diff --git a/skills/agentguard/SKILL.md b/skills/agentguard/SKILL.md index 4867e59..8095196 100644 --- a/skills/agentguard/SKILL.md +++ b/skills/agentguard/SKILL.md @@ -7,6 +7,25 @@ metadata: author: GoPlusSecurity version: "1.1" optional_env: "GOPLUS_API_KEY, GOPLUS_API_SECRET (for Web3 transaction simulation only)" +filesystem-access: + - path: "~/.ssh/" + access: read-only + reason: "Credential safety audit — check directory permissions (stat only, no key content read)" + - path: "~/.gnupg/" + access: read-only + reason: "Credential safety audit — check directory permissions (stat only)" + - path: "~/.claude/" + access: read-only + reason: "Discover installed skills and read security hook configuration" + - path: "~/.openclaw/" + access: read-only + reason: "Discover installed skills and read OpenClaw config for patrol checks" + - path: "~/.qclaw/" + access: read-only + reason: "Discover installed skills in QClaw environments" + - path: "~/.agentguard/" + access: read-write + reason: "Read/write audit log (audit.jsonl) and protection level config (config.json)" user-invocable: true allowed-tools: Read, Write, Grep, Glob, Bash(node *trust-cli.ts *) Bash(node *action-cli.ts *) Bash(*checkup-report.js) Bash(echo *checkup-report.js) Bash(cat *checkup-report.js) Bash(openclaw *) Bash(ss *) Bash(lsof *) Bash(ufw *) Bash(iptables *) Bash(crontab *) Bash(systemctl list-timers *) Bash(find *) Bash(stat *) Bash(env) Bash(sha256sum *) Bash(node *) Bash(cd *) argument-hint: "[scan|action|patrol|trust|report|config|checkup] [args...]" diff --git a/skills/agentguard/package.json b/skills/agentguard/package.json index de53aac..1a5b35b 100644 --- a/skills/agentguard/package.json +++ b/skills/agentguard/package.json @@ -2,6 +2,7 @@ "private": true, "type": "module", "dependencies": { - "@goplus/agentguard": "^1.0.6" + "@goplus/agentguard": "^1.0.6", + "open": "11.0.0" } } diff --git a/skills/agentguard/scripts/checkup-report.js b/skills/agentguard/scripts/checkup-report.js index 04380e6..45a2672 100644 --- a/skills/agentguard/scripts/checkup-report.js +++ b/skills/agentguard/scripts/checkup-report.js @@ -15,7 +15,7 @@ import { writeFileSync, readFileSync, existsSync } from 'node:fs'; import { join, dirname } from 'node:path'; import { tmpdir, homedir } from 'node:os'; -import { exec, spawn } from 'node:child_process'; +import open from 'open'; import { fileURLToPath } from 'node:url'; const DIM_META = { @@ -1376,20 +1376,7 @@ body{background:#0a0e14;color:#dfe2eb;font-family:'Inter',sans-serif} // the buffer is flushed, causing the caller (Claude) to receive an empty path. process.stdout.write(outPath + '\n', () => { if (!isHeadless) { - if (process.platform === 'win32') { - // Use PowerShell Start-Process to open the file via Shell Execute API, - // bypassing cmd.exe entirely — cmd /c start creates a visible intermediate - // window whose title is the file path, which is the UX bug in #23. - spawn('powershell', [ - '-NoProfile', '-WindowStyle', 'Hidden', '-Command', - `Start-Process '${outPath.replace(/'/g, "''")}'`, - ], { detached: true, stdio: 'ignore', windowsHide: true }).unref(); - } else { - const cmd = process.platform === 'darwin' ? 'open' : 'xdg-open'; - exec(`${cmd} "${outPath}"`, (err) => { - if (err) process.stderr.write(`Could not open browser: ${err.message}\n`); - }); - } + open(outPath).catch(err => process.stderr.write(`Could not open browser: ${err.message}\n`)); } // Hard exit after 3s — guards against exec child process hanging and // blocking Node from exiting naturally (e.g. xdg-open on misconfigured Linux).