APEX/BrowserUse_and_ComputerUse_skills
5
0
Fork 0
Code Issues 6 Pull requests 1 Projects 1 Releases Packages Wiki Activity Actions

fix: prevent --force from overriding dangerous verdict in should_allow_install

Browse source 
The docstring states --force should never override dangerous verdicts,
but the condition `if result.verdict == "dangerous" and not force`
allowed force=True to skip the early return. Execution then fell
through to `if force: return True`, bypassing the policy block.

Removed `and not force` so dangerous skills are always blocked
regardless of the --force flag.
This commit is contained in:
Farukest 2026-03-04 18:10:18 +03:00
parent 70a0a5ff4a
commit 4805be0119
No known key found for this signature in database
GPG key ID: 73E2756B3FFF5241
3 changed files with 113 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tools/skills_guard.py
View file

@ -650,7 +650,7 @@ def should_allow_install(result: ScanResult, force: bool = False) -> Tuple[bool,
Returns:
(allowed, reason) tuple
"""
if result.verdict == "dangerous" and not force:
if result.verdict == "dangerous":
return False, f"Scan verdict is DANGEROUS ({len(result.findings)} findings). Blocked."
policy = INSTALL_POLICY.get(result.trust_level, INSTALL_POLICY["community"])