fix(skills): scan skill archives before install (#2561)

* fix(skills): scan skill archives before install Fixes #2536 * fix(skills): scan archive support files before install * style(skills): format archive installer * fix(skills): address archive install review comments
2026-05-21 07:26:50 +00:00 · 2026-04-28 11:56:11 +08:00
parent f7dfb88a30
commit 707ed328dd
7 changed files with 400 additions and 9 deletions
@@ -522,6 +522,15 @@ class TestArtifactAccess:
 class TestSkillInstallation:
    """install_skill() with real ZIP handling and filesystem."""

+    @pytest.fixture(autouse=True)
+    def _allow_skill_security_scan(self, monkeypatch):
+        async def _scan(*args, **kwargs):
+            from deerflow.skills.security_scanner import ScanResult
+
+            return ScanResult(decision="allow", reason="ok")
+
+        monkeypatch.setattr("deerflow.skills.installer.scan_skill_content", _scan)
+
    @pytest.fixture(autouse=True)
    def _isolate_skills_dir(self, tmp_path, monkeypatch):
        """Redirect skill installation to a temp directory."""