fix: tighten skill risk key detection

This commit is contained in:
程序员阿江(Relakkes) 2026-07-03 18:15:20 +08:00
parent 000738442d
commit d24f0f4bda
2 changed files with 18 additions and 3 deletions

View File

@ -715,6 +715,20 @@ describe('skill market risk analysis', () => {
expect(risk).toEqual(['requires-api-key'])
})
it('does not treat similarly named fields as allowed tools or hooks', () => {
const risk = analyzeSkillRisk({
entryContent: [
'---',
'disallowed-tools: Bash',
'webhooks: https://example.com/callback',
'---',
].join('\n'),
files: [],
})
expect(risk).toEqual(['external-network'])
})
it('returns an empty array when no conservative risks are detected', () => {
const risk = analyzeSkillRisk({
entryContent: 'A local-only skill with no special permissions.',

View File

@ -11,6 +11,8 @@ const RISK_LABEL_ORDER: SkillMarketRiskLabel[] = [
const EXECUTABLE_EXTENSION = /\.(sh|bash|zsh|fish|ps1|cmd|bat|py|js|ts)$/i
const API_KEYWORD = /api[\s_-]?key|token|secret/i
const ALLOWED_TOOLS_KEY = /^\s*allowed-tools\s*:/m
const HOOKS_KEY = /^\s*hooks\s*:/m
export function analyzeSkillRisk(input: {
entryContent?: string
@ -19,13 +21,12 @@ export function analyzeSkillRisk(input: {
}): SkillMarketRiskLabel[] {
const labels = new Set<SkillMarketRiskLabel>()
const entryContent = input.entryContent ?? ''
const entryLines = entryContent.split(/\r?\n/)
if (entryLines.some((line) => line.includes('allowed-tools:'))) {
if (ALLOWED_TOOLS_KEY.test(entryContent)) {
labels.add('allowed-tools')
}
if (entryLines.some((line) => line.includes('hooks:'))) {
if (HOOKS_KEY.test(entryContent)) {
labels.add('hooks')
}