skillsio 1.1.1 → 1.1.2

package/README.md

@@ -50,6 +50,23 @@ domain patterns that regex rules can't — letting you eyeball where a skill wan
 With `--yes`, URL-only prompts are auto-continued. Skills with high/critical findings always show URLs alongside the
 findings summary.
 
+### Third-Party Audits via skills.sh
+
+For GitHub-sourced skills, the CLI automatically checks [skills.sh](https://skills.sh) — Vercel's official skill
+directory — which runs independent third-party security audits from three auditors: **Snyk**, **Socket**, and
+**Gen Agent Trust Hub**. Results appear alongside local scan output:
+
+```
+  ◆ skills.sh: 3 audits  [Snyk ✗]  [Socket ✓]  [Trust Hub ✗]
+    https://skills.sh/inference-sh-3/skills/agent-tools
+```
+
+- Green ✓ = auditor passed, Red ✗ = auditor failed, Dim ~ = no result yet
+- If any auditor returns a **Fail** verdict, severity is escalated to at least **High**, triggering a confirmation
+  prompt
+- skills.sh lookup runs in parallel with VT and never blocks installation on error (graceful fallback)
+- Only fires for GitHub-sourced skills that are listed on skills.sh — silent for everything else
+
 ### Optional: VirusTotal Integration
 
 When a [VirusTotal](https://www.virustotal.com/) API key is provided, the CLI also hashes each skill's content
@@ -306,10 +323,12 @@ pnpm format           # Format code with Prettier
 - `src/scanner.ts` — Rules engine. Defines ~81 regex rules across 8 threat categories, a correlation engine for
   multi-signal detection, and optional deep taint analysis integration. Supports loading external rules from JSON
   files via `--rules`.
-- `src/scanner-ui.ts` — Presentation layer. Displays findings by severity, runs optional VT lookups, handles
-  escalation logic and user confirmation prompts.
+- `src/scanner-ui.ts` — Presentation layer. Displays findings by severity, runs VT and skills.sh lookups in parallel,
+  handles escalation logic and user confirmation prompts.
 - `src/vt.ts` — VirusTotal API client. SHA-256 hashing, `GET /api/v3/files/{hash}` lookup, verdict mapping, graceful
   error handling.
+- `src/skills-sh.ts` — skills.sh audit client. Fetches and HTML-parses third-party audit results (Snyk, Socket, Gen
+  Agent Trust Hub) for GitHub-sourced skills with a 5-second timeout; always resolves gracefully.
 - `src/deep-scan/` — Deep taint analysis engine (enabled via `--deep-scan`). Regex-based tokenizers extract sources,
   sinks, and assignments from Python/JS/TS files; a forward taint tracker propagates data flow; a cross-file analyzer
   detects multi-file attack patterns via import graph analysis. See [docs/deep-scan.md](docs/deep-scan.md).
@@ -318,6 +337,13 @@ pnpm format           # Format code with Prettier
 
 ## Changelog
 
+### 1.1.2
+
+- **skills.sh audit integration**: for GitHub-sourced skills, the CLI now fetches third-party audit results from
+  [skills.sh](https://skills.sh) (Snyk, Socket, Gen Agent Trust Hub) and displays them alongside local scan output
+- A skills.sh Fail verdict from any auditor escalates severity to at least High, triggering a confirmation prompt
+- Lookups run in parallel with VirusTotal and fail silently on any network or parse error
+
 ### 1.1.1
 
 - Removed anonymous usage telemetry inherited from the original Vercel `skills` CLI

package/dist/cli.mjs

@@ -29,6 +29,14 @@ function getOwnerRepo(parsed) {
 	} catch {}
 	return null;
 }
+function parseOwnerRepo(ownerRepo) {
+	const match = ownerRepo.match(/^([^/]+)\/([^/]+)$/);
+	if (match) return {
+		owner: match[1],
+		repo: match[2]
+	};
+	return null;
+}
 async function isRepoPrivate(owner, repo) {
 	try {
 		const res = await fetch(`https://api.github.com/repos/${owner}/${repo}`);
@@ -3247,7 +3255,7 @@ function extractRemoteSkillFiles(remoteSkill) {
 function extractWellKnownSkillFiles(skill) {
 	return skill.files;
 }
-const NOT_FOUND = {
+const NOT_FOUND$1 = {
 	found: false,
 	verdict: "unknown",
 	maliciousCount: 0,
@@ -3258,19 +3266,19 @@ async function lookupFileHash(sha256, apiKey) {
 	try {
 		response = await fetch(`https://www.virustotal.com/api/v3/files/${sha256}`, { headers: { "x-apikey": apiKey } });
 	} catch {
-		return NOT_FOUND;
+		return NOT_FOUND$1;
 	}
-	if (response.status === 404) return NOT_FOUND;
-	if (response.status === 429) return NOT_FOUND;
-	if (!response.ok) return NOT_FOUND;
+	if (response.status === 404) return NOT_FOUND$1;
+	if (response.status === 429) return NOT_FOUND$1;
+	if (!response.ok) return NOT_FOUND$1;
 	let body;
 	try {
 		body = await response.json();
 	} catch {
-		return NOT_FOUND;
+		return NOT_FOUND$1;
 	}
 	const attrs = body.data?.attributes;
-	if (!attrs) return NOT_FOUND;
+	if (!attrs) return NOT_FOUND$1;
 	const stats = attrs.last_analysis_stats;
 	const maliciousCount = stats?.malicious ?? 0;
 	const totalEngines = stats ? Object.values(stats).reduce((sum, n) => sum + n, 0) : 0;
@@ -3296,6 +3304,64 @@ async function lookupFileHash(sha256, apiKey) {
 async function checkSkillOnVT(skillContent, apiKey) {
 	return lookupFileHash(createHash("sha256").update(skillContent).digest("hex"), apiKey);
 }
+const AUDITORS = [
+	{
+		id: "snyk",
+		displayName: "Snyk"
+	},
+	{
+		id: "socket",
+		displayName: "Socket"
+	},
+	{
+		id: "agent-trust-hub",
+		displayName: "Gen Agent Trust Hub"
+	}
+];
+const NOT_FOUND = {
+	found: false,
+	permalink: "",
+	audits: [],
+	anyFail: false
+};
+function parseAudits(html, baseUrl) {
+	return AUDITORS.map(({ id, displayName }) => {
+		const pattern = new RegExp(`\\/security\\/${id}[^]{0,400}?\\b(Pass|Fail)\\b`, "is");
+		const match = html.match(pattern);
+		let status = "unknown";
+		if (match) status = match[1].toLowerCase() === "pass" ? "pass" : "fail";
+		return {
+			auditor: id,
+			displayName,
+			status,
+			permalink: `${baseUrl}/security/${id}`
+		};
+	});
+}
+async function checkSkillOnSkillsSh(source) {
+	const { owner, repo, skillFolder } = source;
+	const permalink = `https://skills.sh/${owner}/${repo}/${skillFolder}`;
+	try {
+		const controller = new AbortController();
+		const timeout = setTimeout(() => controller.abort(), 5e3);
+		let response;
+		try {
+			response = await fetch(permalink, { signal: controller.signal });
+		} finally {
+			clearTimeout(timeout);
+		}
+		if (!response.ok) return NOT_FOUND;
+		const audits = parseAudits(await response.text(), permalink);
+		return {
+			found: true,
+			permalink,
+			audits,
+			anyFail: audits.some((a) => a.status === "fail")
+		};
+	} catch {
+		return NOT_FOUND;
+	}
+}
 const SEVERITY_LABELS = {
 	critical: import_picocolors.default.bgRed(import_picocolors.default.white(import_picocolors.default.bold(" CRITICAL "))),
 	high: import_picocolors.default.red(import_picocolors.default.bold("HIGH")),
@@ -3324,6 +3390,17 @@ function displayVTVerdict(verdict) {
 	}
 	if (verdict.permalink) M.message(import_picocolors.default.dim(`    ${verdict.permalink}`));
 }
+function displaySkillsShResult(result) {
+	if (!result.found || result.audits.length === 0) return;
+	const badges = result.audits.map((a) => {
+		const name = a.auditor === "agent-trust-hub" ? "Trust Hub" : a.displayName;
+		if (a.status === "pass") return `[${import_picocolors.default.green(`${name} ✓`)}]`;
+		if (a.status === "fail") return `[${import_picocolors.default.red(`${name} ✗`)}]`;
+		return `[${import_picocolors.default.dim(`${name} ~`)}]`;
+	}).join("  ");
+	M.message(`  ${import_picocolors.default.cyan("◆")} skills.sh: ${result.audits.length} audits  ${badges}`);
+	M.message(import_picocolors.default.dim(`    ${result.permalink}`));
+}
 async function presentScanResults(results, options) {
 	const allFindings = results.flatMap((r) => r.findings.map((f) => ({
 		...f,
@@ -3331,15 +3408,26 @@ async function presentScanResults(results, options) {
 	})));
 	const allUrls = [...new Set(results.flatMap((r) => r.urls))];
 	const vtVerdicts = /* @__PURE__ */ new Map();
+	const skillsShResults = /* @__PURE__ */ new Map();
 	let vtEscalate = false;
-	if (options.vtKey && options.skillContents) for (const [skillName, content] of options.skillContents) try {
-		const verdict = await checkSkillOnVT(content, options.vtKey);
-		vtVerdicts.set(skillName, verdict);
-		if (verdict.found && verdict.verdict === "malicious") vtEscalate = true;
-	} catch {}
-	if (allFindings.length === 0 && !vtEscalate) {
+	let skillsShEscalate = false;
+	await Promise.all([(async () => {
+		if (options.vtKey && options.skillContents) for (const [skillName, content] of options.skillContents) try {
+			const verdict = await checkSkillOnVT(content, options.vtKey);
+			vtVerdicts.set(skillName, verdict);
+			if (verdict.found && verdict.verdict === "malicious") vtEscalate = true;
+		} catch {}
+	})(), (async () => {
+		if (options.skillsShSources) await Promise.all([...options.skillsShSources.entries()].map(async ([skillName, source]) => {
+			const result = await checkSkillOnSkillsSh(source);
+			skillsShResults.set(skillName, result);
+			if (result.anyFail) skillsShEscalate = true;
+		}));
+	})()]);
+	if (allFindings.length === 0 && !vtEscalate && !skillsShEscalate) {
 		M.success(import_picocolors.default.green("Security scan passed — no issues found"));
 		if (vtVerdicts.size > 0) for (const [, verdict] of vtVerdicts) displayVTVerdict(verdict);
+		for (const [, result] of skillsShResults) displaySkillsShResult(result);
 		if (allUrls.length > 0) return displayUrlsAndPrompt(allUrls, options);
 		return true;
 	}
@@ -3363,6 +3451,10 @@ async function presentScanResults(results, options) {
 		console.log();
 		for (const [, verdict] of vtVerdicts) displayVTVerdict(verdict);
 	}
+	if (skillsShResults.size > 0) {
+		console.log();
+		for (const [, result] of skillsShResults) displaySkillsShResult(result);
+	}
 	if (allUrls.length > 0) {
 		console.log();
 		M.info(`External URLs found in skill files (${allUrls.length}):`);
@@ -3370,6 +3462,7 @@ async function presentScanResults(results, options) {
 	}
 	console.log();
 	if (vtEscalate) overallMax = "critical";
+	if (skillsShEscalate && SEVERITY_ORDER[overallMax] < SEVERITY_ORDER["high"]) overallMax = "high";
 	if (SEVERITY_ORDER[overallMax] <= SEVERITY_ORDER["medium"]) {
 		M.info(import_picocolors.default.dim("Low/medium severity findings — proceeding with installation"));
 		return true;
@@ -3414,6 +3507,24 @@ function resolveExternalRules(options) {
 	_externalRulesCache.set(key, loaded);
 	return loaded;
 }
+function buildSkillsShSourcesForRemote(remoteSkill, _url) {
+	const sourceUrl = remoteSkill.sourceUrl;
+	if (!sourceUrl || !sourceUrl.includes("github.com")) return void 0;
+	try {
+		const parts = new URL(sourceUrl).pathname.slice(1).replace(/\.git$/, "").split("/").filter(Boolean);
+		const ownerRepo = parseOwnerRepo(parts.slice(0, 2).join("/"));
+		if (!ownerRepo) return void 0;
+		const skillFolder = parts.length > 2 ? parts.at(-1) : remoteSkill.installName;
+		const sources = /* @__PURE__ */ new Map();
+		sources.set(remoteSkill.installName, {
+			...ownerRepo,
+			skillFolder
+		});
+		return sources;
+	} catch {
+		return;
+	}
+}
 function shortenPath$1(fullPath, cwd) {
 	const home = homedir();
 	if (fullPath === home || fullPath.startsWith(home + sep)) return "~" + fullPath.slice(home.length);
@@ -3673,10 +3784,12 @@ async function handleRemoteSkill(source, url, options, spinner) {
 		});
 		const vtKey = options.vtKey || process.env.VT_API_KEY;
 		const skillContents = vtKey ? new Map([[remoteSkill.installName, remoteSkill.content]]) : void 0;
+		const skillsShSources = buildSkillsShSourcesForRemote(remoteSkill, url);
 		if (!await presentScanResults([scanResult], {
 			yes: options.yes,
 			vtKey,
-			skillContents
+			skillContents,
+			skillsShSources
 		})) {
 			xe("Installation cancelled due to security concerns");
 			process.exit(0);
@@ -4485,10 +4598,24 @@ async function runAdd(args, options = {}) {
 				}
 			}
 			spinner.stop("Security scan complete");
+			const skillsShSources = /* @__PURE__ */ new Map();
+			if (parsed.type === "github") {
+				const ownerRepoStr = getOwnerRepo(parsed);
+				const ownerRepo = ownerRepoStr ? parseOwnerRepo(ownerRepoStr) : null;
+				if (ownerRepo) for (const skill of selectedSkills) {
+					const displayName = getSkillDisplayName(skill);
+					const skillFolder = skill.path.split("/").at(-1) ?? skill.name;
+					skillsShSources.set(displayName, {
+						...ownerRepo,
+						skillFolder
+					});
+				}
+			}
 			if (!await presentScanResults(scanResults, {
 				yes: options.yes,
 				vtKey,
-				skillContents
+				skillContents,
+				skillsShSources: skillsShSources.size > 0 ? skillsShSources : void 0
 			})) {
 				xe("Installation cancelled due to security concerns");
 				await cleanup(tempDir);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "skillsio",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "description": "The SECURE open agent skills ecosystem",
   "type": "module",
   "bin": {