aig-skill-scan 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- aig_skill_scan-0.1.0/LICENSE +202 -0
- aig_skill_scan-0.1.0/NOTICE +13 -0
- aig_skill_scan-0.1.0/PKG-INFO +218 -0
- aig_skill_scan-0.1.0/README.md +176 -0
- aig_skill_scan-0.1.0/aig_skill_scan.egg-info/PKG-INFO +218 -0
- aig_skill_scan-0.1.0/aig_skill_scan.egg-info/SOURCES.txt +61 -0
- aig_skill_scan-0.1.0/aig_skill_scan.egg-info/dependency_links.txt +1 -0
- aig_skill_scan-0.1.0/aig_skill_scan.egg-info/entry_points.txt +2 -0
- aig_skill_scan-0.1.0/aig_skill_scan.egg-info/requires.txt +11 -0
- aig_skill_scan-0.1.0/aig_skill_scan.egg-info/top_level.txt +1 -0
- aig_skill_scan-0.1.0/pyproject.toml +120 -0
- aig_skill_scan-0.1.0/setup.cfg +4 -0
- aig_skill_scan-0.1.0/skill_scan/__init__.py +14 -0
- aig_skill_scan-0.1.0/skill_scan/__main__.py +6 -0
- aig_skill_scan-0.1.0/skill_scan/agent/__init__.py +0 -0
- aig_skill_scan-0.1.0/skill_scan/agent/agent.py +495 -0
- aig_skill_scan-0.1.0/skill_scan/agent/base_agent.py +425 -0
- aig_skill_scan-0.1.0/skill_scan/main.py +200 -0
- aig_skill_scan-0.1.0/skill_scan/prompt/agents/code_audit.md +114 -0
- aig_skill_scan-0.1.0/skill_scan/prompt/agents/project_summary.md +48 -0
- aig_skill_scan-0.1.0/skill_scan/prompt/agents/vuln_review.md +147 -0
- aig_skill_scan-0.1.0/skill_scan/prompt/compact.md +69 -0
- aig_skill_scan-0.1.0/skill_scan/prompt/format_report.md +13 -0
- aig_skill_scan-0.1.0/skill_scan/prompt/next_prompt.md +1 -0
- aig_skill_scan-0.1.0/skill_scan/prompt/system_prompt.md +61 -0
- aig_skill_scan-0.1.0/skill_scan/py.typed +0 -0
- aig_skill_scan-0.1.0/skill_scan/tools/__init__.py +9 -0
- aig_skill_scan-0.1.0/skill_scan/tools/base64_decode/__init__.py +0 -0
- aig_skill_scan-0.1.0/skill_scan/tools/base64_decode/base64_decode_actions.py +76 -0
- aig_skill_scan-0.1.0/skill_scan/tools/base64_decode/base64_decode_actions_schema.xml +22 -0
- aig_skill_scan-0.1.0/skill_scan/tools/dir/__init__.py +0 -0
- aig_skill_scan-0.1.0/skill_scan/tools/dir/dir_actions.py +86 -0
- aig_skill_scan-0.1.0/skill_scan/tools/dir/dir_actions_schema.xml +34 -0
- aig_skill_scan-0.1.0/skill_scan/tools/dispatcher.py +80 -0
- aig_skill_scan-0.1.0/skill_scan/tools/file/__init__.py +5 -0
- aig_skill_scan-0.1.0/skill_scan/tools/file/read_file.py +181 -0
- aig_skill_scan-0.1.0/skill_scan/tools/file/read_file_schema.xml +63 -0
- aig_skill_scan-0.1.0/skill_scan/tools/file/write_file.py +52 -0
- aig_skill_scan-0.1.0/skill_scan/tools/finish/__init__.py +4 -0
- aig_skill_scan-0.1.0/skill_scan/tools/finish/finish_actions.py +17 -0
- aig_skill_scan-0.1.0/skill_scan/tools/finish/finish_actions_schema.xml +11 -0
- aig_skill_scan-0.1.0/skill_scan/tools/grep/__init__.py +0 -0
- aig_skill_scan-0.1.0/skill_scan/tools/grep/grep_actions.py +107 -0
- aig_skill_scan-0.1.0/skill_scan/tools/grep/grep_actions_schema.xml +56 -0
- aig_skill_scan-0.1.0/skill_scan/tools/ls/__init__.py +0 -0
- aig_skill_scan-0.1.0/skill_scan/tools/ls/ls_actions.py +78 -0
- aig_skill_scan-0.1.0/skill_scan/tools/ls/ls_actions_schema.xml +31 -0
- aig_skill_scan-0.1.0/skill_scan/tools/registry.py +160 -0
- aig_skill_scan-0.1.0/skill_scan/tools/thinking/__init__.py +4 -0
- aig_skill_scan-0.1.0/skill_scan/tools/thinking/thinking_actions.py +55 -0
- aig_skill_scan-0.1.0/skill_scan/tools/thinking/thinking_actions_schema.xml +85 -0
- aig_skill_scan-0.1.0/skill_scan/utils/__init__.py +0 -0
- aig_skill_scan-0.1.0/skill_scan/utils/aig_logger.py +107 -0
- aig_skill_scan-0.1.0/skill_scan/utils/config.py +77 -0
- aig_skill_scan-0.1.0/skill_scan/utils/extract_vuln.py +104 -0
- aig_skill_scan-0.1.0/skill_scan/utils/llm.py +112 -0
- aig_skill_scan-0.1.0/skill_scan/utils/llm_manager.py +133 -0
- aig_skill_scan-0.1.0/skill_scan/utils/loging.py +31 -0
- aig_skill_scan-0.1.0/skill_scan/utils/parse.py +237 -0
- aig_skill_scan-0.1.0/skill_scan/utils/pre_scan.py +150 -0
- aig_skill_scan-0.1.0/skill_scan/utils/project_analyzer.py +119 -0
- aig_skill_scan-0.1.0/skill_scan/utils/prompt_manager.py +61 -0
- aig_skill_scan-0.1.0/skill_scan/utils/tool_context.py +77 -0
|
@@ -0,0 +1,202 @@
|
|
|
1
|
+
Apache License
|
|
2
|
+
Version 2.0, January 2004
|
|
3
|
+
http://www.apache.org/licenses/
|
|
4
|
+
|
|
5
|
+
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
|
6
|
+
|
|
7
|
+
1. Definitions.
|
|
8
|
+
|
|
9
|
+
"License" shall mean the terms and conditions for use, reproduction,
|
|
10
|
+
and distribution as defined by Sections 1 through 9 of this document.
|
|
11
|
+
|
|
12
|
+
"Licensor" shall mean the copyright owner or entity authorized by
|
|
13
|
+
the copyright owner that is granting the License.
|
|
14
|
+
|
|
15
|
+
"Legal Entity" shall mean the union of the acting entity and all
|
|
16
|
+
other entities that control, are controlled by, or are under common
|
|
17
|
+
control with that entity. For the purposes of this definition,
|
|
18
|
+
"control" means (i) the power, direct or indirect, to cause the
|
|
19
|
+
direction or management of such entity, whether by contract or
|
|
20
|
+
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
|
21
|
+
outstanding shares, or (iii) beneficial ownership of such entity.
|
|
22
|
+
|
|
23
|
+
"You" (or "Your") shall mean an individual or Legal Entity
|
|
24
|
+
exercising permissions granted by this License.
|
|
25
|
+
|
|
26
|
+
"Source" form shall mean the preferred form for making modifications,
|
|
27
|
+
including but not limited to software source code, documentation
|
|
28
|
+
source, and configuration files.
|
|
29
|
+
|
|
30
|
+
"Object" form shall mean any form resulting from mechanical
|
|
31
|
+
transformation or translation of a Source form, including but
|
|
32
|
+
not limited to compiled object code, generated documentation,
|
|
33
|
+
and conversions to other media types.
|
|
34
|
+
|
|
35
|
+
"Work" shall mean the work of authorship, whether in Source or
|
|
36
|
+
Object form, made available under the License, as indicated by a
|
|
37
|
+
copyright notice that is included in or attached to the work
|
|
38
|
+
(an example is provided in the Appendix below).
|
|
39
|
+
|
|
40
|
+
"Derivative Works" shall mean any work, whether in Source or Object
|
|
41
|
+
form, that is based on (or derived from) the Work and for which the
|
|
42
|
+
editorial revisions, annotations, elaborations, or other modifications
|
|
43
|
+
represent, as a whole, an original work of authorship. For the
|
|
44
|
+
purposes of this License, Derivative Works shall not include works
|
|
45
|
+
that remain separable from, or merely link (or bind by name) to the
|
|
46
|
+
interfaces of, the Work and Derivative Works thereof.
|
|
47
|
+
|
|
48
|
+
"Contribution" shall mean, as used in this License, any work of
|
|
49
|
+
authorship, including the original version of the Work and any
|
|
50
|
+
modifications or additions to that Work or Derivative Works of the
|
|
51
|
+
Work, that is intentionally submitted to the Licensor for inclusion
|
|
52
|
+
in the Work by the copyright owner or by an individual or Legal
|
|
53
|
+
Entity authorized to submit on behalf of the copyright owner. For
|
|
54
|
+
the purposes of this definition, "submitted" means any form of
|
|
55
|
+
electronic, verbal, or written communication sent to the Licensor or
|
|
56
|
+
its representatives, including but not limited to communication on
|
|
57
|
+
electronic mailing lists, source code control systems, and issue
|
|
58
|
+
tracking systems that are managed by, or on behalf of, the Licensor
|
|
59
|
+
for the purpose of discussing and improving the Work, but excluding
|
|
60
|
+
communication that is conspicuously marked or otherwise designated
|
|
61
|
+
in writing by the copyright owner as "Not a Contribution."
|
|
62
|
+
|
|
63
|
+
"Contributor" shall mean Licensor and any individual or Legal Entity
|
|
64
|
+
on behalf of whom a Contribution has been received by the Licensor
|
|
65
|
+
and subsequently incorporated within the Work.
|
|
66
|
+
|
|
67
|
+
2. Grant of Copyright License. Subject to the terms and conditions of
|
|
68
|
+
this License, each Contributor hereby grants to You a perpetual,
|
|
69
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
|
70
|
+
copyright license to reproduce, prepare Derivative Works of,
|
|
71
|
+
publicly display, publicly perform, sublicense, and distribute the
|
|
72
|
+
Work and such Derivative Works in Source or Object form.
|
|
73
|
+
|
|
74
|
+
3. Grant of Patent License. Subject to the terms and conditions of
|
|
75
|
+
this License, each Contributor hereby grants to You a perpetual,
|
|
76
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
|
77
|
+
(except as stated in this section) patent license to make, have
|
|
78
|
+
made, use, offer to sell, sell, import, and otherwise transfer the
|
|
79
|
+
Work, where such license applies only to those patent claims
|
|
80
|
+
licensable by such Contributor that are necessarily infringed by
|
|
81
|
+
their Contribution(s) alone or by combination of their
|
|
82
|
+
Contribution(s) with the Work to which such Contribution(s) was
|
|
83
|
+
submitted. If You institute patent litigation against any entity
|
|
84
|
+
(including a cross-claim or counterclaim in a lawsuit) alleging that
|
|
85
|
+
the Work or a Contribution incorporated within the Work constitutes
|
|
86
|
+
direct or contributory patent infringement, then any patent licenses
|
|
87
|
+
granted to You under this License for that Work shall terminate as
|
|
88
|
+
of the date such litigation is filed.
|
|
89
|
+
|
|
90
|
+
4. Redistribution. You may reproduce and distribute copies of the Work
|
|
91
|
+
or Derivative Works thereof in any medium, with or without
|
|
92
|
+
modifications, and in Source or Object form, provided that You meet
|
|
93
|
+
the following conditions:
|
|
94
|
+
|
|
95
|
+
(a) You must give any other recipients of the Work or Derivative
|
|
96
|
+
Works a copy of this License; and
|
|
97
|
+
|
|
98
|
+
(b) You must cause any modified files to carry prominent notices
|
|
99
|
+
stating that You changed the files; and
|
|
100
|
+
|
|
101
|
+
(c) You must retain, in the Source form of any Derivative Works
|
|
102
|
+
that You distribute, all copyright, patent, trademark, and
|
|
103
|
+
attribution notices from the Source form of the Work, excluding
|
|
104
|
+
those notices that do not pertain to any part of the Derivative
|
|
105
|
+
Works; and
|
|
106
|
+
|
|
107
|
+
(d) If the Work includes a "NOTICE" text file as part of its
|
|
108
|
+
distribution, then any Derivative Works that You distribute must
|
|
109
|
+
include a readable copy of the attribution notices contained
|
|
110
|
+
within such NOTICE file, excluding those notices that do not
|
|
111
|
+
pertain to any part of the Derivative Works, in at least one of
|
|
112
|
+
the following places: within a NOTICE text file distributed as
|
|
113
|
+
part of the Derivative Works; within the Source form or
|
|
114
|
+
documentation, if provided along with the Derivative Works; or,
|
|
115
|
+
within a display generated by the Derivative Works, if and
|
|
116
|
+
wherever such third-party notices normally appear. The contents
|
|
117
|
+
of the NOTICE file are for informational purposes only and do
|
|
118
|
+
not modify the License. You may add Your own attribution notices
|
|
119
|
+
within Derivative Works that You distribute, alongside or as an
|
|
120
|
+
addendum to the NOTICE text from the Work, provided that such
|
|
121
|
+
additional attribution notices cannot be construed as modifying
|
|
122
|
+
the License.
|
|
123
|
+
|
|
124
|
+
You may add Your own copyright statement to Your modifications and
|
|
125
|
+
may provide additional or different license terms and conditions for
|
|
126
|
+
use, reproduction, or distribution of Your modifications, or for
|
|
127
|
+
such Derivative Works as a whole, provided Your use, reproduction,
|
|
128
|
+
and distribution of the Work otherwise complies with the conditions
|
|
129
|
+
stated in this License.
|
|
130
|
+
|
|
131
|
+
5. Submission of Contributions. Unless You explicitly state otherwise,
|
|
132
|
+
any Contribution intentionally submitted for inclusion in the Work
|
|
133
|
+
by You to the Licensor shall be under the terms and conditions of
|
|
134
|
+
this License, without any additional terms or conditions.
|
|
135
|
+
Notwithstanding the above, nothing herein shall supersede or modify
|
|
136
|
+
the terms of any separate license agreement you may have executed
|
|
137
|
+
with Licensor regarding such Contributions.
|
|
138
|
+
|
|
139
|
+
6. Trademarks. This License does not grant permission to use the trade
|
|
140
|
+
names, trademarks, service marks, or product names of the Licensor,
|
|
141
|
+
except as required for reasonable and customary use in describing the
|
|
142
|
+
origin of the Work and reproducing the content of the NOTICE file.
|
|
143
|
+
|
|
144
|
+
7. Disclaimer of Warranty. Unless required by applicable law or
|
|
145
|
+
agreed to in writing, Licensor provides the Work (and each
|
|
146
|
+
Contributor provides its Contributions) on an "AS IS" BASIS,
|
|
147
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
148
|
+
implied, including, without limitation, any warranties or conditions
|
|
149
|
+
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
|
150
|
+
PARTICULAR PURPOSE. You are solely responsible for determining the
|
|
151
|
+
appropriateness of using or redistributing the Work and assume any
|
|
152
|
+
risks associated with Your exercise of permissions under this
|
|
153
|
+
License.
|
|
154
|
+
|
|
155
|
+
8. Limitation of Liability. In no event and under no legal theory,
|
|
156
|
+
whether in tort (including negligence), contract, or otherwise,
|
|
157
|
+
unless required by applicable law (such as deliberate and grossly
|
|
158
|
+
negligent acts) or agreed to in writing, shall any Contributor be
|
|
159
|
+
liable to You for damages, including any direct, indirect, special,
|
|
160
|
+
incidental, or consequential damages of any character arising as a
|
|
161
|
+
result of this License or out of the use or inability to use the
|
|
162
|
+
Work (including but not limited to damages for loss of goodwill,
|
|
163
|
+
work stoppage, computer failure or malfunction, or any and all other
|
|
164
|
+
commercial damages or losses), even if such Contributor has been
|
|
165
|
+
advised of the possibility of such damages.
|
|
166
|
+
|
|
167
|
+
9. Accepting Warranty or Additional Liability. While redistributing
|
|
168
|
+
the Work or Derivative Works thereof, You may choose to offer, and
|
|
169
|
+
charge a fee for, acceptance of support, warranty, indemnity, or
|
|
170
|
+
other liability obligations and/or rights consistent with this
|
|
171
|
+
License. However, in accepting such obligations, You may act only
|
|
172
|
+
on Your own behalf and on Your sole responsibility, not on behalf of
|
|
173
|
+
any other Contributor, and only if You agree to indemnify, defend,
|
|
174
|
+
and hold each Contributor harmless for any liability incurred by, or
|
|
175
|
+
claims asserted against, such Contributor by reason of your
|
|
176
|
+
accepting any such warranty or additional liability.
|
|
177
|
+
|
|
178
|
+
END OF TERMS AND CONDITIONS
|
|
179
|
+
|
|
180
|
+
APPENDIX: How to apply the Apache License to your work.
|
|
181
|
+
|
|
182
|
+
To apply the Apache License to your work, attach the following
|
|
183
|
+
boilerplate notice, with the fields enclosed by brackets "[]"
|
|
184
|
+
replaced with your own identifying information. (Don't include
|
|
185
|
+
the brackets!) The text should be enclosed in the appropriate
|
|
186
|
+
comment syntax for the format of the file. We also recommend that
|
|
187
|
+
a file and directory name be included on the same line as the
|
|
188
|
+
"Copyright" statement for easier location by automated tools.
|
|
189
|
+
|
|
190
|
+
Copyright [yyyy] [name of copyright owner]
|
|
191
|
+
|
|
192
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
|
193
|
+
you may not use this file except in compliance with the License.
|
|
194
|
+
You may obtain a copy of the License at
|
|
195
|
+
|
|
196
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
|
197
|
+
|
|
198
|
+
Unless required by applicable law or agreed to in writing, software
|
|
199
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
|
200
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
201
|
+
See the License for the specific language governing permissions and
|
|
202
|
+
limitations under the License.
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
Tencent AI-Infra-Guard
|
|
2
|
+
Copyright 2024-2026 Tencent Zhuque Lab
|
|
3
|
+
|
|
4
|
+
This product includes software developed at
|
|
5
|
+
Tencent Zhuque Lab (https://github.com/Tencent/AI-Infra-Guard).
|
|
6
|
+
|
|
7
|
+
Mandatory Attribution Requirement (per Apache License 2.0, Section 4(d)):
|
|
8
|
+
Any redistribution, integration, or derivative work — whether open-source or commercial —
|
|
9
|
+
that incorporates, modifies, or is based on this project must:
|
|
10
|
+
|
|
11
|
+
1. Clearly state "Based on Tencent Zhuque Lab AI-Infra-Guard" in the product documentation,
|
|
12
|
+
About page, or release notes.
|
|
13
|
+
2. Include a link to the original repository: https://github.com/Tencent/AI-Infra-Guard.
|
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: aig-skill-scan
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: AI Native Agent Skill 安全审计工具 —— LLM 驱动的多阶段代码审计与漏洞复审流水线
|
|
5
|
+
Author-email: Tencent Zhuque Lab <ai-infra-guard@tencent.com>
|
|
6
|
+
Maintainer: Tencent Zhuque Lab
|
|
7
|
+
License: Apache-2.0
|
|
8
|
+
Project-URL: Homepage, https://github.com/Tencent/AI-Infra-Guard
|
|
9
|
+
Project-URL: Repository, https://github.com/Tencent/AI-Infra-Guard
|
|
10
|
+
Project-URL: Documentation, https://github.com/Tencent/AI-Infra-Guard/tree/main/skill-scan
|
|
11
|
+
Project-URL: Bug Tracker, https://github.com/Tencent/AI-Infra-Guard/issues
|
|
12
|
+
Project-URL: Source Code, https://github.com/Tencent/AI-Infra-Guard/tree/main/skill-scan
|
|
13
|
+
Keywords: ai-security,agent-security,skill-scan,red-team,llm,audit,vulnerability,ai-infra-guard
|
|
14
|
+
Classifier: Development Status :: 4 - Beta
|
|
15
|
+
Classifier: Environment :: Console
|
|
16
|
+
Classifier: Intended Audience :: Developers
|
|
17
|
+
Classifier: Intended Audience :: Information Technology
|
|
18
|
+
Classifier: License :: OSI Approved :: Apache Software License
|
|
19
|
+
Classifier: Operating System :: OS Independent
|
|
20
|
+
Classifier: Programming Language :: Python :: 3
|
|
21
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
22
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
23
|
+
Classifier: Programming Language :: Python :: Implementation :: CPython
|
|
24
|
+
Classifier: Topic :: Security
|
|
25
|
+
Classifier: Topic :: Software Development :: Quality Assurance
|
|
26
|
+
Classifier: Typing :: Typed
|
|
27
|
+
Requires-Python: >=3.12
|
|
28
|
+
Description-Content-Type: text/markdown
|
|
29
|
+
License-File: LICENSE
|
|
30
|
+
License-File: NOTICE
|
|
31
|
+
Requires-Dist: loguru==0.7.3
|
|
32
|
+
Requires-Dist: openai==2.8.1
|
|
33
|
+
Requires-Dist: pydantic==2.12.4
|
|
34
|
+
Requires-Dist: python-dotenv==1.0.0
|
|
35
|
+
Provides-Extra: dev
|
|
36
|
+
Requires-Dist: pytest>=8.0.0; extra == "dev"
|
|
37
|
+
Requires-Dist: pytest-asyncio>=0.23.0; extra == "dev"
|
|
38
|
+
Requires-Dist: ruff>=0.11.5; extra == "dev"
|
|
39
|
+
Requires-Dist: build>=1.2; extra == "dev"
|
|
40
|
+
Requires-Dist: twine>=5.0; extra == "dev"
|
|
41
|
+
Dynamic: license-file
|
|
42
|
+
|
|
43
|
+
# Skill-Scan
|
|
44
|
+
|
|
45
|
+
> AI Native Agent Skill 安全审计工具 —— LLM 驱动的多阶段代码审计与漏洞复审流水线。
|
|
46
|
+
|
|
47
|
+
`skill-scan` 是 [Tencent AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard) 的子项目,专门用于对 AI Agent Skill 项目(如 WorkBuddy Skill、Coze 插件、Dify 工具等)进行静态安全审计。它通过三阶段流水线对 Skill 代码进行 LLM 驱动的深度分析:
|
|
48
|
+
|
|
49
|
+
1. **Info Collection** —— 项目结构、语言、入口点识别
|
|
50
|
+
2. **Code Audit** —— 多技能并行审计(数据泄露、工具滥用、间接注入、越权等)
|
|
51
|
+
3. **Vulnerability Review** —— 漏洞去重、误报过滤、严重度评分、报告生成
|
|
52
|
+
|
|
53
|
+
漏洞分类对齐 [SkillTrustBench](https://github.com/Tencent/AI-Infra-Guard) T01–T09 分类法,判定标准:`malicious`(明确攻击意图)/ `suspicious`(有漏洞但无明确攻击意图)/ `normal`(良性)。
|
|
54
|
+
|
|
55
|
+
---
|
|
56
|
+
|
|
57
|
+
## 安装
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
# 从 PyPI 安装
|
|
61
|
+
pip install aig-skill-scan
|
|
62
|
+
|
|
63
|
+
# 或从源码安装(开发态)
|
|
64
|
+
git clone https://github.com/Tencent/AI-Infra-Guard.git
|
|
65
|
+
cd AI-Infra-Guard/skill-scan
|
|
66
|
+
pip install -e .
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
要求 Python ≥ 3.12。
|
|
70
|
+
|
|
71
|
+
---
|
|
72
|
+
|
|
73
|
+
## 快速开始
|
|
74
|
+
|
|
75
|
+
### 命令行
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
# 扫描一个本地 Skill 项目目录
|
|
79
|
+
skill-scan --repo /path/to/your/skill \
|
|
80
|
+
-m deepseek/deepseek-v3.2-exp \
|
|
81
|
+
-k $OPENROUTER_API_KEY \
|
|
82
|
+
-u https://openrouter.ai/api/v1 \
|
|
83
|
+
--language zh
|
|
84
|
+
|
|
85
|
+
# 也可以用模块方式调用
|
|
86
|
+
python -m skill_scan --repo /path/to/your/skill -k $OPENROUTER_API_KEY
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
完整参数:
|
|
90
|
+
|
|
91
|
+
```
|
|
92
|
+
skill-scan --help
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
| 参数 | 说明 | 默认值 |
|
|
96
|
+
| --- | --- | --- |
|
|
97
|
+
| `--repo` | 要扫描的 Skill 项目文件夹路径(必填) | — |
|
|
98
|
+
| `-m, --model` | LLM 模型名称 | `deepseek/deepseek-v3.2-exp` |
|
|
99
|
+
| `-k, --api_key` | API Key(不传则从环境变量读取) | — |
|
|
100
|
+
| `-u, --base_url` | API 基础 URL | `https://openrouter.ai/api/v1` |
|
|
101
|
+
| `-p, --prompt` | 自定义扫描提示词(可选) | — |
|
|
102
|
+
| `--language` | 输出语言:`zh` / `en` | `zh` |
|
|
103
|
+
| `--debug` | 启用 debug 模式 | `false` |
|
|
104
|
+
|
|
105
|
+
### 程序化调用
|
|
106
|
+
|
|
107
|
+
```python
|
|
108
|
+
import asyncio
|
|
109
|
+
from skill_scan.agent.agent import Agent
|
|
110
|
+
from skill_scan.utils.llm import LLM
|
|
111
|
+
from skill_scan.utils.llm_manager import LLMManager
|
|
112
|
+
|
|
113
|
+
async def run():
|
|
114
|
+
llm = LLM(model="deepseek/deepseek-v3.2-exp",
|
|
115
|
+
api_key="sk-...",
|
|
116
|
+
base_url="https://openrouter.ai/api/v1",
|
|
117
|
+
context_window=128_000)
|
|
118
|
+
mgr = LLMManager(api_key="sk-...", base_url="https://openrouter.ai/api/v1")
|
|
119
|
+
specialized = mgr.get_specialized_llms(["thinking", "coding"])
|
|
120
|
+
|
|
121
|
+
agent = Agent(llm=llm, specialized_llms=specialized,
|
|
122
|
+
debug=False, language="zh")
|
|
123
|
+
result = await agent.scan("/path/to/your/skill", "", "zh")
|
|
124
|
+
print(result)
|
|
125
|
+
|
|
126
|
+
asyncio.run(run())
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
---
|
|
130
|
+
|
|
131
|
+
## 配置
|
|
132
|
+
|
|
133
|
+
所有配置通过环境变量或 `.env` 文件注入。`skill-scan` 会按以下顺序查找 `.env`:
|
|
134
|
+
|
|
135
|
+
1. 包根目录(`site-packages/skill_scan/.env`,安装态一般不用)
|
|
136
|
+
2. 当前工作目录(`./.env`,推荐)
|
|
137
|
+
|
|
138
|
+
主要环境变量:
|
|
139
|
+
|
|
140
|
+
| 变量 | 说明 | 默认值 |
|
|
141
|
+
| --- | --- | --- |
|
|
142
|
+
| `OPENROUTER_API_KEY` / `LLM_API_KEY` / `OPENAI_API_KEY` | LLM API Key | — |
|
|
143
|
+
| `LLM_MODEL` / `OPENAI_MODEL` | 默认模型 | `deepseek/deepseek-v3.2-exp` |
|
|
144
|
+
| `LLM_BASE_URL` / `OPENAI_BASE_URL` | 默认 Base URL | `https://openrouter.ai/api/v1` |
|
|
145
|
+
| `DEFAULT_MODEL_CONTEXT_WINDOW` | 主模型上下文窗口 | `128000` |
|
|
146
|
+
| `THINKING_MODEL` / `CODING_MODEL` / `FAST_MODEL` | 专用模型 | gemini-2.5-pro / claude-sonnet-4.5 / gemini-2.0-flash-exp |
|
|
147
|
+
| `LOG_LEVEL` | 日志级别 | `INFO` |
|
|
148
|
+
|
|
149
|
+
---
|
|
150
|
+
|
|
151
|
+
## 架构
|
|
152
|
+
|
|
153
|
+
```
|
|
154
|
+
skill_scan/
|
|
155
|
+
├── agent/ # 三阶段 ScanPipeline 编排
|
|
156
|
+
│ ├── agent.py # Agent 主类,调度 Info→Audit→Review
|
|
157
|
+
│ └── base_agent.py # LLM 循环 + 工具调用基类
|
|
158
|
+
├── tools/ # XML-schema 工具注册表
|
|
159
|
+
│ ├── registry.py # @register_tool 装饰器
|
|
160
|
+
│ ├── dispatcher.py # ToolDispatcher,工具调用分发
|
|
161
|
+
│ ├── file/ ls/ grep/ dir/ base64_decode/ thinking/ finish/
|
|
162
|
+
│ └── *_schema.xml # 工具的 XML schema(给 LLM 看)
|
|
163
|
+
├── utils/
|
|
164
|
+
│ ├── llm.py # OpenAI 兼容客户端
|
|
165
|
+
│ ├── llm_manager.py # 多角色 LLM 管理(thinking/coding/fast)
|
|
166
|
+
│ ├── prompt_manager.py# prompt 模板加载(从 skill_scan/prompt/)
|
|
167
|
+
│ ├── extract_vuln.py # <vuln> XML 提取与解析
|
|
168
|
+
│ ├── project_analyzer.py # 语言识别 + calc_skill_score
|
|
169
|
+
│ └── pre_scan.py # 预扫描,生成项目概要
|
|
170
|
+
├── prompt/ # 打包的 prompt 模板
|
|
171
|
+
│ ├── system_prompt.md
|
|
172
|
+
│ ├── compact.md next_prompt.md format_report.md
|
|
173
|
+
│ └── agents/ # 各阶段专用 prompt
|
|
174
|
+
└── main.py # CLI 入口(cli / main / parse_args)
|
|
175
|
+
```
|
|
176
|
+
|
|
177
|
+
---
|
|
178
|
+
|
|
179
|
+
## 漏洞评分
|
|
180
|
+
|
|
181
|
+
`calc_skill_score` 对齐 mcp-scan 的 `calc_mcp_score`:
|
|
182
|
+
|
|
183
|
+
| 严重度 | 扣分 |
|
|
184
|
+
| --- | --- |
|
|
185
|
+
| Critical | -100 |
|
|
186
|
+
| High | -40 |
|
|
187
|
+
| Medium | -25 |
|
|
188
|
+
| Low / Info | -10 |
|
|
189
|
+
|
|
190
|
+
最终 skill 分数 = `max(0, 100 - Σ扣分)`。
|
|
191
|
+
|
|
192
|
+
---
|
|
193
|
+
|
|
194
|
+
## 开发
|
|
195
|
+
|
|
196
|
+
```bash
|
|
197
|
+
# 安装开发依赖
|
|
198
|
+
pip install -e ".[dev]"
|
|
199
|
+
|
|
200
|
+
# lint / format
|
|
201
|
+
ruff check skill_scan
|
|
202
|
+
ruff format skill_scan
|
|
203
|
+
|
|
204
|
+
# 本地构建
|
|
205
|
+
python -m build
|
|
206
|
+
|
|
207
|
+
# 本地安装测试
|
|
208
|
+
pip install dist/skill_scan-0.1.0-py3-none-any.whl
|
|
209
|
+
skill-scan --help
|
|
210
|
+
```
|
|
211
|
+
|
|
212
|
+
---
|
|
213
|
+
|
|
214
|
+
## License
|
|
215
|
+
|
|
216
|
+
Apache License 2.0。任何再分发或衍生作品必须在文档或界面中明确标注
|
|
217
|
+
"Based on Tencent Zhuque Lab AI-Infra-Guard" 并附上原仓库链接
|
|
218
|
+
<https://github.com/Tencent/AI-Infra-Guard>,详见 [NOTICE](./NOTICE)。
|
|
@@ -0,0 +1,176 @@
|
|
|
1
|
+
# Skill-Scan
|
|
2
|
+
|
|
3
|
+
> AI Native Agent Skill 安全审计工具 —— LLM 驱动的多阶段代码审计与漏洞复审流水线。
|
|
4
|
+
|
|
5
|
+
`skill-scan` 是 [Tencent AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard) 的子项目,专门用于对 AI Agent Skill 项目(如 WorkBuddy Skill、Coze 插件、Dify 工具等)进行静态安全审计。它通过三阶段流水线对 Skill 代码进行 LLM 驱动的深度分析:
|
|
6
|
+
|
|
7
|
+
1. **Info Collection** —— 项目结构、语言、入口点识别
|
|
8
|
+
2. **Code Audit** —— 多技能并行审计(数据泄露、工具滥用、间接注入、越权等)
|
|
9
|
+
3. **Vulnerability Review** —— 漏洞去重、误报过滤、严重度评分、报告生成
|
|
10
|
+
|
|
11
|
+
漏洞分类对齐 [SkillTrustBench](https://github.com/Tencent/AI-Infra-Guard) T01–T09 分类法,判定标准:`malicious`(明确攻击意图)/ `suspicious`(有漏洞但无明确攻击意图)/ `normal`(良性)。
|
|
12
|
+
|
|
13
|
+
---
|
|
14
|
+
|
|
15
|
+
## 安装
|
|
16
|
+
|
|
17
|
+
```bash
|
|
18
|
+
# 从 PyPI 安装
|
|
19
|
+
pip install aig-skill-scan
|
|
20
|
+
|
|
21
|
+
# 或从源码安装(开发态)
|
|
22
|
+
git clone https://github.com/Tencent/AI-Infra-Guard.git
|
|
23
|
+
cd AI-Infra-Guard/skill-scan
|
|
24
|
+
pip install -e .
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
要求 Python ≥ 3.12。
|
|
28
|
+
|
|
29
|
+
---
|
|
30
|
+
|
|
31
|
+
## 快速开始
|
|
32
|
+
|
|
33
|
+
### 命令行
|
|
34
|
+
|
|
35
|
+
```bash
|
|
36
|
+
# 扫描一个本地 Skill 项目目录
|
|
37
|
+
skill-scan --repo /path/to/your/skill \
|
|
38
|
+
-m deepseek/deepseek-v3.2-exp \
|
|
39
|
+
-k $OPENROUTER_API_KEY \
|
|
40
|
+
-u https://openrouter.ai/api/v1 \
|
|
41
|
+
--language zh
|
|
42
|
+
|
|
43
|
+
# 也可以用模块方式调用
|
|
44
|
+
python -m skill_scan --repo /path/to/your/skill -k $OPENROUTER_API_KEY
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
完整参数:
|
|
48
|
+
|
|
49
|
+
```
|
|
50
|
+
skill-scan --help
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
| 参数 | 说明 | 默认值 |
|
|
54
|
+
| --- | --- | --- |
|
|
55
|
+
| `--repo` | 要扫描的 Skill 项目文件夹路径(必填) | — |
|
|
56
|
+
| `-m, --model` | LLM 模型名称 | `deepseek/deepseek-v3.2-exp` |
|
|
57
|
+
| `-k, --api_key` | API Key(不传则从环境变量读取) | — |
|
|
58
|
+
| `-u, --base_url` | API 基础 URL | `https://openrouter.ai/api/v1` |
|
|
59
|
+
| `-p, --prompt` | 自定义扫描提示词(可选) | — |
|
|
60
|
+
| `--language` | 输出语言:`zh` / `en` | `zh` |
|
|
61
|
+
| `--debug` | 启用 debug 模式 | `false` |
|
|
62
|
+
|
|
63
|
+
### 程序化调用
|
|
64
|
+
|
|
65
|
+
```python
|
|
66
|
+
import asyncio
|
|
67
|
+
from skill_scan.agent.agent import Agent
|
|
68
|
+
from skill_scan.utils.llm import LLM
|
|
69
|
+
from skill_scan.utils.llm_manager import LLMManager
|
|
70
|
+
|
|
71
|
+
async def run():
|
|
72
|
+
llm = LLM(model="deepseek/deepseek-v3.2-exp",
|
|
73
|
+
api_key="sk-...",
|
|
74
|
+
base_url="https://openrouter.ai/api/v1",
|
|
75
|
+
context_window=128_000)
|
|
76
|
+
mgr = LLMManager(api_key="sk-...", base_url="https://openrouter.ai/api/v1")
|
|
77
|
+
specialized = mgr.get_specialized_llms(["thinking", "coding"])
|
|
78
|
+
|
|
79
|
+
agent = Agent(llm=llm, specialized_llms=specialized,
|
|
80
|
+
debug=False, language="zh")
|
|
81
|
+
result = await agent.scan("/path/to/your/skill", "", "zh")
|
|
82
|
+
print(result)
|
|
83
|
+
|
|
84
|
+
asyncio.run(run())
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
---
|
|
88
|
+
|
|
89
|
+
## 配置
|
|
90
|
+
|
|
91
|
+
所有配置通过环境变量或 `.env` 文件注入。`skill-scan` 会按以下顺序查找 `.env`:
|
|
92
|
+
|
|
93
|
+
1. 包根目录(`site-packages/skill_scan/.env`,安装态一般不用)
|
|
94
|
+
2. 当前工作目录(`./.env`,推荐)
|
|
95
|
+
|
|
96
|
+
主要环境变量:
|
|
97
|
+
|
|
98
|
+
| 变量 | 说明 | 默认值 |
|
|
99
|
+
| --- | --- | --- |
|
|
100
|
+
| `OPENROUTER_API_KEY` / `LLM_API_KEY` / `OPENAI_API_KEY` | LLM API Key | — |
|
|
101
|
+
| `LLM_MODEL` / `OPENAI_MODEL` | 默认模型 | `deepseek/deepseek-v3.2-exp` |
|
|
102
|
+
| `LLM_BASE_URL` / `OPENAI_BASE_URL` | 默认 Base URL | `https://openrouter.ai/api/v1` |
|
|
103
|
+
| `DEFAULT_MODEL_CONTEXT_WINDOW` | 主模型上下文窗口 | `128000` |
|
|
104
|
+
| `THINKING_MODEL` / `CODING_MODEL` / `FAST_MODEL` | 专用模型 | gemini-2.5-pro / claude-sonnet-4.5 / gemini-2.0-flash-exp |
|
|
105
|
+
| `LOG_LEVEL` | 日志级别 | `INFO` |
|
|
106
|
+
|
|
107
|
+
---
|
|
108
|
+
|
|
109
|
+
## 架构
|
|
110
|
+
|
|
111
|
+
```
|
|
112
|
+
skill_scan/
|
|
113
|
+
├── agent/ # 三阶段 ScanPipeline 编排
|
|
114
|
+
│ ├── agent.py # Agent 主类,调度 Info→Audit→Review
|
|
115
|
+
│ └── base_agent.py # LLM 循环 + 工具调用基类
|
|
116
|
+
├── tools/ # XML-schema 工具注册表
|
|
117
|
+
│ ├── registry.py # @register_tool 装饰器
|
|
118
|
+
│ ├── dispatcher.py # ToolDispatcher,工具调用分发
|
|
119
|
+
│ ├── file/ ls/ grep/ dir/ base64_decode/ thinking/ finish/
|
|
120
|
+
│ └── *_schema.xml # 工具的 XML schema(给 LLM 看)
|
|
121
|
+
├── utils/
|
|
122
|
+
│ ├── llm.py # OpenAI 兼容客户端
|
|
123
|
+
│ ├── llm_manager.py # 多角色 LLM 管理(thinking/coding/fast)
|
|
124
|
+
│ ├── prompt_manager.py# prompt 模板加载(从 skill_scan/prompt/)
|
|
125
|
+
│ ├── extract_vuln.py # <vuln> XML 提取与解析
|
|
126
|
+
│ ├── project_analyzer.py # 语言识别 + calc_skill_score
|
|
127
|
+
│ └── pre_scan.py # 预扫描,生成项目概要
|
|
128
|
+
├── prompt/ # 打包的 prompt 模板
|
|
129
|
+
│ ├── system_prompt.md
|
|
130
|
+
│ ├── compact.md next_prompt.md format_report.md
|
|
131
|
+
│ └── agents/ # 各阶段专用 prompt
|
|
132
|
+
└── main.py # CLI 入口(cli / main / parse_args)
|
|
133
|
+
```
|
|
134
|
+
|
|
135
|
+
---
|
|
136
|
+
|
|
137
|
+
## 漏洞评分
|
|
138
|
+
|
|
139
|
+
`calc_skill_score` 对齐 mcp-scan 的 `calc_mcp_score`:
|
|
140
|
+
|
|
141
|
+
| 严重度 | 扣分 |
|
|
142
|
+
| --- | --- |
|
|
143
|
+
| Critical | -100 |
|
|
144
|
+
| High | -40 |
|
|
145
|
+
| Medium | -25 |
|
|
146
|
+
| Low / Info | -10 |
|
|
147
|
+
|
|
148
|
+
最终 skill 分数 = `max(0, 100 - Σ扣分)`。
|
|
149
|
+
|
|
150
|
+
---
|
|
151
|
+
|
|
152
|
+
## 开发
|
|
153
|
+
|
|
154
|
+
```bash
|
|
155
|
+
# 安装开发依赖
|
|
156
|
+
pip install -e ".[dev]"
|
|
157
|
+
|
|
158
|
+
# lint / format
|
|
159
|
+
ruff check skill_scan
|
|
160
|
+
ruff format skill_scan
|
|
161
|
+
|
|
162
|
+
# 本地构建
|
|
163
|
+
python -m build
|
|
164
|
+
|
|
165
|
+
# 本地安装测试
|
|
166
|
+
pip install dist/skill_scan-0.1.0-py3-none-any.whl
|
|
167
|
+
skill-scan --help
|
|
168
|
+
```
|
|
169
|
+
|
|
170
|
+
---
|
|
171
|
+
|
|
172
|
+
## License
|
|
173
|
+
|
|
174
|
+
Apache License 2.0。任何再分发或衍生作品必须在文档或界面中明确标注
|
|
175
|
+
"Based on Tencent Zhuque Lab AI-Infra-Guard" 并附上原仓库链接
|
|
176
|
+
<https://github.com/Tencent/AI-Infra-Guard>,详见 [NOTICE](./NOTICE)。
|