From 0f8215f6333b5ac6f3961cada5903ab36b18756a Mon Sep 17 00:00:00 2001 From: sprmn24 Date: Fri, 27 Mar 2026 00:08:02 +0300 Subject: [PATCH] fix(security): correct verdict logic and enforce --force limitation in skills_guard - _determine_verdict() returned 'caution' for medium/low-only findings, causing community skills with harmless patterns (e.g. path traversal notation, unpinned pip install) to be incorrectly blocked. Now returns 'safe' when only medium/low severity findings are present. - should_allow_install() allowed --force to override 'dangerous' verdict, contradicting documented behavior that --force does NOT override dangerous scan results. Added explicit check to prevent force-installing skills with dangerous verdict. --- tools/skills_guard.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/skills_guard.py b/tools/skills_guard.py index 473d7273170..4eb275c4b3c 100644 --- a/tools/skills_guard.py +++ b/tools/skills_guard.py @@ -661,7 +661,7 @@ def should_allow_install(result: ScanResult, force: bool = False) -> Tuple[bool, if decision == "allow": return True, f"Allowed ({result.trust_level} source, {result.verdict} verdict)" - if force: + if force and result.verdict != "dangerous": return True, ( f"Force-installed despite {result.verdict} verdict " f"({len(result.findings)} findings)" @@ -932,7 +932,8 @@ def _determine_verdict(findings: List[Finding]) -> str: return "dangerous" if has_high: return "caution" - return "caution" + # medium/low findings alone are informational, not blocking + return "safe" def _build_summary(name: str, source: str, trust: str, verdict: str, findings: List[Finding]) -> str: