skill-checker 0.1.15 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +24 -1
- package/dist/cli.js +447 -28
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +58 -1
- package/dist/index.js +450 -27
- package/dist/index.js.map +1 -1
- package/package.json +3 -2
package/README.md
CHANGED
|
@@ -14,7 +14,7 @@ Security checker for Claude Code skills — detect injection, malicious code, an
|
|
|
14
14
|
|
|
15
15
|
## Security Standard & Benchmark
|
|
16
16
|
|
|
17
|
-
Skill Checker's 57 rules are aligned with established security frameworks including OWASP Top 10 for LLM Applications (2025), MITRE CWE, and MITRE ATT&CK. The tool ships with a reproducible benchmark dataset of
|
|
17
|
+
Skill Checker's 57 rules are aligned with established security frameworks including OWASP Top 10 for LLM Applications (2025), MITRE CWE, and MITRE ATT&CK. The tool ships with a reproducible benchmark dataset of nine fixture skills covering all rule categories. This alignment is an internal mapping exercise — Skill Checker does not claim third-party certification or external audit status.
|
|
18
18
|
|
|
19
19
|
See [docs/SECURITY_BENCHMARK.md](docs/SECURITY_BENCHMARK.md) for the full rule mapping matrix, benchmark methodology, scoring model, and known limitations.
|
|
20
20
|
|
|
@@ -42,6 +42,7 @@ skill-checker scan <path> [options]
|
|
|
42
42
|
| `-f, --format <format>` | Output format: `terminal` (default), `json`, `hook` |
|
|
43
43
|
| `-p, --policy <policy>` | Approval policy: `strict`, `balanced` (default), `permissive` |
|
|
44
44
|
| `-c, --config <path>` | Path to config file |
|
|
45
|
+
| `--no-ignore` | Disable inline suppression comments |
|
|
45
46
|
|
|
46
47
|
```bash
|
|
47
48
|
# Colored terminal report
|
|
@@ -149,6 +150,28 @@ ignore:
|
|
|
149
150
|
|
|
150
151
|
Config is resolved in order: CLI `--config` flag → project directory (walks up) → home directory → defaults.
|
|
151
152
|
|
|
153
|
+
### Inline Suppression
|
|
154
|
+
|
|
155
|
+
Suppress specific findings directly in SKILL.md using comments:
|
|
156
|
+
|
|
157
|
+
```markdown
|
|
158
|
+
<!-- skill-checker-ignore CODE-002 -->
|
|
159
|
+
Run `soffice --convert-to pdf` to convert documents.
|
|
160
|
+
|
|
161
|
+
<!-- skill-checker-ignore-file CONT-001 -->
|
|
162
|
+
|
|
163
|
+
subprocess.run("soffice") // skill-checker-ignore CODE-002
|
|
164
|
+
```
|
|
165
|
+
|
|
166
|
+
- `<!-- skill-checker-ignore RULE -->` suppresses the finding on the next line only
|
|
167
|
+
- `<!-- skill-checker-ignore-file RULE -->` suppresses the finding for the entire file
|
|
168
|
+
- `// skill-checker-ignore RULE` as a trailing comment suppresses the finding on the same line
|
|
169
|
+
- Multiple rules can be space-separated: `<!-- skill-checker-ignore CODE-002 CONT-001 -->`
|
|
170
|
+
- **INJ rules cannot be suppressed** — attempts produce a warning
|
|
171
|
+
- Directives only affect findings from the same source file (no cross-file suppression)
|
|
172
|
+
- Suppressed findings are excluded from scoring but remain visible in the report
|
|
173
|
+
- Use `--no-ignore` to disable all inline suppression
|
|
174
|
+
|
|
152
175
|
### Policy Matrix
|
|
153
176
|
|
|
154
177
|
| Severity | strict | balanced | permissive |
|