-
Notifications
You must be signed in to change notification settings - Fork 401
[Bug] 管理员上传的 Skill 不会触发安全扫描 #415
Copy link
Copy link
Closed
Labels
bugSomething isn't workingSomething isn't workingeffort/l大改动或高风险改动,需要 maintainer 负责 / Large or risky change requiring maintainer ownership.大改动或高风险改动,需要 maintainer 负责 / Large or risky change requiring maintainer ownership.priority/p2中优先级 / Medium priority triage bucket.中优先级 / Medium priority triage bucket.triage/deferred暂留 backlog,由自动化定期重新评分 / Issue stays in backlog and is rescored by automation.暂留 backlog,由自动化定期重新评分 / Issue stays in backlog and is rescored by automation.
Description
Metadata
Metadata
Assignees
Labels
bugSomething isn't workingSomething isn't workingeffort/l大改动或高风险改动,需要 maintainer 负责 / Large or risky change requiring maintainer ownership.大改动或高风险改动,需要 maintainer 负责 / Large or risky change requiring maintainer ownership.priority/p2中优先级 / Medium priority triage bucket.中优先级 / Medium priority triage bucket.triage/deferred暂留 backlog,由自动化定期重新评分 / Issue stays in backlog and is rescored by automation.暂留 backlog,由自动化定期重新评分 / Issue stays in backlog and is rescored by automation.
Summary
当以超级管理员身份上传技能包时,发布流程看起来跳过了 skillhub-scanner 的安全扫描步骤。无论是扫描记录还是扫描报告都无法看到,而普通成员提交技能则会正常触发扫描并生成报告。这可能导致管理员在不知情的情况下发布包含潜在风险的技能包。
Steps To Reproduce
部署 SkillHub 并正确启用 skillhub-scanner(LLM 分析也已开启)。
使用超级管理员账号登录 Web UI。
上传一个新的 Skill 包并直接发布。
进入技能详情页或审核中心,查找该技能的扫描结果。
再次使用普通成员账号提交一个 Skill 包,观察扫描流程。
Expected Behavior
管理员上传技能时,同样应自动触发安全扫描,并在技能详情页展示扫描报告,与普通成员的行为一致。
Environment
No response
API Contract Impact
No response
Logs Or Screenshots
No response