skill-checker 0.1.16 → 0.5.0

package/README.md

@@ -14,7 +14,7 @@ Security checker for Claude Code skills — detect injection, malicious code, an
 
 ## Security Standard & Benchmark
 
-Skill Checker's 57 rules are aligned with established security frameworks including OWASP Top 10 for LLM Applications (2025), MITRE CWE, and MITRE ATT&CK. The tool ships with a reproducible benchmark dataset of six fixture skills covering all rule categories. This alignment is an internal mapping exercise — Skill Checker does not claim third-party certification or external audit status.
+Skill Checker's 57 rules are aligned with established security frameworks including OWASP Top 10 for LLM Applications (2025), MITRE CWE, and MITRE ATT&CK. The tool ships with a reproducible benchmark dataset of nine fixture skills covering all rule categories. This alignment is an internal mapping exercise — Skill Checker does not claim third-party certification or external audit status.
 
 See [docs/SECURITY_BENCHMARK.md](docs/SECURITY_BENCHMARK.md) for the full rule mapping matrix, benchmark methodology, scoring model, and known limitations.
 
@@ -42,6 +42,7 @@ skill-checker scan <path> [options]
 | `-f, --format <format>` | Output format: `terminal` (default), `json`, `hook` |
 | `-p, --policy <policy>` | Approval policy: `strict`, `balanced` (default), `permissive` |
 | `-c, --config <path>` | Path to config file |
+| `--no-ignore` | Disable inline suppression comments |
 
 ```bash
 # Colored terminal report
@@ -149,6 +150,28 @@ ignore:
 
 Config is resolved in order: CLI `--config` flag → project directory (walks up) → home directory → defaults.
 
+### Inline Suppression
+
+Suppress specific findings directly in SKILL.md using comments:
+
+```markdown
+<!-- skill-checker-ignore CODE-002 -->
+Run `soffice --convert-to pdf` to convert documents.
+
+<!-- skill-checker-ignore-file CONT-001 -->
+
+subprocess.run("soffice") // skill-checker-ignore CODE-002
+```
+
+- `<!-- skill-checker-ignore RULE -->` suppresses the finding on the next line only
+- `<!-- skill-checker-ignore-file RULE -->` suppresses the finding for the entire file
+- `// skill-checker-ignore RULE` as a trailing comment suppresses the finding on the same line
+- Multiple rules can be space-separated: `<!-- skill-checker-ignore CODE-002 CONT-001 -->`
+- **INJ rules cannot be suppressed** — attempts produce a warning
+- Directives only affect findings from the same source file (no cross-file suppression)
+- Suppressed findings are excluded from scoring but remain visible in the report
+- Use `--no-ignore` to disable all inline suppression
+
 ### Policy Matrix
 
 | Severity | strict | balanced | permissive |

package/dist/cli.js

@@ -568,7 +568,8 @@ var contentChecks = {
           /\bplaceholder\b.*\b(TITLE|SUBTITLE|BODY|OBJECT|SLIDE|layout|slide|shape|pptx|presentation)/i.test(line) || /\b(TITLE|SUBTITLE|BODY|OBJECT|SLIDE|layout|slide|shape|pptx|presentation)\b.*\bplaceholder\b/i.test(line) || // API/code context: placeholder as a noun in technical documentation
           /\bplaceholder\s+(areas?|locations?|counts?|slots?|elements?|fields?)\b/i.test(line) || /\b(replace|replacing|replacement)\b.*\bplaceholder\b/i.test(line)
         );
-        if (!inCodeBlk && !hasInlineCode && !isTechnicalRef) {
+        const isInstructional = /\b(?:create|generate|add|write|insert|produce|include|use)\b.*\bplaceholder\b/i.test(line) || /\bplaceholder\b.*\b(?:for|in|to|as|with)\s+(?:all|each|every|the|missing)\b/i.test(line);
+        if (!inCodeBlk && !hasInlineCode && !isTechnicalRef && !isInstructional) {
           for (const pattern of CONTEXT_SENSITIVE_PLACEHOLDER_PATTERNS) {
             if (pattern.test(line)) {
               matched = true;
@@ -576,6 +577,26 @@ var contentChecks = {
             }
           }
         }
+        if (!matched && isInstructional && !inCodeBlk && !hasInlineCode && !isTechnicalRef) {
+          for (const pattern of CONTEXT_SENSITIVE_PLACEHOLDER_PATTERNS) {
+            if (pattern.test(line)) {
+              const reduction = reduceSeverity("HIGH", "instructional placeholder context");
+              results.push({
+                id: "CONT-001",
+                category: "CONT",
+                severity: reduction.severity,
+                title: "Placeholder content detected",
+                message: `Line ${skill.bodyStartLine + i}: Contains placeholder text. ${reduction.annotation}`,
+                line: skill.bodyStartLine + i,
+                snippet: line.trim().slice(0, 120),
+                reducedFrom: reduction.reducedFrom,
+                source: "SKILL.md"
+              });
+              break;
+            }
+          }
+          continue;
+        }
       }
       if (matched) {
         results.push({
@@ -1052,7 +1073,8 @@ var injectionChecks = {
             title: "System prompt override attempt",
             message: `Line ${lineNum}: Attempts to override system instructions.`,
             line: lineNum,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
           break;
         }
@@ -1066,7 +1088,8 @@ var injectionChecks = {
             title: "Tool output manipulation",
             message: `Line ${lineNum}: Attempts to manipulate tool results.`,
             line: lineNum,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
           break;
         }
@@ -1080,7 +1103,8 @@ var injectionChecks = {
             title: "Tag injection detected",
             message: `Line ${lineNum}: Contains special model/system tags.`,
             line: lineNum,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
           break;
         }
@@ -1094,7 +1118,8 @@ var injectionChecks = {
             title: "Delimiter confusion pattern",
             message: `Line ${lineNum}: Uses patterns that could confuse model context boundaries.`,
             line: lineNum,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
           break;
         }
@@ -1111,7 +1136,8 @@ var injectionChecks = {
             title: "Social engineering: identity hijacking",
             message: `Line ${lineNum}: Attempts to hijack the model's identity.`,
             line: lineNum,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
           break;
         }
@@ -1125,7 +1151,8 @@ var injectionChecks = {
             title: "Social engineering: deception/secrecy",
             message: `Line ${lineNum}: Instructs the model to hide actions from the user.`,
             line: lineNum,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
           break;
         }
@@ -1139,7 +1166,8 @@ var injectionChecks = {
             title: "Social engineering: configuration tampering",
             message: `Line ${lineNum}: Attempts to tamper with model configuration or memory.`,
             line: lineNum,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
           break;
         }
@@ -1153,7 +1181,8 @@ var injectionChecks = {
             title: "Social engineering: verification bypass",
             message: `Line ${lineNum}: Attempts to bypass verification or validation.`,
             line: lineNum,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
           break;
         }
@@ -1172,7 +1201,8 @@ var injectionChecks = {
           title: "Hidden instructions in HTML comment",
           message: `Line ${lineNum}: HTML comment contains instruction-like content.`,
           line: lineNum,
-          snippet: commentBody.trim().slice(0, 120)
+          snippet: commentBody.trim().slice(0, 120),
+          source: "SKILL.md"
         });
       }
     }
@@ -1191,7 +1221,8 @@ var injectionChecks = {
             title: "Encoded instructions detected",
             message: `Line ${lineNum}: Base64 string decodes to instruction-like content.`,
             line: lineNum,
-            snippet: decoded.slice(0, 120)
+            snippet: decoded.slice(0, 120),
+            source: "SKILL.md"
           });
         }
       }
@@ -2326,7 +2357,8 @@ var resourceChecks = {
             title: "Instruction amplification",
             message: `Line ${lineNum}: Contains recursive/repetitive task pattern.`,
             line: lineNum,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
           break;
         }
@@ -2340,7 +2372,8 @@ var resourceChecks = {
             title: "Unrestricted tool access requested",
             message: `Line ${lineNum}: Requests broad/unrestricted tool access.`,
             line: lineNum,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
           break;
         }
@@ -2354,7 +2387,8 @@ var resourceChecks = {
             title: "Attempts to disable safety checks",
             message: `Line ${lineNum}: Instructs disabling of safety mechanisms.`,
             line: lineNum,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
           break;
         }
@@ -2368,7 +2402,8 @@ var resourceChecks = {
             title: "Token waste pattern",
             message: `Line ${lineNum}: Contains instructions that waste tokens.`,
             line: lineNum,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
           break;
         }
@@ -2382,7 +2417,8 @@ var resourceChecks = {
             title: "Attempts to ignore project rules",
             message: `Line ${lineNum}: Instructs ignoring CLAUDE.md or project configuration.`,
             line: lineNum,
-            snippet: line.trim().slice(0, 120)
+            snippet: line.trim().slice(0, 120),
+            source: "SKILL.md"
           });
           break;
         }
@@ -2648,6 +2684,344 @@ function runAllChecks(skill) {
   return results;
 }
 
+// src/suppression.ts
+var RULE_ID_RE = /^[A-Z]+-\d{3}$/;
+var NEXT_LINE_RE = /^<!--\s*skill-checker-ignore\s+([\w-]+(?:\s+[\w-]+)*)\s*-->$/;
+var FILE_LEVEL_RE = /^<!--\s*skill-checker-ignore-file\s+([\w-]+(?:\s+[\w-]+)*)\s*-->$/;
+var INLINE_COMMENT_RE = /\/\/\s*skill-checker-ignore\s+([\w-]+(?:\s+[\w-]+)*)\s*$/;
+function parseSuppressionDirectives(rawLines, source = "SKILL.md") {
+  const directives = [];
+  for (let i = 0; i < rawLines.length; i++) {
+    const trimmed = rawLines[i].trim();
+    const lineNum = i + 1;
+    const nextMatch = NEXT_LINE_RE.exec(trimmed);
+    if (nextMatch) {
+      const ruleIds = nextMatch[1].split(/\s+/);
+      directives.push({ ruleIds, scope: "next-line", line: lineNum, source });
+      continue;
+    }
+    const fileMatch = FILE_LEVEL_RE.exec(trimmed);
+    if (fileMatch) {
+      const ruleIds = fileMatch[1].split(/\s+/);
+      directives.push({ ruleIds, scope: "file", line: lineNum, source });
+      continue;
+    }
+    const inlineMatch = INLINE_COMMENT_RE.exec(rawLines[i]);
+    if (inlineMatch) {
+      const ruleIds = inlineMatch[1].split(/\s+/);
+      directives.push({ ruleIds, scope: "same-line", line: lineNum, source });
+    }
+  }
+  return directives;
+}
+function isInjRule(ruleId) {
+  return ruleId.startsWith("INJ-");
+}
+function applySuppressions(results, directives, bodyStartLine) {
+  const warnings = [];
+  const usedDirectiveRules = /* @__PURE__ */ new Set();
+  for (const d of directives) {
+    for (const ruleId of d.ruleIds) {
+      if (!RULE_ID_RE.test(ruleId)) {
+        warnings.push(`Invalid suppression: ${ruleId} at line ${d.line}`);
+      } else if (isInjRule(ruleId)) {
+        warnings.push(`Cannot suppress INJ rule: ${ruleId} at line ${d.line} (security policy)`);
+      }
+    }
+  }
+  const active = [];
+  const suppressed = [];
+  for (const result of results) {
+    let isSuppressed = false;
+    if (!isInjRule(result.id)) {
+      for (const d of directives) {
+        if (!d.ruleIds.includes(result.id)) continue;
+        if (!RULE_ID_RE.test(result.id)) continue;
+        if (result.source !== void 0 && result.source !== d.source) continue;
+        if (result.source === void 0 && d.source !== "SKILL.md") continue;
+        if (d.scope === "next-line") {
+          const rawTarget = d.line + 1;
+          const bodyTarget = bodyStartLine !== void 0 ? rawTarget - bodyStartLine + 1 : void 0;
+          if (result.line !== void 0 && (result.line === rawTarget || bodyTarget !== void 0 && result.line === bodyTarget)) {
+            isSuppressed = true;
+            usedDirectiveRules.add(`${d.line}:${result.id}`);
+            break;
+          }
+        } else if (d.scope === "same-line") {
+          const rawTarget = d.line;
+          const bodyTarget = bodyStartLine !== void 0 ? rawTarget - bodyStartLine + 1 : void 0;
+          if (result.line !== void 0 && (result.line === rawTarget || bodyTarget !== void 0 && result.line === bodyTarget)) {
+            isSuppressed = true;
+            usedDirectiveRules.add(`${d.line}:${result.id}`);
+            break;
+          }
+        } else if (d.scope === "file") {
+          isSuppressed = true;
+          usedDirectiveRules.add(`${d.line}:${result.id}`);
+          break;
+        }
+      }
+    }
+    if (isSuppressed) {
+      suppressed.push({ ...result, suppressed: true });
+    } else {
+      active.push(result);
+    }
+  }
+  for (const d of directives) {
+    for (const ruleId of d.ruleIds) {
+      if (!RULE_ID_RE.test(ruleId)) continue;
+      if (isInjRule(ruleId)) continue;
+      const key = `${d.line}:${ruleId}`;
+      if (!usedDirectiveRules.has(key)) {
+        warnings.push(`Unused suppression: ${ruleId} at line ${d.line}`);
+      }
+    }
+  }
+  return { active, suppressed, warnings };
+}
+
+// src/remediation.ts
+var REMEDIATION_MAP = {
+  // ===== STRUCT =====
+  "STRUCT-001": {
+    guidance: "Create a SKILL.md file in the skill directory with valid YAML frontmatter and a body section.",
+    effort: "low"
+  },
+  "STRUCT-002": {
+    guidance: "Fix the YAML frontmatter syntax. Ensure it is enclosed between --- delimiters and contains valid YAML.",
+    effort: "low"
+  },
+  "STRUCT-003": {
+    guidance: "Add a `name` field to the frontmatter, e.g. `name: my-skill`.",
+    effort: "low"
+  },
+  "STRUCT-004": {
+    guidance: "Add a `description` field to the frontmatter explaining what the skill does.",
+    effort: "low"
+  },
+  "STRUCT-005": {
+    guidance: "Expand the body section with meaningful instructions. A skill body should describe the workflow and expected behavior.",
+    effort: "medium"
+  },
+  "STRUCT-006": {
+    guidance: "Remove binary, executable, or script files from the skill directory. Skills should contain only text-based configuration and documentation.",
+    effort: "low"
+  },
+  "STRUCT-007": {
+    guidance: "Use lowercase kebab-case for the skill name (e.g. `my-skill-name`). Avoid special characters or spaces.",
+    effort: "low"
+  },
+  "STRUCT-008": {
+    guidance: "Ensure the skill directory structure is standard. This warning indicates some files could not be scanned.",
+    effort: "low"
+  },
+  // ===== CONT =====
+  "CONT-001": {
+    guidance: "Replace TODO/FIXME/placeholder text with actual content. If the skill instructs creating placeholders, use `<!-- skill-checker-ignore CONT-001 -->` before the line.",
+    effort: "low"
+  },
+  "CONT-002": {
+    guidance: "Remove lorem ipsum filler text and replace with real skill instructions.",
+    effort: "low"
+  },
+  "CONT-003": {
+    guidance: "Reduce duplicated lines. Consolidate repeated instructions into a single clear statement.",
+    effort: "medium"
+  },
+  "CONT-004": {
+    guidance: "Align the frontmatter description with the body content. The description should accurately summarize what the skill does.",
+    effort: "medium"
+  },
+  "CONT-005": {
+    guidance: "Remove promotional or advertising content. If describing pricing/marketing concepts for educational purposes, use `<!-- skill-checker-ignore CONT-005 -->` before the line.",
+    effort: "low"
+  },
+  "CONT-006": {
+    guidance: "Add more instructional prose around code examples. A skill should explain when and how to use the code, not just provide raw snippets.",
+    effort: "medium"
+  },
+  "CONT-007": {
+    guidance: "Ensure the skill body references the capabilities implied by the skill name, or rename the skill to match its actual functionality.",
+    effort: "medium"
+  },
+  // ===== INJ =====
+  "INJ-001": {
+    guidance: 'Remove zero-width Unicode characters from the file. These can hide malicious content. Use a hex editor or run: `sed -i "" "s/[\\x200B\\x200C\\x200D\\xFEFF]//g" SKILL.md`.',
+    effort: "low"
+  },
+  "INJ-002": {
+    guidance: "Replace homoglyph characters (e.g. Cyrillic/Greek lookalikes) with their ASCII equivalents to prevent spoofing.",
+    effort: "low"
+  },
+  "INJ-003": {
+    guidance: "Remove RTL/bidirectional override characters. These manipulate text display and can disguise malicious content.",
+    effort: "low"
+  },
+  "INJ-004": {
+    guidance: 'Remove instructions that attempt to override the system prompt. A skill must not contain "ignore previous instructions" or similar patterns.',
+    effort: "low"
+  },
+  "INJ-005": {
+    guidance: "Remove patterns that simulate or manipulate tool output (e.g. `permissionDecision`, `tool_result`). Skills must not forge tool responses.",
+    effort: "low"
+  },
+  "INJ-006": {
+    guidance: "Remove instruction-like content from HTML comments. If comments are needed for documentation, ensure they do not contain executable directives.",
+    effort: "low"
+  },
+  "INJ-007": {
+    guidance: "Remove special model/system tags (e.g. `<|im_start|>`, `<system>`). These attempt to inject into the model context boundary.",
+    effort: "low"
+  },
+  "INJ-008": {
+    guidance: "Remove base64-encoded strings that decode to instructions. Legitimate data should be stored in plain text or referenced via file paths.",
+    effort: "low"
+  },
+  "INJ-009": {
+    guidance: "Avoid delimiter patterns that mimic system/instruction boundaries (e.g. `[SYSTEM]`, `[INST]`). Use standard Markdown headers instead.",
+    effort: "low"
+  },
+  "INJ-010": {
+    guidance: "Remove social engineering patterns (identity hijacking, deception, config tampering, verification bypass). Skills must not attempt to alter model identity or hide actions from users.",
+    effort: "low"
+  },
+  // ===== CODE =====
+  "CODE-001": {
+    guidance: "Remove eval(), Function(), or dynamic code execution. Use explicit function calls or tool APIs instead.",
+    effort: "medium"
+  },
+  "CODE-002": {
+    guidance: "Remove shell/subprocess calls. Use tool APIs instead. If shell access is essential (e.g. calling soffice), use `<!-- skill-checker-ignore CODE-002 -->` and explain the necessity.",
+    effort: "medium"
+  },
+  "CODE-003": {
+    guidance: "Remove destructive file operations (rm -rf, rmdir, unlink on broad paths). If file cleanup is needed, target specific files with explicit paths.",
+    effort: "medium"
+  },
+  "CODE-004": {
+    guidance: "Review hardcoded URLs. Ensure all external URLs use HTTPS and point to trusted domains. If URLs are necessary API endpoints, use `<!-- skill-checker-ignore CODE-004 -->`.",
+    effort: "medium"
+  },
+  "CODE-005": {
+    guidance: "Restrict file writes to the skill working directory. Avoid writing to system paths, home directories, or parent directories.",
+    effort: "medium"
+  },
+  "CODE-006": {
+    guidance: "Avoid direct environment variable access for sensitive data. If env vars are needed for configuration, document which variables and why.",
+    effort: "medium"
+  },
+  "CODE-007": {
+    guidance: "Review long encoded strings. If they contain legitimate data (e.g. embedded assets), add a comment explaining their purpose.",
+    effort: "low"
+  },
+  "CODE-008": {
+    guidance: "Review high-entropy strings. These may be embedded secrets or obfuscated code. Replace with references to external configuration.",
+    effort: "medium"
+  },
+  "CODE-009": {
+    guidance: "Remove multi-layer encoding (e.g. base64 within hex). Legitimate content should use a single encoding layer at most.",
+    effort: "low"
+  },
+  "CODE-010": {
+    guidance: "Remove dynamic code generation patterns. Use static code with explicit function calls instead of constructing code at runtime.",
+    effort: "medium"
+  },
+  "CODE-011": {
+    guidance: "Use descriptive variable names instead of obfuscated single-character or hex-named variables.",
+    effort: "low"
+  },
+  "CODE-012": {
+    guidance: "Remove permission escalation commands (sudo, chmod 777, setuid). Skills should operate within normal user permissions.",
+    effort: "low"
+  },
+  "CODE-013": {
+    guidance: "Remove hardcoded API keys, tokens, or credentials. Use environment variables or a secrets manager, and add patterns to .gitignore.",
+    effort: "medium"
+  },
+  "CODE-014": {
+    guidance: "Remove reverse shell patterns. These are indicators of malicious intent and have no legitimate use in skills.",
+    effort: "low"
+  },
+  "CODE-015": {
+    guidance: "Remove remote pipeline execution or data exfiltration patterns (e.g. curl | sh, piping sensitive data to external endpoints).",
+    effort: "low"
+  },
+  "CODE-016": {
+    guidance: "Remove persistence mechanism patterns (cron jobs, launchd plists, shell profile modifications, autostart entries). Skills should not install persistent system services.",
+    effort: "medium"
+  },
+  // ===== SUPPLY =====
+  "SUPPLY-001": {
+    guidance: "Review the MCP server reference. Ensure it points to a trusted, well-known server. Document why external MCP access is needed.",
+    effort: "medium"
+  },
+  "SUPPLY-002": {
+    guidance: "Avoid `npx -y` auto-install. Pin the package version and verify the package before use. Use `npx package@version` instead.",
+    effort: "low"
+  },
+  "SUPPLY-003": {
+    guidance: "Review package installation commands. Pin exact versions and verify package authenticity. Avoid installing packages from untrusted sources.",
+    effort: "medium"
+  },
+  "SUPPLY-004": {
+    guidance: "Use HTTPS instead of HTTP for all URLs to prevent man-in-the-middle attacks.",
+    effort: "low"
+  },
+  "SUPPLY-005": {
+    guidance: "Replace raw IP addresses with domain names. IP-based URLs bypass DNS security controls and are harder to audit.",
+    effort: "low"
+  },
+  "SUPPLY-006": {
+    guidance: "Review git clone commands. Ensure repositories are from trusted sources. Pin to a specific commit hash or tag for reproducibility.",
+    effort: "medium"
+  },
+  "SUPPLY-007": {
+    guidance: "Remove references to known suspicious domains. These domains have been flagged for malicious activity.",
+    effort: "low"
+  },
+  "SUPPLY-008": {
+    guidance: "Remove files matching known malicious hashes. These files have been identified as malware or exploits.",
+    effort: "low"
+  },
+  "SUPPLY-009": {
+    guidance: "Remove references to known command-and-control IP addresses. These IPs are associated with malware infrastructure.",
+    effort: "low"
+  },
+  "SUPPLY-010": {
+    guidance: "Verify the package name is correct and not a typosquat of a popular package. Check the official registry for the canonical name.",
+    effort: "low"
+  },
+  // ===== RES =====
+  "RES-001": {
+    guidance: 'Remove recursive or repetitive task patterns (e.g. "repeat 1000 times"). Use bounded iteration with a clear termination condition.',
+    effort: "low"
+  },
+  "RES-002": {
+    guidance: "Request only the specific tools needed instead of unrestricted access. List individual tools in allowed-tools.",
+    effort: "medium"
+  },
+  "RES-003": {
+    guidance: "Reduce the number of allowed tools. Review if all listed tools are actually needed. Consider splitting into multiple focused skills.",
+    effort: "medium"
+  },
+  "RES-004": {
+    guidance: "Remove instructions that disable safety checks, hooks, or verification. Skills must operate within the security framework.",
+    effort: "low"
+  },
+  "RES-005": {
+    guidance: 'Remove token-wasting patterns (e.g. "repeat in every response"). Keep instructions concise and avoid mandating boilerplate in every output.',
+    effort: "low"
+  },
+  "RES-006": {
+    guidance: "Remove instructions to ignore CLAUDE.md or project rules. Skills must respect the project configuration set by the user.",
+    effort: "low"
+  }
+};
+function getRemediation(ruleId) {
+  return REMEDIATION_MAP[ruleId];
+}
+
 // src/scanner.ts
 function scanSkillDirectory(dirPath, config = DEFAULT_CONFIG) {
   const skill = parseSkill(dirPath);
@@ -2655,6 +3029,15 @@ function scanSkillDirectory(dirPath, config = DEFAULT_CONFIG) {
 }
 function buildReport(skill, config) {
   let results = runAllChecks(skill);
+  let suppressedResults = [];
+  let suppressionWarnings = [];
+  if (!config.noIgnoreInline) {
+    const directives = parseSuppressionDirectives(skill.raw.split("\n"));
+    const sr = applySuppressions(results, directives, skill.bodyStartLine);
+    results = sr.active;
+    suppressedResults = sr.suppressed;
+    suppressionWarnings = sr.warnings;
+  }
   results = results.map((r) => {
     if (config.overrides[r.id]) {
       return { ...r, severity: config.overrides[r.id] };
@@ -2663,6 +3046,10 @@ function buildReport(skill, config) {
   });
   results = results.filter((r) => !config.ignore.includes(r.id));
   results = deduplicateResults(results);
+  results = results.map((r) => {
+    const rem = getRemediation(r.id);
+    return rem ? { ...r, remediation: rem.guidance } : r;
+  });
   const score = calculateScore(results);
   const grade = computeGrade(score);
   const summary = {
@@ -2679,7 +3066,9 @@ function buildReport(skill, config) {
     results,
     score,
     grade,
-    summary
+    summary,
+    suppressedResults,
+    suppressionWarnings
   };
 }
 function deduplicateResults(results) {
@@ -2692,7 +3081,9 @@ function deduplicateResults(results) {
   };
   for (const r of results) {
     const sourceKey = r.source ?? `_no_source_:${r.category}:${r.line ?? ""}`;
-    const key = `${r.id}::${r.title}::${sourceKey}`;
+    const isSecurityLineLevel = r.source === "SKILL.md" && r.line !== void 0 && (r.category === "INJ" || r.category === "RES");
+    const lineKey = isSecurityLineLevel ? `:${r.line}` : "";
+    const key = `${r.id}::${r.title}::${sourceKey}${lineKey}`;
     const group = groups.get(key);
     if (group) {
       group.push(r);
@@ -2803,10 +3194,29 @@ function formatTerminalReport(report) {
         if (f.snippet) {
           lines.push(`      ${chalk.dim(f.snippet)}`);
         }
+        if (f.remediation) {
+          lines.push(`      ${chalk.dim("Fix: " + f.remediation)}`);
+        }
       }
       lines.push("");
     }
   }
+  if (report.suppressedResults && report.suppressedResults.length > 0) {
+    const counts = /* @__PURE__ */ new Map();
+    for (const s of report.suppressedResults) {
+      counts.set(s.id, (counts.get(s.id) ?? 0) + 1);
+    }
+    const detail = Array.from(counts.entries()).map(([id, n]) => `${id}: ${n}`).join(", ");
+    lines.push(chalk.dim(`Suppressed: ${report.suppressedResults.length} finding(s) (${detail})`));
+    lines.push("");
+  }
+  if (report.suppressionWarnings && report.suppressionWarnings.length > 0) {
+    lines.push(chalk.yellow("Suppression warnings:"));
+    for (const w of report.suppressionWarnings) {
+      lines.push(chalk.yellow(`  - ${w}`));
+    }
+    lines.push("");
+  }
   lines.push(chalk.bold("Recommendation:"));
   switch (report.grade) {
     case "A":
@@ -2841,10 +3251,15 @@ function formatJsonReport(report) {
 }
 function generateHookResponse(report, config = DEFAULT_CONFIG) {
   const worst = worstSeverity(report.results);
-  if (!worst) {
+  const suppressedWorst = report.suppressedResults ? worstSeverity(report.suppressedResults) : null;
+  const hasSuppressedCriticalOrHigh = suppressedWorst === "CRITICAL" || suppressedWorst === "HIGH";
+  if (!worst && !hasSuppressedCriticalOrHigh) {
     return { permissionDecision: "allow" };
   }
-  const action = getHookAction(config.policy, worst);
+  let action = worst ? getHookAction(config.policy, worst) : "report";
+  if (hasSuppressedCriticalOrHigh && (action === "report" || !worst)) {
+    action = "ask";
+  }
   switch (action) {
     case "deny":
       return {
@@ -2988,7 +3403,7 @@ program.name("skill-checker").description(
   "Security checker for Claude Code skills - detect injection, malicious code, and supply chain risks"
 ).version(pkg.version);
 var VALID_POLICIES = ["strict", "balanced", "permissive"];
-program.command("scan").description("Scan a skill directory for security issues").argument("<path>", "Path to the skill directory").option("-f, --format <format>", "Output format: terminal, json, hook", "terminal").option("-p, --policy <policy>", "Policy: strict, balanced, permissive").option("-c, --config <path>", "Path to config file").action(
+program.command("scan").description("Scan a skill directory for security issues").argument("<path>", "Path to the skill directory").option("-f, --format <format>", "Output format: terminal, json, hook", "terminal").option("-p, --policy <policy>", "Policy: strict, balanced, permissive").option("-c, --config <path>", "Path to config file").option("--no-ignore", "Disable inline suppression comments").action(
   (path, opts) => {
     if (opts.policy && !VALID_POLICIES.includes(opts.policy)) {
       console.error(`Error: invalid policy "${opts.policy}". Valid values: ${VALID_POLICIES.join(", ")}`);
@@ -3003,6 +3418,9 @@ program.command("scan").description("Scan a skill directory for security issues"
     if (opts.policy) {
       config.policy = opts.policy;
     }
+    if (!opts.ignore) {
+      config.noIgnoreInline = true;
+    }
     const report = scanSkillDirectory(path, config);
     switch (opts.format) {
       case "json":