Can this skill automatically fix security issues?

Yes, using the --fix flag, the skill can automatically apply safe remediations such as replacing hardcoded secrets with environment variables and tightening scoped permissions.

Is AgentShield required to use this skill?

AgentShield (ecc-agentshield) is the underlying engine. The skill will check for its presence and can help you install it via npm or run it directly using npx.

Does it support CI/CD integration?

Yes, it provides a dedicated GitHub Action and supports JSON output, allowing you to fail builds if security findings exceed a specific severity threshold.

What files does the Security Scan skill check?

The skill specifically targets the .claude/ directory, auditing CLAUDE.md for injection patterns, settings.json for permissive flags, mcp.json for supply chain risks, and agent hooks for command injection.

What is the Opus 4.6 Deep Analysis feature?

This is an advanced adversarial pipeline that runs three specialized agents—an Attacker (Red Team), a Defender (Blue Team), and an Auditor—to perform a deep-dive analysis of complex attack vectors.

Claude Code Security Scan

Name: Claude Code Security Scan
Author: affaan-m

byaffaan-m

•

112,919

•

セキュリティとテスト

Audits and secures Claude Code configurations to prevent security vulnerabilities, misconfigurations, and prompt injection risks.

The Claude Code Security Scan skill integrates the AgentShield framework to provide a comprehensive security auditing layer for your AI agent environment. It automatically inspects the .claude/ directory, including settings.json, CLAUDE.md, and MCP server definitions, to identify critical risks such as hardcoded API keys, overly permissive shell access, and command injection vulnerabilities. By providing graded security reports and automated remediation for common misconfigurations, this skill ensures that your local agent workflows and CI/CD pipelines remain hardened against adversarial attacks and accidental data exposure.

主な機能

01Identification of hardcoded secrets, API keys, and insecure wildcard permissions

02Multi-format reporting including JSON for CI/CD and interactive HTML reports

03Comprehensive auditing of .claude/ configuration files and MCP server settings

04Adversarial multi-agent deep analysis using a Red Team/Blue Team pipeline

05Automated remediation and fixing of common security vulnerabilities

06112,919 GitHub stars

ユースケース

01Auditing Claude Code configurations before committing them to shared repositories

02Automating security gating in CI/CD pipelines to prevent insecure agent deployments

03Scanning third-party MCP servers and agent definitions during project onboarding

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add affaan-m/everything-claude-code security-scan

For use in Claude.ai and ChatGPT

Download Skill