diff --git a/src/server/__tests__/skill-market.test.ts b/src/server/__tests__/skill-market.test.ts index 84223ab7..f8d3b100 100644 --- a/src/server/__tests__/skill-market.test.ts +++ b/src/server/__tests__/skill-market.test.ts @@ -70,6 +70,32 @@ describe('skill market source normalization', () => { }) }) + it('does not use clean ClawHub scanner summaries for blocked scans', () => { + expect(normalizeClawHubScan({ + status: 'malicious', + scanners: { + metadata: { status: 'clean', summary: 'No dangerous patterns detected.' }, + }, + })).toEqual({ + trustState: 'blocked', + trustSummary: undefined, + packageSha256: undefined, + }) + }) + + it('does not use clean ClawHub scanner summaries for warning scans', () => { + expect(normalizeClawHubScan({ + status: 'suspicious', + scanners: { + metadata: { status: 'clean', summary: 'No dangerous patterns detected.' }, + }, + })).toEqual({ + trustState: 'warning', + trustSummary: undefined, + packageSha256: undefined, + }) + }) + it('normalizes SkillHub list items as fallback candidates with Chinese summary', () => { const result = normalizeSkillHubList(SKILLHUB_TOP_SKILLS_RESPONSE) diff --git a/src/server/services/skillMarket/clawhubAdapter.ts b/src/server/services/skillMarket/clawhubAdapter.ts index 8f57569a..dee49dba 100644 --- a/src/server/services/skillMarket/clawhubAdapter.ts +++ b/src/server/services/skillMarket/clawhubAdapter.ts @@ -67,14 +67,14 @@ export function normalizeClawHubScan(payload: ClawHubScanResponse): { if (payload.status === 'malicious' || payload.status === 'blocked') { return { trustState: 'blocked', - trustSummary: scannerSummaryForStatuses(['malicious', 'blocked']) ?? scannerSummary, + trustSummary: scannerSummaryForStatuses(['malicious', 'blocked']), packageSha256: payload.sha256, } } if (payload.status === 'suspicious' || payload.hasWarnings) { return { trustState: 'warning', - trustSummary: scannerSummaryForStatuses(['suspicious', 'warning']) ?? scannerSummary, + trustSummary: scannerSummaryForStatuses(['suspicious', 'warning']), packageSha256: payload.sha256, } }