fix: avoid misleading clawhub scan summaries

Tested: bun test src/server/__tests__/skill-market.test.ts
Tested: git diff --check
Confidence: high
Scope-risk: narrow
This commit is contained in:
程序员阿江(Relakkes) 2026-07-03 17:25:12 +08:00
parent 3b1f190938
commit 05ec549e3d
2 changed files with 28 additions and 2 deletions

View File

@ -70,6 +70,32 @@ describe('skill market source normalization', () => {
})
})
it('does not use clean ClawHub scanner summaries for blocked scans', () => {
expect(normalizeClawHubScan({
status: 'malicious',
scanners: {
metadata: { status: 'clean', summary: 'No dangerous patterns detected.' },
},
})).toEqual({
trustState: 'blocked',
trustSummary: undefined,
packageSha256: undefined,
})
})
it('does not use clean ClawHub scanner summaries for warning scans', () => {
expect(normalizeClawHubScan({
status: 'suspicious',
scanners: {
metadata: { status: 'clean', summary: 'No dangerous patterns detected.' },
},
})).toEqual({
trustState: 'warning',
trustSummary: undefined,
packageSha256: undefined,
})
})
it('normalizes SkillHub list items as fallback candidates with Chinese summary', () => {
const result = normalizeSkillHubList(SKILLHUB_TOP_SKILLS_RESPONSE)

View File

@ -67,14 +67,14 @@ export function normalizeClawHubScan(payload: ClawHubScanResponse): {
if (payload.status === 'malicious' || payload.status === 'blocked') {
return {
trustState: 'blocked',
trustSummary: scannerSummaryForStatuses(['malicious', 'blocked']) ?? scannerSummary,
trustSummary: scannerSummaryForStatuses(['malicious', 'blocked']),
packageSha256: payload.sha256,
}
}
if (payload.status === 'suspicious' || payload.hasWarnings) {
return {
trustState: 'warning',
trustSummary: scannerSummaryForStatuses(['suspicious', 'warning']) ?? scannerSummary,
trustSummary: scannerSummaryForStatuses(['suspicious', 'warning']),
packageSha256: payload.sha256,
}
}