audit-fix

📁 mksteady/mkskills 📅 Today

总安装量

周安装量

#69639

全站排名

安装命令

npx skills add https://github.com/mksteady/mkskills --skill audit-fix

Agent 安装分布

opencode 2

claude-code 2

github-copilot 2

codex 2

kimi-cli 2

gemini-cli 2

Skill 文档

audit-fix (å®¡è®¡ä¿®å¤)

è§¦åæ¹å¼

/audit-fix <module-path>                    # ä¿®å¤æå®æ¨¡å
/audit-fix <module-path> --issues 1,3,5     # åªä¿®å¤æå® issue
/audit-fix <module-path> --dry-run          # é¢è§ä¿®å¤è®¡å
/audit-fix --batch <severity>               # æ¹éä¿®å¤æå®çº§å« (critical/high/medium/low)

æ ¸å¿çº¦æ

â ï¸ ä¸¥æ ¼éå¶: åªè½ä¿®æ¹ AUDIT.md ååºçæä»¶åè¡å· â ç¦æ¢: æ©å±ä¿®æ¹èå´ãéæå¶ä»ä»£ç ãæ·»å æ°åè½ã”é¡ºä¾¿”ä¼å â åè®¸: æ°å¢å¿è¦çå·¥å·å½æ°æä»¶ï¼å¦ path-utils.jsï¼

å·¥ä½æµç¨

Phase 1: è¯»åå®¡è®¡æ¥å

# æ£æ¥ AUDIT.md åå¨
cat <module-path>/AUDIT.md

# æä½¿ç¨èæ¬æ¥ç
node ~/.claude/skills/project-index/scripts/audit-archive.js <module-path> --show

è§£æåå®¹ï¼

Severity çº§å«
Issues åè¡¨ï¼æ¯ä¸ªæ File:Line, Description, Suggestionï¼

Phase 2: éä¸ªä¿®å¤

å¯¹æ¯ä¸ª issueï¼

è¯»åç®æ æä»¶ – å®ä½å°æå®è¡å·
çè§£é®é¢ – æ ¹æ® Description çè§£é£é©
åºç¨ä¿®å¤ – æ Suggestion å®ç°ï¼ä¿ææå°æ¹å¨
ç«å³å½æ¡£ – ä¿®å¤åç«å³å½æ¡£è¯¥ issue

# å½æ¡£åä¸ª issue
node ~/.claude/skills/project-index/scripts/audit-archive.js <module-path> <issue-id>

Phase 3: æ¸çä¸æäº¤

æäº¤ä»£ç  – åªæäº¤ä¿®æ¹çæºæä»¶ï¼AUDIT.md è¢« gitignoreï¼
æ´æ° CLAUDE.md:
- åè½æååï¼å¦æ°å¢åæ°ãæ¹åé»è®¤è¡ä¸ºï¼â ä¿®æ¹ CLAUDE.md åå®¹
- åè½æ ååï¼çº¯ bug ä¿®å¤ï¼â åªé touch CLAUDE.md æ´æ°æ¶é´æ³

# æäº¤æ ¼å¼
git commit -m "fix(<module>): resolve N security audit issues

- issue1: <brief description>
- issue2: <brief description>
...

BREAKING: <if any breaking changes>"

å¸¸è§é®é¢ç±»ååä¿®å¤æ¨¡å¼

1. path-traversal (è·¯å¾ç©¿è¶)

// Before
const absPath = p.startsWith('/') ? p : `${workDir}/${p}`;

// After
import path from 'path';
const resolved = path.resolve(workDir, p);
if (!resolved.startsWith(workDir + path.sep)) {
  throw new Error('Path traversal detected');
}

2. silent-catch (éé»æè·)

// Before
} catch { /* ignore */ }

// After
} catch (err) {
  return { error: err.message, available: false };
}

3. permission-bypass (æéç»è¿)

// Before
const defaultHandler = async () => 'allow-once';

// After
const defaultHandler = async () => 'deny';

4. browser-compat (æµè§å¨å¼å®¹)

// Before
workDir = process.cwd()

// After - è¦æ±æ¾å¼ä¼ å¥
if (!workDir) {
  throw new Error('workDir is required');
}

5. jsdoc (ææ¡£ç¼ºå¤±)

// Before
export function foo(x, y) { ... }

// After
/**
 * Brief description
 * @param {string} x - Description
 * @param {number} y - Description
 * @returns {boolean} Description
 */
export function foo(x, y) { ... }

6. event-naming (äºä»¶å½å)

// Before
emit('agent.step.completed', data);

// After
emit('agent:stepCompleted', data);

7. timeout-not-enforced (è¶æ¶æªå¼ºå¶)

// Before
const proc = spawn(cmd, args);

// After
const proc = spawn(cmd, args);
const timer = setTimeout(() => proc.kill('SIGTERM'), timeoutMs);
proc.on('exit', () => clearTimeout(timer));

æ¹éæ§è¡

æ¹å¼ 1: ç´æ¥å¹¶è¡ (æ Kanban)

ä½¿ç¨ Task å·¥å·å¹¶è¡ä¿®å¤å¤ä¸ªæ¨¡åï¼

// Claude ä¼è¯ä¸æ§è¡ï¼å»ºè®® 6-8 å¹¶åï¼
const modules = ['js/agents/core', 'js/agents/runtime', ...];
// 7 ä¸ª Task å·¥å·å¹¶è¡è°ç¨ï¼æ¯ä¸ª run_in_background: true

æ¹å¼ 2: åå¯¼å¥ Kanban åæ¹é

# 1. å¯¼å¥å®¡è®¡ä»»å¡å° Kanban
node ~/.claude/skills/audit-fix/import-to-kanban.js

# æåªå¯¼å¥ CRITICAL
node ~/.claude/skills/audit-fix/import-to-kanban.js --severity=critical

# é¢è§æ¨¡å¼
node ~/.claude/skills/audit-fix/import-to-kanban.js --dry-run

# 2. æ¥çå¯¼å¥çä»»å¡
node ~/.claude/skills/kanban/kanban-cli.js list --status=todo

# 3. æ¹éæ§è¡
/kanban-batch --priority=0

æ£æ¥åå°ä»»å¡è¿åº¦

# æ¥çææåå°ä»»å¡
ls /tmp/claude/*/tasks/*.output

# æ¥çåä¸ªä»»å¡è¾åº
tail -50 /tmp/claude/-mnt-f-pb-paper-burner/tasks/<agent-id>.output

# æ£æ¥å®¡è®¡ä¿®å¤ç¶æ
node ~/.claude/skills/project-index/scripts/audit-status.js

Kanban éæ

æ¹å¼ 1: CLI åå»ºä»»å¡

CLI="$HOME/.claude/skills/kanban/kanban-cli.js"

# åå»ºå®¡è®¡ä»»å¡
node "$CLI" add "[AUDIT] js/agents/core/sandbox/system (7 issues)" \
  --priority=0 \
  --tags=type/audit,severity/critical \
  --description="ä¿®å¤ AUDIT.md ä¸ç 7 ä¸ªå®å¨é®é¢"

# æ¥çå¾å
node "$CLI" list --status=todo

æ¹å¼ 2: ä½¿ç¨ kanban-implement

# è®¤é¢ä»»å¡å¹¶å¨ç¬ç« worktree ä¸ä¿®å¤
/kanban-implement <task-id>

Worktree éç¦»çå¥½å¤ï¼

å¹¶è¡ä¿®å¤å¤ä¸ªæ¨¡åäºä¸å¹²æ°
ä¿®å¤å¤±è´¥å¯ç´æ¥ä¸¢å¼åæ¯
ä¾¿äº code review

æ¹å¼ 3: æ¹éç¼æ (kanban-batch)

# æææ CRITICAL å®¡è®¡é®é¢å¯¼å¥ Kanban å
/kanban-batch --priority=0

èªå¨åæä¾èµå³ç³»ï¼å¹¶è¡æ§è¡æ ä¾èµçä»»å¡ã

ä»»å¡ç¶ææ´æ°

# å¼å§ä»»å¡
node "$CLI" start <id>

# å®æä»»å¡
node "$CLI" done <id>

æ¨èå·¥ä½æµ

1. audit-status.js æ£æ¥é®é¢åå¸
   â
2. CLI åå»º Kanban ä»»å¡ (P0=CRITICAL, P1=HIGH...)
   â
3. /kanban-batch ææå¨ /kanban-implement
   â
4. æ¯ä¸ªæ¨¡åä¿®å¤åï¼
   - audit-archive.js å½æ¡£
   - git commit
   - node "$CLI" done <id>

éªè¯æ¸å

ä¿®å¤å®æåæ£æ¥ï¼

ææ issues å·²å½æ¡£ (--show è¿å Issues: 0)
ä»£ç å·²æäº¤ï¼ä¸å« AUDIT.mdï¼
CLAUDE.md æ¶é´æ³å·²æ´æ°
æ å¼å¥æ°ç lint/type éè¯¯
Breaking changes å·²å¨ commit message è¯´æ

ä¾èµ

~/.claude/skills/project-index/scripts/audit-archive.js – å½æ¡£èæ¬
~/.claude/skills/project-index/scripts/audit-status.js – ç¶ææ£æ¥

åè

/project-index – ç´¢å¼ç®¡ç
/js-agents-entropy-scan – çæå®¡è®¡æ¥å

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台

audit-fix

Agent 安装分布

Skill 文档

audit-fix (å®¡è®¡ä¿®å¤)

è§¦åæ¹å¼

æ ¸å¿çº¦æ

å·¥ä½æµç¨

Phase 1: è¯»åå®¡è®¡æ¥å

Phase 2: éä¸ªä¿®å¤

Phase 3: æ¸ çä¸æäº¤

å¸¸è§é®é¢ç±»ååä¿®å¤æ¨¡å¼

1. path-traversal (è·¯å¾ç©¿è¶)

2. silent-catch (éé»æè·)

3. permission-bypass (æéç»è¿)

4. browser-compat (æµè§å¨å ¼å®¹)

5. jsdoc (ææ¡£ç¼ºå¤±)

6. event-naming (äºä»¶å½å)

7. timeout-not-enforced (è¶ æ¶æªå¼ºå¶)

æ¹éæ§è¡

æ¹å¼ 1: ç´æ¥å¹¶è¡ (æ Kanban)

æ¹å¼ 2: å å¯¼å ¥ Kanban åæ¹é

æ£æ¥åå°ä»»å¡è¿åº¦

Kanban éæ

æ¹å¼ 1: CLI åå»ºä»»å¡

æ¹å¼ 2: ä½¿ç¨ kanban-implement

æ¹å¼ 3: æ¹éç¼æ (kanban-batch)

ä»»å¡ç¶ææ´æ°

æ¨èå·¥ä½æµ

éªè¯æ¸ å

ä¾èµ

åè