Can this skill automatically fix security issues?

Yes, it includes an auto-fix feature that can replace hardcoded secrets with environment variable references and tighten wildcard permissions to safer, scoped alternatives.

Can I integrate this security scan into my GitHub workflow?

Yes, it supports JSON output for easy integration and offers a dedicated GitHub Action to fail builds if critical vulnerabilities are detected.

Does it require an API key to run?

A basic scan runs locally using AgentShield. However, the Deep Analysis feature (Opus 4.6) requires an Anthropic API key to run its adversarial simulation pipeline.

What files does the Security Scan skill analyze?

It audits the entire .claude/ directory, specifically checking CLAUDE.md for secrets, settings.json for permissions, mcp.json for server risks, and custom hooks for command injection.

Claude Code Security Scan

Name: Claude Code Security Scan
Author: Nixdorfer

byNixdorfer

•

Seguridad y Pruebas

Audits your Claude Code configuration files for security vulnerabilities, misconfigurations, and prompt injection risks using AgentShield.

The Security Scan skill integrates AgentShield into your Claude Code workflow to identify and mitigate critical security risks within your .claude/ directory. It systematically analyzes CLAUDE.md for hardcoded secrets, evaluates settings.json for overly permissive permissions, and checks MCP server configurations for supply chain vulnerabilities. By providing automated fixes and multi-agent deep analysis via Opus 4.6, this skill ensures that your AI-assisted development environment remains secure, preventing data exfiltration and unauthorized tool execution while maintaining high security hygiene.

Características Principales

011 GitHub stars

02Comprehensive configuration auditing of .claude/ directories including MCP, hooks, and agent definitions.

03Automated remediation of hardcoded secrets and risky wildcard permission settings.

04Standardized security grading (A-F) with actionable remediation steps for every finding.

05Multiple output formats including JSON, HTML, and Markdown for terminal or CI/CD integration.

06Adversarial deep analysis using a three-agent pipeline (Attacker, Defender, Auditor).

Casos de Uso

01Automating security hygiene in CI/CD pipelines to prevent prompt injection and command interpolation vulnerabilities.

02Onboarding to a new repository with existing Claude Code configurations to identify hidden risks.

03Hardening project security before committing sensitive .claude/ settings to version control.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nixdorfer/claudecodetool security-scan

For use in Claude.ai and ChatGPT

Download Skill