skills 1.4.8 → 1.4.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.mjs +12 -1
- package/package.json +1 -1
package/dist/cli.mjs
CHANGED
|
@@ -2164,7 +2164,7 @@ async function tryBlobInstall(ownerRepo, options = {}) {
|
|
|
2164
2164
|
tree
|
|
2165
2165
|
};
|
|
2166
2166
|
}
|
|
2167
|
-
var version$1 = "1.4.
|
|
2167
|
+
var version$1 = "1.4.9";
|
|
2168
2168
|
const isCancelled$1 = (value) => typeof value === "symbol";
|
|
2169
2169
|
async function isSourcePrivate(source) {
|
|
2170
2170
|
const ownerRepo = parseOwnerRepo(source);
|
|
@@ -2645,6 +2645,16 @@ async function runAdd(args, options = {}) {
|
|
|
2645
2645
|
spinner.start("Parsing source...");
|
|
2646
2646
|
const parsed = parseSource(source);
|
|
2647
2647
|
spinner.stop(`Source: ${parsed.type === "local" ? parsed.localPath : parsed.url}${parsed.ref ? ` @ ${import_picocolors.default.yellow(parsed.ref)}` : ""}${parsed.subpath ? ` (${parsed.subpath})` : ""}${parsed.skillFilter ? ` ${import_picocolors.default.dim("@")}${import_picocolors.default.cyan(parsed.skillFilter)}` : ""}`);
|
|
2648
|
+
if (getOwnerRepo(parsed)?.split("/")[0]?.toLowerCase() === "openclaw" && !options.dangerouslyAcceptOpenclawRisks) {
|
|
2649
|
+
console.log();
|
|
2650
|
+
M.warn(import_picocolors.default.yellow(import_picocolors.default.bold("⚠ OpenClaw skills are unverified community submissions.")));
|
|
2651
|
+
M.message(import_picocolors.default.yellow("This source contains user-submitted skills that have not been reviewed for safety or quality."));
|
|
2652
|
+
M.message(import_picocolors.default.yellow("Skills run with full agent permissions and could be malicious."));
|
|
2653
|
+
console.log();
|
|
2654
|
+
M.message(`If you understand the risks, re-run with:\n\n ${import_picocolors.default.cyan(`npx skills add ${source} --dangerously-accept-openclaw-risks`)}\n`);
|
|
2655
|
+
Se(import_picocolors.default.red("Installation blocked"));
|
|
2656
|
+
process.exit(1);
|
|
2657
|
+
}
|
|
2648
2658
|
if (parsed.type === "well-known") {
|
|
2649
2659
|
await handleWellKnownSkills(source, parsed.url, options, spinner);
|
|
2650
2660
|
return;
|
|
@@ -3222,6 +3232,7 @@ function parseAddOptions(args) {
|
|
|
3222
3232
|
i--;
|
|
3223
3233
|
} else if (arg === "--full-depth") options.fullDepth = true;
|
|
3224
3234
|
else if (arg === "--copy") options.copy = true;
|
|
3235
|
+
else if (arg === "--dangerously-accept-openclaw-risks") options.dangerouslyAcceptOpenclawRisks = true;
|
|
3225
3236
|
else if (arg && !arg.startsWith("-")) source.push(arg);
|
|
3226
3237
|
}
|
|
3227
3238
|
return {
|