What files does the Security Scan skill check?

It scans the entire .claude directory, specifically targeting CLAUDE.md for prompt injection, settings.json for permissive flags, mcp.json for supply chain risks, and the hooks folder for command injection.

What is the Opus 4.6 deep analysis mode?

It is an advanced adversarial pipeline that uses three distinct AI agents (Red Team attacker, Blue Team defender, and Auditor) to simulate attacks and provide a high-confidence security assessment.

Does this skill support CI/CD integration?

Yes, it supports JSON output for machine readability and includes instructions for a GitHub Action to fail builds if vulnerabilities with a specific severity are found.

Can it fix security issues automatically?

Yes, using the --fix flag, the skill can automatically apply safe remediations such as replacing hardcoded secrets with environment variable references and narrowing wildcard permissions.

Security Scan & Audit

Name: Security Scan & Audit
Author: unju-ai

byunju-ai

0•

セキュリティとテスト

Audits Claude Code configurations to identify and remediate security vulnerabilities, hardcoded secrets, and injection risks.

The Security Scan skill leverages AgentShield to provide a robust security layer for your Claude Code environment. It systematically audits the .claude directory, including CLAUDE.md, settings.json, and MCP server configurations, to find critical issues like overly permissive shell access, command injection vulnerabilities in hooks, and exposed API keys. With support for automated fixes and a sophisticated multi-agent adversarial analysis pipeline, it ensures your AI agent harness remains secure from development through to CI/CD deployment.

主な機能

01Automated remediation for common security misconfigurations

02Detection of hardcoded secrets and sensitive environment variables

030 GitHub stars

04Comprehensive scanning of .claude settings, hooks, and agent definitions

05Flexible reporting in HTML, JSON, and Markdown for documentation or CI/CD

06Adversarial multi-agent analysis for deep vulnerability discovery

ユースケース

01Validating MCP server permissions and hook safety before committing settings

02Integrating automated security gates into GitHub Actions and CI pipelines

03Auditing project configurations during onboarding to a new codebase

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add unju-ai/ecc security-scan

For use in Claude.ai and ChatGPT