fix: checkup report improvements and severity correction (#6, #10-#14, #16, #18, #19)#29
Merged
0xbeekeeper merged 4 commits intomainfrom Apr 6, 2026
Merged
Conversation
…coverage - Auto-detect Chinese from analysis content and apply zh locale on load (#12) - Fix Windows `start` command needing empty title to avoid cmd popup (#11, #14) - Skip browser open for headless/bot environments (Qclaw, OpenClaw, CI) (#14) - Increase process exit timeout from 2s to 3s for slower systems (#11) - Mark all 7 data collection checks as [REQUIRED] in SKILL.md (#10) - Add pre-Step-4 validation checklist to ensure all dimensions have data (#10) - Make Step 5 terminal summary mandatory with explicit instructions (#11) - Add dimension→check mapping so models understand the full pipeline (#10, #13) Closes #10, Closes #11, Closes #12, Closes #13, Closes #14 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ility (#16) - Add --file <path> argument to read JSON from file instead of stdin - Update SKILL.md to use Write tool + --file method (avoids Windows cmd.exe single-quote issue where echo '<json>' outputs literal quotes) - Add Write to allowed-tools for temp JSON file creation - Keep stdin pipe as fallback for backward compatibility Closes #16 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
#18, #19) - Clarify Dimension 1 uses deductive scoring (base 100 minus findings) - Clarify Dimensions 2-5 use additive scoring (start at 0, add points) - Rename column headers to "Points if PASS" / "If FAIL" for clarity - Add scoring example for Dimension 3 (network exposure) (#19) - Add explicit composite score formula with and without Web3 (#18) - Add tier assignment table with exact thresholds (#18) - Add worked example showing full calculation → tier assignment Closes #17, Closes #18, Closes #19 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Pressure language combined with command execution instructions is a direct attack vector, not a medium-risk informational finding. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This was referenced Apr 6, 2026
Closed
Closed
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
SOCIAL_ENGINEERINGrule severity from MEDIUM → HIGH (pressure language + command execution is a direct attack vector)[REQUIRED]in SKILL.md with dimension→check mapping; add pre-scoring validation checkliststartcommand (needsstart ""with empty title); increase exit timeout to 3s--fileflag to checkup-report.js for cross-platform compatibility (avoids stdin pipe issues on Windows)Files changed
src/scanner/rules/trojan.tsmedium→highskills/agentguard/scan-rules.mdskills/agentguard/SKILL.mdskills/agentguard/scripts/checkup-report.jsstart ""fix, headless env detection,--fileflag, 3s timeoutTest plan
npm run build— compiles cleanlynpm test— all 134 tests passSOCIAL_ENGINEERINGseverity ishighin source and docsstart ""opens browser without cmd popupCloses #6, Closes #10, Closes #11, Closes #12, Closes #13, Closes #14, Closes #16, Closes #18, Closes #19
🤖 Generated with Claude Code