npm - skills - Versions diffs - 1.3.9 → 1.4.0 - Mend

skills 1.3.9 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -212,7 +212,7 @@ Skills can be installed to any of these agents:
 | Antigravity | `antigravity` | `.agent/skills/` | `~/.gemini/antigravity/skills/` |
 | Augment | `augment` | `.augment/skills/` | `~/.augment/skills/` |
 | Claude Code | `claude-code` | `.claude/skills/` | `~/.claude/skills/` |
-| OpenClaw | `openclaw` | `skills/` | `~/.moltbot/skills/` |
+| OpenClaw | `openclaw` | `skills/` | `~/.openclaw/skills/` |
 | Cline | `cline` | `.cline/skills/` | `~/.cline/skills/` |
 | CodeBuddy | `codebuddy` | `.codebuddy/skills/` | `~/.codebuddy/skills/` |
 | Codex | `codex` | `.agents/skills/` | `~/.codex/skills/` |
@@ -373,7 +373,7 @@ If no skills are found in standard locations, a recursive search is performed.
 Skills are generally compatible across agents since they follow a
 shared [Agent Skills specification](https://agentskills.io). However, some features may be agent-specific:
-| Feature         | OpenCode | OpenHands | Claude Code | Cline | CodeBuddy | Codex | Command Code | Kiro CLI | Cursor | Antigravity | Roo Code | Github Copilot | Amp | Clawdbot | Neovate | Pi  | Qoder | Zencoder |
+| Feature         | OpenCode | OpenHands | Claude Code | Cline | CodeBuddy | Codex | Command Code | Kiro CLI | Cursor | Antigravity | Roo Code | Github Copilot | Amp | OpenClaw | Neovate | Pi  | Qoder | Zencoder |
 | --------------- | -------- | --------- | ----------- | ----- | --------- | ----- | ------------ | -------- | ------ | ----------- | -------- | -------------- | --- | -------- | ------- | --- | ----- | -------- |
 | Basic skills    | Yes      | Yes       | Yes         | Yes   | Yes       | Yes   | Yes          | Yes      | Yes    | Yes         | Yes      | Yes            | Yes | Yes      | Yes     | Yes | Yes   | Yes      |
 | `allowed-tools` | Yes      | Yes       | Yes         | Yes   | Yes       | Yes   | Yes          | No       | Yes    | Yes         | Yes      | Yes            | Yes | Yes      | Yes     | Yes | Yes   | No       |
@@ -423,7 +423,7 @@ Telemetry is automatically disabled in CI environments.
 - [Antigravity Skills Documentation](https://antigravity.google/docs/skills)
 - [Factory AI / Droid Skills Documentation](https://docs.factory.ai/cli/configuration/skills)
 - [Claude Code Skills Documentation](https://code.claude.com/docs/en/skills)
-- [Clawdbot Skills Documentation](https://docs.clawd.bot/tools/skills)
+- [OpenClaw Skills Documentation](https://docs.openclaw.ai/tools/skills)
 - [Cline Skills Documentation](https://docs.cline.bot/features/skills)
 - [CodeBuddy Skills Documentation](https://www.codebuddy.ai/docs/ide/Features/Skills)
 - [Codex Skills Documentation](https://developers.openai.com/codex/skills)

package/dist/cli.mjs CHANGED Viewed

@@ -548,6 +548,12 @@ const home = homedir();
 const configHome = xdgConfig ?? join(home, ".config");
 const codexHome = process.env.CODEX_HOME?.trim() || join(home, ".codex");
 const claudeHome = process.env.CLAUDE_CONFIG_DIR?.trim() || join(home, ".claude");
+function getOpenClawGlobalSkillsDir(homeDir = home, pathExists = existsSync) {
+	if (pathExists(join(homeDir, ".openclaw"))) return join(homeDir, ".openclaw/skills");
+	if (pathExists(join(homeDir, ".clawdbot"))) return join(homeDir, ".clawdbot/skills");
+	if (pathExists(join(homeDir, ".moltbot"))) return join(homeDir, ".moltbot/skills");
+	return join(homeDir, ".openclaw/skills");
+}
 const agents = {
 	amp: {
 		name: "amp",
@@ -589,7 +595,7 @@ const agents = {
 		name: "openclaw",
 		displayName: "OpenClaw",
 		skillsDir: "skills",
-		globalSkillsDir: existsSync(join(home, ".openclaw")) ? join(home, ".openclaw/skills") : existsSync(join(home, ".clawdbot")) ? join(home, ".clawdbot/skills") : join(home, ".moltbot/skills"),
+		globalSkillsDir: getOpenClawGlobalSkillsDir(),
 		detectInstalled: async () => {
 			return existsSync(join(home, ".openclaw")) || existsSync(join(home, ".clawdbot")) || existsSync(join(home, ".moltbot"));
 		}
@@ -1362,6 +1368,7 @@ async function listInstalledSkills(options = {}) {
 	return Array.from(skillsMap.values());
 }
 const TELEMETRY_URL = "https://add-skill.vercel.sh/t";
+const AUDIT_URL = "https://add-skill.vercel.sh/audit";
 let cliVersion = null;
 function isCI() {
 	return !!(process.env.CI || process.env.GITHUB_ACTIONS || process.env.GITLAB_CI || process.env.CIRCLECI || process.env.TRAVIS || process.env.BUILDKITE || process.env.JENKINS_URL || process.env.TEAMCITY_VERSION);
@@ -1372,6 +1379,23 @@ function isEnabled() {
 function setVersion(version) {
 	cliVersion = version;
 }
+async function fetchAuditData(source, skillSlugs, timeoutMs = 3e3) {
+	if (skillSlugs.length === 0) return null;
+	try {
+		const params = new URLSearchParams({
+			source,
+			skills: skillSlugs.join(",")
+		});
+		const controller = new AbortController();
+		const timeout = setTimeout(() => controller.abort(), timeoutMs);
+		const response = await fetch(`${AUDIT_URL}?${params.toString()}`, { signal: controller.signal });
+		clearTimeout(timeout);
+		if (!response.ok) return null;
+		return await response.json();
+	} catch {
+		return null;
+	}
+}
 function track(data) {
 	if (!isEnabled()) return;
 	try {
@@ -1799,7 +1823,7 @@ async function saveSelectedAgents(agents) {
 	lock.lastSelectedAgents = agents;
 	await writeSkillLock(lock);
 }
-var version$1 = "1.3.9";
+var version$1 = "1.4.0";
 const isCancelled = (value) => typeof value === "symbol";
 async function isSourcePrivate(source) {
 	const ownerRepo = parseOwnerRepo(source);
@@ -1809,6 +1833,48 @@ async function isSourcePrivate(source) {
 function initTelemetry(version) {
 	setVersion(version);
 }
+function riskLabel(risk) {
+	switch (risk) {
+		case "critical": return import_picocolors.default.red(import_picocolors.default.bold("Critical Risk"));
+		case "high": return import_picocolors.default.red("High Risk");
+		case "medium": return import_picocolors.default.yellow("Med Risk");
+		case "low": return import_picocolors.default.green("Low Risk");
+		case "safe": return import_picocolors.default.green("Safe");
+		default: return import_picocolors.default.dim("--");
+	}
+}
+function socketLabel(audit) {
+	if (!audit) return import_picocolors.default.dim("--");
+	const count = audit.alerts ?? 0;
+	return count > 0 ? import_picocolors.default.red(`${count} alert${count !== 1 ? "s" : ""}`) : import_picocolors.default.green("0 alerts");
+}
+function padEnd(str, width) {
+	const visible = str.replace(/\x1b\[[0-9;]*m/g, "");
+	const pad = Math.max(0, width - visible.length);
+	return str + " ".repeat(pad);
+}
+function buildSecurityLines(auditData, skills, source) {
+	if (!auditData) return [];
+	if (!skills.some((s) => {
+		const data = auditData[s.slug];
+		return data && Object.keys(data).length > 0;
+	})) return [];
+	const nameWidth = Math.min(Math.max(...skills.map((s) => s.displayName.length)), 36);
+	const lines = [];
+	const header = padEnd("", nameWidth + 2) + padEnd(import_picocolors.default.dim("Gen"), 18) + padEnd(import_picocolors.default.dim("Socket"), 18) + import_picocolors.default.dim("Snyk");
+	lines.push(header);
+	for (const skill of skills) {
+		const data = auditData[skill.slug];
+		const name = skill.displayName.length > nameWidth ? skill.displayName.slice(0, nameWidth - 1) + "…" : skill.displayName;
+		const ath = data?.ath ? riskLabel(data.ath.risk) : import_picocolors.default.dim("--");
+		const socket = data?.socket ? socketLabel(data.socket) : import_picocolors.default.dim("--");
+		const snyk = data?.snyk ? riskLabel(data.snyk.risk) : import_picocolors.default.dim("--");
+		lines.push(padEnd(import_picocolors.default.cyan(name), nameWidth + 2) + padEnd(ath, 18) + padEnd(socket, 18) + snyk);
+	}
+	lines.push("");
+	lines.push(`${import_picocolors.default.dim("Details:")} ${import_picocolors.default.dim(`https://skills.sh/${source}`)}`);
+	return lines;
+}
 function shortenPath$1(fullPath, cwd) {
 	const home = homedir();
 	if (fullPath === home || fullPath.startsWith(home + sep)) return "~" + fullPath.slice(home.length);
@@ -2714,6 +2780,8 @@ async function runAdd(args, options = {}) {
 			}
 			selectedSkills = selected;
 		}
+		const ownerRepoForAudit = getOwnerRepo(parsed);
+		const auditPromise = ownerRepoForAudit ? fetchAuditData(ownerRepoForAudit, selectedSkills.map((s) => getSkillDisplayName(s))) : Promise.resolve(null);
 		let targetAgents;
 		const validAgents = Object.keys(agents);
 		if (options.agent?.includes("*")) {
@@ -2832,6 +2900,16 @@ async function runAdd(args, options = {}) {
 		}
 		console.log();
 		Me(summaryLines.join("\n"), "Installation Summary");
+		try {
+			const auditData = await auditPromise;
+			if (auditData && ownerRepoForAudit) {
+				const securityLines = buildSecurityLines(auditData, selectedSkills.map((s) => ({
+					slug: getSkillDisplayName(s),
+					displayName: getSkillDisplayName(s)
+				})), ownerRepoForAudit);
+				if (securityLines.length > 0) Me(securityLines.join("\n"), "Security Risk Assessments");
+			}
+		} catch {}
 		if (!options.yes) {
 			const confirmed = await ye({ message: "Proceed with installation?" });
 			if (pD(confirmed) || !confirmed) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "skills",
-  "version": "1.3.9",
+  "version": "1.4.0",
   "description": "The open agent skills ecosystem",
   "type": "module",
   "bin": {