vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 09:40:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: skip test-only plugin install scan findings

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-27 15:00:50 +01:00
parent 82b4049744
commit d69eeeb2a8
6 changed files with 133 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/tools/plugin.md
View File

@@ -412,6 +412,10 @@ marketplace installs persist marketplace source metadata instead of an npm spec.
positives from the built-in dangerous-code scanner. It allows plugin installs
and plugin updates to continue past built-in `critical` findings, but it still
does not bypass plugin `before_install` policy blocks or scan-failure blocking.
Install scans ignore common test files and directories such as `tests/`,
`__tests__/`, `*.test.*`, and `*.spec.*` to avoid blocking packaged test mocks;
declared plugin runtime entrypoints are still scanned even if they use one of
those names.
This CLI flag applies to plugin install/update flows only. Gateway-backed skill
dependency installs use the matching `dangerouslyForceUnsafeInstall` request