Can I use this skill in my GitHub Actions?

Yes, it supports JSON/Markdown output and offers a dedicated GitHub Action for automated security enforcement in CI/CD pipelines.

Can it fix vulnerabilities automatically?

Yes, the skill includes a --fix command that can automatically resolve specific issues, such as replacing hardcoded keys with environment variables.

Do I need to install AgentShield separately?

AgentShield is a prerequisite. It can be installed globally via npm or executed directly using npx during the scanning process.

How does the Deep Analysis mode work?

It runs a multi-agent process where an 'Attacker' finds vectors, a 'Defender' suggests hardening, and an 'Auditor' provides a final security verdict.

What files does the security scan check?

It scans the entire .claude/ directory, including settings.json, CLAUDE.md, mcp.json, and custom hooks or agent definitions.

Claude Code Security Scanner

Name: Claude Code Security Scanner
Author: xu-xiang

byxu-xiang

•

323

•

セキュリティとテスト

Audits Claude Code configurations for security vulnerabilities, injection risks, and misconfigurations using AgentShield.

The Security Scan skill provides a robust auditing framework for your Claude Code environment by integrating AgentShield to identify risks within .claude/ configurations. It automatically detects hardcoded API keys, dangerous command injections in hooks, overly permissive MCP settings, and prompt injection vulnerabilities in CLAUDE.md. This skill ensures that your AI-driven development environment remains secure and protected against supply chain attacks or accidental data leaks, offering both automated fixes and deep multi-agent adversarial analysis for high-security projects.

主な機能

01Automated remediation of common security issues with intelligent fixing logic

02323 GitHub stars

03Adversarial multi-agent (Red/Blue/Auditor) flow for deep security analysis

04Automated security auditing for .claude/ configurations and MCP servers

05Command injection vulnerability scanning in custom hooks and scripts

06Detection of hardcoded secrets, API keys, and sensitive credentials

ユースケース

01Integrating security checks into CI/CD pipelines to prevent committing vulnerable configs

02Performing periodic security hygiene checks to ensure restrictive MCP permissions

03Auditing a new repository before allowing Claude to execute commands locally

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add xu-xiang/everything-claude-code-zh security-scan

For use in Claude.ai and ChatGPT

主な機能

01Automated remediation of common security issues with intelligent fixing logic

02323 GitHub stars

03Adversarial multi-agent (Red/Blue/Auditor) flow for deep security analysis

04Automated security auditing for .claude/ configurations and MCP servers

05Command injection vulnerability scanning in custom hooks and scripts

06Detection of hardcoded secrets, API keys, and sensitive credentials

ユースケース

01Integrating security checks into CI/CD pipelines to prevent committing vulnerable configs

02Performing periodic security hygiene checks to ensure restrictive MCP permissions

03Auditing a new repository before allowing Claude to execute commands locally

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add xu-xiang/everything-claude-code-zh security-scan

For use in Claude.ai and ChatGPT