Releases: flyzhenghao/skill-quality-gate
Releases · flyzhenghao/skill-quality-gate
v2.0.0 - Context-Aware Security Auditing
🎉 Major Release: Context-Aware Security Auditing
This release introduces intelligent context-aware security auditing that dramatically reduces false positives while maintaining security standards.
✨ Key Features
🎯 Context-Aware Detection
- File Type Recognition: Automatically distinguishes between documentation, scripts, and configuration files
- Code Block Detection: Identifies command examples in Markdown code blocks vs actual executable code
- Table Context: Recognizes commands in documentation tables as reference material
🛡️ Safety Framework Recognition
- Detects
safety_rules.mdand security documentation - Identifies safety commitments like "NEVER execute without confirmation"
- Recognizes risk level markers (🟢🟡🔴)
- Scoring: 0-100 points based on safety framework completeness
📊 Intelligent Risk Scoring
- Risk Adjustment: Automatically reduces risk scores for skills with proven safety frameworks
- Formula:
adjusted_risk = original_risk × (100 - safety_score) / 100 - Example: Skill with 100% safety framework → Risk reduced to 0
📈 Performance Improvements
Test Case: macos-cleaner skill
- v1.0: 20 CRITICAL + 77 HIGH = ⛔ Blocked
- v2.0: 0 CRITICAL + 1 HIGH → Risk 0 = ✅ Safe
False Positive Reduction: 98.9% (97 → 1 issues)
🔧 What's Changed
New Components
scripts/audit-skill-security.sh(v2.0) - Context-aware security audit script- New severity level: INFO for documentation references
- Safety framework detection system
Updated
scripts/assess-skill-quality.sh- Now uses v2 audit script- Security scoring algorithm with context awareness
Breaking Changes
- Requires
audit-skill-security-v2.shin~/.claude/scripts/ - If upgrading from v1.0, copy the new audit script to your global scripts directory
📦 Installation
# Option 1: Clone the repository
git clone https://github.com/flyzhenghao/skill-quality-gate.git ~/.claude/skills/skill-quality-gate
# Option 2: Download and install
# (Manual installation instructions)🚀 Usage
# Assess a skill's quality
bash ~/.claude/skills/skill-quality-gate/scripts/assess-skill-quality.sh /path/to/skill
# Security audit only
bash ~/.claude/scripts/audit-skill-security-v2.sh /path/to/skill🛡️ Security Audit Features
Context-Aware Detection:
- Documentation files → Lower severity (INFO/LOW)
- Code blocks in Markdown → Identified as examples
- Actual executable scripts → Full scrutiny
Safety Framework Scoring:
safety_rules.mdpresent: +30 points- "NEVER execute without confirmation": +30 points
- Security principles section: +20 points
- Risk markers (🟢🟡🔴): +20 points
📚 Documentation
- SKILL.md - Full documentation
- README.md - Quick start guide
- CHANGELOG.md - Version history
🙏 Acknowledgments
Developed with assistance from Claude Sonnet 4.5
Co-Authored-By: Claude Sonnet 4.5 noreply@anthropic.com
Full Changelog: v1.0.0...v2.0.0
Skill Quality Gate v1.0.0 - Initial Release
🎉 Initial Release
Pre-installation quality assessment and security audit system for Claude Code Skills.
Features
- ✅ 6-dimension quality assessment system
- ✅ Security audit integration
- ✅ Bilingual documentation (English + 中文)
- ✅ Configurable scoring rules
- ✅ Bash 3.x compatible
- ✅ MIT License
Quality Dimensions
- Code Quality (25%) - Structure, complexity, comments, best practices
- Documentation (20%) - SKILL.md completeness, examples, trigger conditions
- Security (30%) - Dangerous patterns, data exfiltration, privilege escalation
- Functionality (15%) - Dependencies, error handling, output formatting
- Maintainability (5%) - Version tracking, update frequency, repository health
- Community (5%) - Author reputation, installation count, official status
Installation
bash ~/.claude/skills/skill-quality-gate/scripts/assess-skill-quality.sh /path/to/skillSee README for full documentation.
What's Changed
- Initial release of Skill Quality Gate
- 6-dimension quality assessment system
- Core assessment script compatible with Bash 3.x+
- Integration with existing audit-skill-security.sh
- Comprehensive bilingual documentation
- Configurable scoring rules and security patterns
- Example reports and test scripts