github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 10:11:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: add skill/plugin code safety scanner (#9806)

Browse Source 
* security: add skill/plugin code safety scanner module

* security: integrate skill scanner into security audit

* security: add pre-install code safety scan for plugins

* style: fix curly brace lint errors in skill-scanner.ts

* docs: add changelog entry for skill code safety scanner

* style: append ellipsis to truncated evidence strings

* fix(security): harden plugin code safety scanning

* fix: scan skills on install and report code-safety details

* fix: dedupe audit-extra import

* fix(security): make code safety scan failures observable

* fix(test): stabilize smoke + gateway timeouts (#9806) (thanks @abdelsfane)

---------

Co-authored-by: Darshil <ddhameliya@mail.sfsu.edu>
Co-authored-by: Darshil <81693876+dvrshil@users.noreply.github.com>
Co-authored-by: George Pickett <gpickett00@gmail.com>
This commit is contained in:
Abdel Sy Fane
2026-02-05 17:06:11 -07:00
committed by GitHub
parent 141f551a4c
commit bc88e58fcf
16 changed files with 1722 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/gateway/test-helpers.server.ts
View File

@@ -44,6 +44,7 @@ let previousConfigPath: string | undefined;
let previousSkipBrowserControl: string | undefined;
let previousSkipGmailWatcher: string | undefined;
let previousSkipCanvasHost: string | undefined;
let previousBundledPluginsDir: string | undefined;
let tempHome: string | undefined;
let tempConfigRoot: string | undefined;
@@ -83,6 +84,7 @@ async function setupGatewayTestHome() {
previousSkipBrowserControl = process.env.OPENCLAW_SKIP_BROWSER_CONTROL_SERVER;
previousSkipGmailWatcher = process.env.OPENCLAW_SKIP_GMAIL_WATCHER;
previousSkipCanvasHost = process.env.OPENCLAW_SKIP_CANVAS_HOST;
previousBundledPluginsDir = process.env.OPENCLAW_BUNDLED_PLUGINS_DIR;
tempHome = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-gateway-home-"));
process.env.HOME = tempHome;
process.env.USERPROFILE = tempHome;
@@ -94,6 +96,9 @@ function applyGatewaySkipEnv() {
process.env.OPENCLAW_SKIP_BROWSER_CONTROL_SERVER = "1";
process.env.OPENCLAW_SKIP_GMAIL_WATCHER = "1";
process.env.OPENCLAW_SKIP_CANVAS_HOST = "1";
process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = tempHome
? path.join(tempHome, "openclaw-test-no-bundled-extensions")
: "openclaw-test-no-bundled-extensions";
}
async function resetGatewayTestState(options: { uniqueConfigRoot: boolean }) {
@@ -184,6 +189,11 @@ async function cleanupGatewayTestHome(options: { restoreEnv: boolean }) {
} else {
process.env.OPENCLAW_SKIP_CANVAS_HOST = previousSkipCanvasHost;
}
if (previousBundledPluginsDir === undefined) {
delete process.env.OPENCLAW_BUNDLED_PLUGINS_DIR;
} else {
process.env.OPENCLAW_BUNDLED_PLUGINS_DIR = previousBundledPluginsDir;
}
}
if (options.restoreEnv && tempHome) {
await fs.rm(tempHome, {