feat(skill-audit): security-audit UI in install & import flows#249
feat(skill-audit): security-audit UI in install & import flows#249Fldicoahkiin wants to merge 9 commits into
Conversation
- skills.sh install modal: show the audit report inline (clone → audit → install), with a force-install path when the verdict is unsafe - render findings with verdict/severity chips, i18n'd risk descriptions and a category + file line, using the project's UI tokens - surface the same audit in the local skill import / preview panels - i18n (en / zh-Hans / zh-Hant) for verdicts, severities, categories, finding evidence and the per-verdict summary
# Conflicts: # crates/desktop/bun.lock # crates/desktop/package.json # crates/desktop/src/requests/keys.ts
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e07418cf64
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| isSubmitting || | ||
| skillAgents.length === 0 | ||
| skillAgents.length === 0 || | ||
| auditBlocked |
There was a problem hiding this comment.
When a user selects a local skill and clicks Import before skillAuditQueryOptions returns, skillAudit is still undefined, so auditBlocked is false and this button stays enabled. The submit path then calls the existing import_skill API, which only runs add_skill_from_path and does not re-audit, so a malicious local skill can bypass the new gate during that pending/error window; disable submission until the audit has completed successfully or enforce the audit server-side.
Useful? React with 👍 / 👎.
git_scan now returns a per-skill audit; render SkillAudit under each scanned skill in the import-from-github panel, matching the local import panel.
- gate the local import-skill panel on the audit query's pending/error state, not only on a malicious verdict - treat a still-running or failed audit as blocking, since import_skill does not re-audit and a malicious skill could slip through that window - allow the force-unsafe override on audit failure and surface an audit-failed alert - add auditing / auditFailed strings to en, zh-Hans, zh-Hant
- skills.audit() was the only non-trivial skills endpoint without an explicit ky timeout, so it fell back to the 10s library default - a cold-start YARA scan can exceed 10s and spuriously surface auditFailed, which fail-closed blocks local skill import - align with sibling endpoints (install 300s, git/scan 120s)
1 participant
前端部分:把 skill 安全审计 UI 接进安装 / 导入流程。
Stacked PR,依赖后端 #229,base 设为
feat/skill-audit(#229 合并后此 PR 的 base 会自动变成 main)。内容
SkillAudit组件:verdict / severity / category chips + 每条 finding 的描述feat/skill-audit(含 main),PR diff 为纯前端验证
bun run typecheck:0 error