Fix custom skill install permissions (#3241)

* Fix custom skill install permissions * Fix skill upload test portability * Keep custom skill writes sandbox readable * Clear sandbox write bits on skill permissions * Limit custom skill write permission updates
2026-06-11 09:55:59 +00:00 · 2026-05-28 15:48:32 +08:00
parent 0287240728
commit 8decfd327e
7 changed files with 210 additions and 0 deletions
@@ -13,6 +13,7 @@ import stat
 import zipfile
 from pathlib import Path, PurePosixPath, PureWindowsPath

+from deerflow.skills.permissions import make_skill_tree_sandbox_readable
 from deerflow.skills.security_scanner import scan_skill_content

 logger = logging.getLogger(__name__)
@@ -139,6 +140,7 @@ def _move_staged_skill_into_reserved_target(staging_target: Path, target: Path)
        reserved = True
        for child in staging_target.iterdir():
            shutil.move(str(child), target / child.name)
+        make_skill_tree_sandbox_readable(target)
        installed = True
    except FileExistsError as e:
        raise SkillAlreadyExistsError(f"Skill '{target.name}' already exists") from e