security-scan_skill

This skill scans Claude Code configurations for security issues, misconfigurations, and injection risks using AgentShield to harden projects before deployment.
  • JavaScript

46.5k

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill affaan-m/everything-claude-code --skill security-scan

  • SKILL.md4.4 KB

Overview

This skill scans a Claude Code configuration (.claude/ directory) for security vulnerabilities, misconfigurations, and injection risks using AgentShield. It targets CLAUDE.md, settings.json, MCP servers, hooks, and agent definitions to produce actionable findings and remediation suggestions. Reports can be emitted to terminal, JSON, Markdown, or HTML for CI and documentation workflows.

How this skill works

The scanner inspects configuration files and directories for patterns that indicate secrets, overly permissive permissions, command injection, and unsafe MCP server definitions. It ranks findings by severity (A–F or numeric score) and can apply safe auto-fixes for trivial issues like replacing hardcoded secrets with env references. An optional adversarial deep analysis runs attacker/defender/auditor agents for a richer threat assessment.

When to use it

  • Before committing changes to .claude/ or pushing configuration updates
  • When onboarding to a repository with existing Claude Code configs
  • After editing CLAUDE.md, settings.json, MCP configs, hooks, or agent definitions
  • As a periodic security hygiene check in CI/CD pipelines
  • When preparing a production deployment that relies on agent tooling

Best practices

  • Run scans locally and in CI with medium severity as a minimum gate
  • Replace hardcoded keys with environment variable references, not inline values
  • Restrict allow lists and add deny lists; avoid wildcard Bash access
  • Inspect and sanitize hook interpolations to prevent command injection
  • Use the auto-fix option only for low-risk, reversible changes and review diffs

Example use cases

  • Scan a new project scaffold to ensure default settings are secure before sharing
  • Block a pull request that introduces hardcoded API keys or npx -y MCP server installs
  • Generate a human-readable HTML or Markdown security report for audits
  • Run the Opus adversarial pipeline to stress-test agent prompts and hooks
  • Auto-fix low-risk issues (secrets -> env refs, tighten wildcard permissions) before merge

FAQ

AgentShield must be available; you can run it via npx or install ecc-agentshield globally with npm for repeated use.

Can the tool automatically fix every finding?

No. It auto-fixes only safe, clearly reversible issues such as replacing hardcoded secrets and tightening simple wildcard permissions; manual review is required for complex suggestions.

How do I use this in CI?

Run the scanner as a CI step and emit JSON or set fail-on-findings for a minimum severity to fail the pipeline when unacceptable issues are found.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
security-scan skill by affaan-m/everything-claude-code | VeilStrat