docs: add security check to key features

Author: yeasy

.gitignore

@@ -33,3 +33,4 @@ homebrew-tap/
 dist/
 .agent/
 .ask/
+ask.lock

.golangci.yml

@@ -0,0 +1,60 @@
+version: 2
+
+run:
+  timeout: 5m
+  tests: true
+
+linters-settings:
+  govet:
+    enable-all: true
+    disable:
+      - fieldalignment
+  misspell:
+    locale: US
+  revive:
+    rules:
+      - name: exported
+        severity: warning
+      - name: package-comments
+        severity: warning
+      - name: error-naming
+        severity: warning
+      - name: error-strings
+        severity: warning
+      - name: error-return
+        severity: warning
+      - name: var-naming
+        severity: warning
+      - name: context-keys-type
+        severity: warning
+      - name: time-naming
+        severity: warning
+      - name: unexported-return
+        severity: warning
+      - name: indent-error-flow
+        severity: warning
+      - name: blank-imports
+        severity: warning
+      - name: context-as-argument
+        severity: warning
+      - name: unused-parameter
+        severity: warning
+      - name: unreachable-code
+        severity: warning
+      - name: redefines-builtin-id
+        severity: warning
+
+linters:
+  disable-all: true
+  enable:
+    - govet
+    - staticcheck
+    - misspell
+    - revive
+    - ineffassign
+    - errcheck
+
+issues:
+  exclude-use-default: false
+  max-issues-per-linter: 0
+  max-same-issues: 0

CHANGELOG.md

@@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 - **Security Checks**: New `ask check` command to scan skills for secrets, dangerous commands, and suspicious files.
-- **Security Reports**: Generate detailed security reports in Markdown or HTML with `ask check --report <file>`.
+- **Values Reports**: Generate detailed security reports in Markdown, HTML, or JSON with `ask check -o <file>`.
 - **Entropy Analysis**: Smart secret detection using Shannon entropy to reduce false positives.
 
 ## [1.0.0-rc2] - 2026-01-24

CONTRIBUTING.md

@@ -20,7 +20,7 @@ By participating in this project, you agree to maintain a respectful and inclusi
 
 ### Prerequisites
 
-- Go 1.21 or higher
+- Go 1.24 or higher
 - Git
 - A GitHub account
 
@@ -195,7 +195,7 @@ Before submitting, ensure:
 - [ ] Code builds successfully (`make build`)
 - [ ] All tests pass (`make test`)
 - [ ] Code is formatted (`make fmt`)
-- [ ] No linter warnings (`make vet`)
+- [ ] No linter warnings (`make lint`)
 - [ ] Documentation is updated (if needed)
 - [ ] CHANGELOG.md is updated (if applicable)
 - [ ] Commit messages follow convention

README.md

@@ -17,7 +17,7 @@
   <a href="https://github.com/yeasy/ask/blob/main/LICENSE"><img src="https://img.shields.io/github/license/yeasy/ask?style=flat-square" alt="License"></a>
   <a href="https://github.com/yeasy/ask/stargazers"><img src="https://img.shields.io/github/stars/yeasy/ask?style=flat-square" alt="Stars"></a>
   <a href="https://goreportcard.com/report/github.com/yeasy/ask"><img src="https://goreportcard.com/badge/github.com/yeasy/ask?style=flat-square" alt="Go Report Card"></a>
-  <img src="https://img.shields.io/badge/Go-1.21+-00ADD8?style=flat-square&logo=go" alt="Go Version">
+  <img src="https://img.shields.io/badge/Go-1.24+-00ADD8?style=flat-square&logo=go" alt="Go Version">
 </p>
 
 <p align="center">
@@ -60,7 +60,8 @@ graph LR
 | **🤖 Multi-Agent** | Auto-detects and installs for **Claude** (`.claude/`), **Cursor** (`.cursor/`), **Codex** (`.codex/`), and more. |
 | **⚡ Blazing Fast** | Written in Go. Parallel downloads, sparse checkouts, and zero runtime dependencies. |
 | **🔌 Offline Mode** | Full offline support with `--offline`. Perfect for air-gapped or secure environments. |
-| **🌍 Global & Local** | Manage project-specific skills (`.agent/skills`) or user-wide tools (`~/.ask/skills`). |
+| **🌎 Global & Local** | Manage project-specific skills (`.agent/skills`) or user-wide tools (`~/.ask/skills`). |
+| **🛡️ Security Guard** | Built-in security scanner checks skills for secrets, dangerous commands, and malware using entropy analysis. |
 
 ## 🚀 Quick Start
 
@@ -99,10 +100,11 @@ ask install mcp-builder@v1.0.0
 
 # Install for specific agent
 ask install mcp-builder --agent claude
+ask install mcp-builder --agent claude cursor
 
 # Security Check
 ask check .
-ask check anthropics/mcp-builder --report report.html
+ask check anthropics/mcp-builder -o report.html
 ```
 
 ## 📋 Commands
@@ -170,6 +172,15 @@ my-project/
 - **Cursor**: `.cursor/skills/`
 - **Codex**: `.codex/skills/`
 
+## 🐞 Debugging
+
+To see detailed operational logs (scanning, updating, searching), set `ASK_LOG=debug`:
+
+```bash
+export ASK_LOG=debug
+ask skill install browser-use
+```
+
 ## 🤝 Contributing
 Contributions are welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for details.
 

README_zh.md

@@ -59,7 +59,8 @@ graph LR
 | **🤖 多 Agent 支持** | 自动检测并适配 **Claude** (`.claude/`)、**Cursor** (`.cursor/`)、**Codex** (`.codex/`) 等环境。 |
 | **⚡ 极速体验** | 纯 Go 语言编写。支持并发下载、稀疏检出 (Sparse Checkout)，无运行时依赖，毫秒级响应。 |
 | **🔌 离线模式** | 支持 `--offline` 离线模式，优先使用本地缓存，完美适配内网或安全受限环境。 |
-| **🌍 全局与本地** | 灵活支持项目级 (`.agent/skills`) 和用户级 (`~/.ask/skills`) 隔离管理。 |
+| **🌎 全局与本地** | 灵活支持项目级 (`.agent/skills`) 和用户级 (`~/.ask/skills`) 隔离管理。 |
+| **🛡️ 安全守卫** | 内置安全扫描引擎，通过熵值分析检测敏感信息泄漏、危险命令及恶意代码，为智能体保驾护航。 |
 
 ## 🚀 快速开始
 
@@ -102,7 +103,7 @@ ask install mcp-builder --agent claude
 
 # 安全检查
 ask check .
-ask check anthropics/mcp-builder --report report.html
+ask check anthropics/mcp-builder -o report.html
 ```
 
 ## 📋 命令参考

ask.lock

@@ -1,3 +1,4 @@
+// Package cmd provides the command line interface logic for ask.
 package cmd
 
 import (
@@ -17,7 +18,7 @@ var benchmarkCmd = &cobra.Command{
 	Use:   "benchmark",
 	Short: "Run performance benchmarks",
 	Long:  `Measure the performance of key CLI operations like search, list, and info.`,
-	Run: func(cmd *cobra.Command, args []string) {
+	Run: func(_ *cobra.Command, _ []string) {
 		fmt.Println("Running benchmarks...")
 		fmt.Println()