };
 
+// src/types.ts
+var SEVERITY_SCORES = {
+  CRITICAL: 25,
+  HIGH: 10,
+  MEDIUM: 3,
+  LOW: 1
+};
+function computeGrade(score) {
+  if (score >= 90) return "A";
+  if (score >= 75) return "B";
+  if (score >= 60) return "C";
+  if (score >= 40) return "D";
+  return "F";
+}
+var REDUCE_MAP = {
+  CRITICAL: "HIGH",
+  HIGH: "MEDIUM",
+  MEDIUM: "LOW",
+  LOW: "LOW"
+};
+function reduceSeverity(original, reason) {
+  let reduced = REDUCE_MAP[original];
+  if (original === "CRITICAL" && reduced === "LOW") {
+    reduced = "MEDIUM";
+  }
+  return {
+    severity: reduced,
+    reducedFrom: original,
+    annotation: `[reduced: ${reason}]`
+  };
+}
+var DEFAULT_CONFIG = {
+  policy: "balanced",
+  overrides: {},
+  ignore: []
+};
+function getHookAction(policy, severity) {
+  const matrix = {
+    strict: {
+      CRITICAL: "deny",
+      HIGH: "deny",
+      MEDIUM: "ask",
+      LOW: "report"
+    },
+    balanced: {
+      CRITICAL: "deny",
+      HIGH: "ask",
+      MEDIUM: "report",
+      LOW: "report"
+    },
+    permissive: {
+      CRITICAL: "ask",
+      HIGH: "report",
+      MEDIUM: "report",
+      LOW: "report"
+    }
+  };
+  const row = matrix[policy];
+  if (!row) {
+    return matrix.balanced[severity];
+  }
+  return row[severity];
+}
+
 // src/utils/context.ts
 function isInCodeBlock(lines, lineIndex) {
   let inBlock = false;
@@ -391,6 +455,49 @@ function isLicenseFile(filePath) {
 function isLocalhostURL(url) {
   return /^https?:\/\/(localhost|127\.0\.0\.1|0\.0\.0\.0|\[::1\])/i.test(url);
 }
+function isInEducationalContext(lines, lineIndex) {
+  const line = lines[lineIndex];
+  if (/^#{1,6}\s+/.test(line)) return true;
+  if (/^\s*[-*]?\s*(\*\*[^*]+\*\*\s*:|[A-Z][^:]{0,40}:)\s/.test(line))
+    return true;
+  for (let i = lineIndex; i >= Math.max(0, lineIndex - 15); i--) {
+    if (/^#{1,4}\s+.*(strateg|guide|framework|structure|model|overview|comparison|concept|principle|example|tutorial|reference|approach|method)/i.test(
+      lines[i]
+    )) {
+      return true;
+    }
+  }
+  return false;
+}
+var PROMOTIONAL_INTENT_PATTERNS = [
+  /\d+%\s*off\b/i,
+  /\blimited\s+time\b/i,
+  /\bact\s+now\b/i,
+  /\bhurry\b/i,
+  /\btoday\s+only\b/i,
+  /\bdon'?t\s+miss\b/i,
+  /\bsave\s+\d+%/i,
+  /\bexclusive\s+(offer|deal)\b/i,
+  /\bsign\s+up\s+(now|today)\b/i,
+  /\bget\s+started\b/i,
+  /\bclaim\s+(now|yours?)\b/i,
+  /\boffer\s+ends?\b/i,
+  /\blast\s+chance\b/i,
+  /\bonly\s+\d+\s+left\b/i,
+  /\bends?\s+in\s+\d+/i,
+  /\bstart\s+(your\s+)?free\s+trial\b/i
+];
+function hasPromotionalIntent(line) {
+  return PROMOTIONAL_INTENT_PATTERNS.some((p) => p.test(line));
+}
+function hasPromotionalIntentNearby(lines, lineIndex, window = 3) {
+  const start = Math.max(0, lineIndex - window);
+  const end = Math.min(lines.length - 1, lineIndex + window);
+  for (let i = start; i <= end; i++) {
+    if (hasPromotionalIntent(lines[i])) return true;
+  }
+  return false;
+}
 function parseURLPath(url) {
   try {
     const u = new URL(url);
@@ -422,16 +529,18 @@ var LOREM_PATTERNS = [
   /dolor\s+sit\s+amet/i,
   /consectetur\s+adipiscing/i
 ];
-var AD_PATTERNS = [
+var STRONG_AD_PATTERNS = [
   /\bbuy\s+now\b/i,
-  /\bfree\s+trial\b/i,
+  /\bclick\s+here\s+to\s+(buy|subscribe|download)/i,
+  /\buse\s+code\b.*\b\d+%?\s*off\b/i
+];
+var SOFT_AD_PATTERNS = [
   /\bdiscount\b/i,
+  /\bfree\s+trial\b/i,
   /\bpromo\s*code\b/i,
   /\bsubscribe\s+(to|now)\b/i,
   /\bsponsored\s+by\b/i,
   /\baffiliate\s+link\b/i,
-  /\bclick\s+here\s+to\s+(buy|subscribe|download)/i,
-  /\buse\s+code\b.*\b\d+%?\s*off\b/i,
   /\bcheck\s+out\s+my\b/i
 ];
 var contentChecks = {
@@ -496,7 +605,8 @@ var contentChecks = {
     checkDescriptionMismatch(results, skill);
     for (let i = 0; i < skill.bodyLines.length; i++) {
       const line = skill.bodyLines[i];
-      for (const pattern of AD_PATTERNS) {
+      let matched = false;
+      for (const pattern of STRONG_AD_PATTERNS) {
         if (pattern.test(line)) {
           results.push({
             id: "CONT-005",
@@ -505,8 +615,43 @@ var contentChecks = {
             title: "Promotional/advertising content",
             message: `Line ${skill.bodyStartLine + i}: Contains ad-like content.`,
             line: skill.bodyStartLine + i,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
+          matched = true;
+          break;
+        }
+      }
+      if (matched) continue;
+      for (const pattern of SOFT_AD_PATTERNS) {
+        if (pattern.test(line)) {
+          const inCode = isInCodeBlock(skill.bodyLines, i);
+          const inEducational = isInEducationalContext(skill.bodyLines, i);
+          if ((inCode || inEducational) && !hasPromotionalIntentNearby(skill.bodyLines, i)) {
+            const reduction = reduceSeverity("HIGH", "educational/descriptive context");
+            results.push({
+              id: "CONT-005",
+              category: "CONT",
+              severity: reduction.severity,
+              title: "Promotional/advertising content",
+              message: `Line ${skill.bodyStartLine + i}: Contains ad-like content. ${reduction.annotation}`,
+              line: skill.bodyStartLine + i,
+              snippet: line.trim().slice(0, 120),
+              reducedFrom: reduction.reducedFrom,
+              source: "SKILL.md"
+            });
+          } else {
+            results.push({
+              id: "CONT-005",
+              category: "CONT",
+              severity: "HIGH",
+              title: "Promotional/advertising content",
+              message: `Line ${skill.bodyStartLine + i}: Contains ad-like content.`,
+              line: skill.bodyStartLine + i,
+              snippet: line.trim().slice(0, 120),
+              source: "SKILL.md"
+            });
+          }
           break;
         }
       }
@@ -985,70 +1130,6 @@ function dedup(results) {
   });
 }
 
-// src/types.ts
-var SEVERITY_SCORES = {
-  CRITICAL: 25,
-  HIGH: 10,
-  MEDIUM: 3,
-  LOW: 1
-};
-function computeGrade(score) {
-  if (score >= 90) return "A";
-  if (score >= 75) return "B";
-  if (score >= 60) return "C";
-  if (score >= 40) return "D";
-  return "F";
-}
-var REDUCE_MAP = {
-  CRITICAL: "HIGH",
-  HIGH: "MEDIUM",
-  MEDIUM: "LOW",
-  LOW: "LOW"
-};
-function reduceSeverity(original, reason) {
-  let reduced = REDUCE_MAP[original];
-  if (original === "CRITICAL" && reduced === "LOW") {
-    reduced = "MEDIUM";
-  }
-  return {
-    severity: reduced,
-    reducedFrom: original,
-    annotation: `[reduced: ${reason}]`
-  };
-}
-var DEFAULT_CONFIG = {
-  policy: "balanced",
-  overrides: {},
-  ignore: []
-};
-function getHookAction(policy, severity) {
-  const matrix = {
-    strict: {
-      CRITICAL: "deny",
-      HIGH: "deny",
-      MEDIUM: "ask",
-      LOW: "report"
-    },
-    balanced: {
-      CRITICAL: "deny",
-      HIGH: "ask",
-      MEDIUM: "report",
-      LOW: "report"
-    },
-    permissive: {
-      CRITICAL: "ask",
-      HIGH: "report",
-      MEDIUM: "report",
-      LOW: "report"
-    }
-  };
-  const row = matrix[policy];
-  if (!row) {
-    return matrix.balanced[severity];
-  }
-  return row[severity];
-}
-
 // src/checks/code-safety.ts
 var EVAL_PATTERNS = [
   /\beval\s*\(/,
@@ -1535,7 +1616,7 @@ var DEFAULT_IOC = {
     "45.155.205.233"
   ],
   malicious_hashes: {
-    // NOTE: Never add the SHA-256 of an empty file (e3b0c44298fc...b855)
+    // NOTE: Never add the SHA256 of an empty file (e3b0c44298fc...b855)
     // as it causes false positives on any empty file.
     "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2": "clawhavoc-exfiltrator"
   },