-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathconfig.yaml
More file actions
86 lines (80 loc) · 3.52 KB
/
Copy pathconfig.yaml
File metadata and controls
86 lines (80 loc) · 3.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# Scanner configuration. This is the only user-facing knob in the repo.
# Forking the scanner for your own catalogue is a single edit here plus
# enabling Actions and GitHub Pages on your fork.
# Schema version of THIS config file. Bumped when the shape changes.
config_version: 1
catalogue:
# Skills are declared by per-namespace README.md files under
# registry/<ns>/skills/ in the catalogue repo. Each README's
# frontmatter lists sources[].repo plus per-skill overrides. This is
# the canonical declaration; the in-tree .agents/skills/ format is
# supported in scanner/enumerate.py for forks that need it but is
# not enabled here because coder/registry duplicates the same
# upstream skills across both layouts under different slugs.
registry_repo:
owner: coder
repo: registry
ref: main
formats:
external_sources:
enabled: true
# Path glob, relative to the cloned catalogue. Each matched README
# has its frontmatter parsed for sources[].repo plus per-skill
# overrides keyed by slug.
readme_glob: registry/*/skills/README.md
scanners:
skillspector:
enabled: true
# Pin by commit SHA. Bumped manually via PR; the workflow's pip
# install reads this same pin so contributors do not have to keep
# the version in two places. Dependabot does not parse this file,
# so a bumper bot lives outside the loop until the upstream
# publishes to PyPI and the pin can move into pyproject.toml.
pin: "skillspector @ git+https://github.com/NVIDIA/SkillSpector.git@7bc9c0feb663375ced6e7436008d082e6e3486ea"
# Empty so .github/workflows/scan.yaml can append --no-llm
# dynamically based on whether the LLM credential secret is set.
flags: []
llm:
provider: anthropic
model: "claude-sonnet-4-6"
# Per-skill verdict policy. v1 has one input (SkillSpector risk_score).
# When more scanners join the pipeline we add new threshold fields here
# and a matching branch in scanner/verdict.py.
#
# Thresholds are aligned to SkillSpector's own severity bands so that the
# UI verdict matches the recommendation field SkillSpector returns:
#
# 0-20 LOW SAFE -> verdict: clean
# 21-50 MEDIUM CAUTION -> verdict: clean (advisory; see below)
# 51-80 HIGH DO_NOT_INSTALL -> verdict: suspicious
# 81-100 CRITICAL DO_NOT_INSTALL -> verdict: malicious
#
# Rationale: SkillSpector's static-analysis layer is loud on real
# catalogues (the ClawHub paper measured a ~49% positive rate on 67k
# skills) and is advisory rather than authoritative, so we only
# escalate above its HIGH cutoff. CAUTION-band findings still appear
# on the per-skill page so reviewers can see them; we just do not
# flag the skill as suspicious at the catalogue level.
verdict:
malicious_risk_score: 81
suspicious_risk_score: 51
publish:
# One GitHub Release per scan. The rolling `latest` tag is the floor
# the registry-server proxy falls back to when Pages is degraded.
release:
tag_format: "scan-{utc:%Y-%m-%dT%H-%MZ}"
rolling_tag: latest
retention_days: 90
# Public CDN-cached JSON via actions/deploy-pages. The site reads
# latest.json through a small proxy in coder/registry-server that
# caches for 5 minutes and lets Cloudflare hold stale for 10 more.
pages:
enabled: true
files:
latest: latest.json
history_dir: history
history_retention_days: 30
# The schedule fires at :17 past the hour, every 6 hours, to dodge the
# top-of-hour cron-drift cluster on shared GitHub-hosted runners.
schedule:
cron: "17 */6 * * *"