Lines 23-113javascript
25async function searchSkills(q, site) {
26 const params = new URLSearchParams();
27 if (q) params.set("q", q);
28 if (site) params.set("site", site);
29 const qs = params.toString();
30 const data = await getJSON(
31 `${API_BASE}/v1/skills${qs ? `?${qs}` : ""}`
33 return data.skills ?? [];
35function getManifest(name) {
36 return getJSON(`${API_BASE}/v1/skills/${name}/files`);
38async function fetchBinary(url) {
39 const res = await fetch(url);
40 if (!res.ok) throw new HttpError(res.status, url, res.statusText);
41 return new Uint8Array(await res.arrayBuffer());
43async function fetchText(url) {
44 const res = await fetch(url);
45 if (!res.ok) throw new HttpError(res.status, url, res.statusText);
50import { spawn } from "child_process";
51import { mkdir, mkdtemp, rename, rm, writeFile } from "fs/promises";
HighChild Process
Package source references child process execution.
dist/index.jsView on unpkg · L49 52import { dirname, join as join2 } from "path";
55import { homedir } from "os";
56import { join } from "path";
57var BMEM_HOME = process.env.BMEM_HOME ?? join(process.env.XDG_CONFIG_HOME ?? join(homedir(), ".config"), "bmem");
58var BMEM_SKILLS_DIR = join(BMEM_HOME, "skills");
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L43 61function parseSkillId(raw) {
62 const parts = raw.split("/").filter(Boolean);
63 if (raw.includes("\\") || parts.length < 1 || parts.length > 2 || parts.some((s) => s === "." || s === "..")) {
64 throw new Error(`invalid skill id "${raw}". Use <site> or <site>/<task>.`);
66 const [domain, task = ""] = parts;
67 return { domain, task, id: parts.join("/") };
69async function downloadSkill(id) {
73 await mkdir(parent, { recursive: true });
74 const tmp = await mkdtemp(join2(parent, `.${id.domain}-`));
76 for (const file of manifest.files) {
77 const bytes = await fetchBinary(file.url);
78 const out = join2(tmp, file.path);
79 await mkdir(dirname(out), { recursive: true });
80 await writeFile(out, bytes);
82 await rm(installPath, { recursive: true, force: true });
83 await rename(tmp, installPath);
85 await rm(tmp, { recursive: true, force: true });
90async function runSkillsAdd(path, extraArgs = []) {
91 const code = await spawnInherit("npx", ["--yes", "skills", "add", path, ...extraArgs]);
94 `\`npx skills add\` exited with code ${code}. Make sure Node.js/npx is installed (https://nodejs.org).`
98function spawnInherit(cmd, args) {
99 return new Promise((resolve) => {
100 const child = spawn(cmd, args, { stdio: "inherit" });
101 child.on("error", () => resolve(1));
HighRuntime Package Install
Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L93 102 child.on("close", (code) => resolve(code ?? 0));
106// src/commands/add.ts
107async function addCommand(name) {
108 const id = parseSkillId(name);
111 installPath = await downloadSkill(id);
113 if (err instanceof HttpError && err.status === 404) {