What is the difference between severity levels?

Findings range from Critical (hardcoded keys or unrestricted shell access) to Information (missing descriptions), with Grades A through F assigned based on the overall security score.

Does it require an Anthropic API key?

Basic local scans do not require a key, but the 'Opus 4.6 Deep Analysis' feature requires an ANTHROPIC_API_KEY to run its multi-agent adversarial pipeline.

Is it suitable for CI/CD environments?

Absolutely. It supports JSON output and provides a dedicated GitHub Action to fail builds if high-severity findings are detected.

Can this skill fix security issues automatically?

Yes, it includes an auto-fix feature that can replace hardcoded secrets with environment variables and tighten overly permissive permissions.

What files does the Security Scan skill audit?

It checks CLAUDE.md, settings.json, MCP server definitions (mcp.json), custom hooks, and agent markdown files for vulnerabilities and misconfigurations.

Security Scan for Claude Code

Name: Security Scan for Claude Code
Author: saar120

bysaar120

0•

セキュリティとテスト

Audits Claude Code configurations and MCP settings for security vulnerabilities, misconfigurations, and injection risks using AgentShield.

The Security Scan skill integrates AgentShield into your workflow to provide comprehensive security auditing for Claude Code project configurations. It scans critical files within the .claude directory—including CLAUDE.md, settings.json, and MCP server definitions—to identify hardcoded secrets, command injection vectors, and overly permissive tool access. With support for automated remediation and a deep adversarial analysis pipeline, this skill ensures that your AI agent environment remains hardened against both accidental leaks and intentional prompt injection attacks.

主な機能

01Automatic remediation for common security misconfigurations and permissive flags

02Detection of hardcoded secrets, prompt injections, and command injection patterns

03Automated auditing of .claude configuration files and MCP server definitions

04Flexible reporting in JSON, HTML, and Markdown for local use or CI/CD integration

050 GitHub stars

06Adversarial 'Red Team vs. Blue Team' deep analysis via Opus 4.6

ユースケース

01Integrating security gates into CI/CD pipelines to prevent credential leakage

02Performing regular security hygiene checks on agent hooks and tool permissions

03Hardening a new Claude Code project setup before committing configuration files

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add saar120/skillgate-registry security-scan

For use in Claude.ai and ChatGPT

主な機能

01Automatic remediation for common security misconfigurations and permissive flags

02Detection of hardcoded secrets, prompt injections, and command injection patterns

03Automated auditing of .claude configuration files and MCP server definitions

04Flexible reporting in JSON, HTML, and Markdown for local use or CI/CD integration

050 GitHub stars

06Adversarial 'Red Team vs. Blue Team' deep analysis via Opus 4.6

ユースケース

01Integrating security gates into CI/CD pipelines to prevent credential leakage

02Performing regular security hygiene checks on agent hooks and tool permissions

03Hardening a new Claude Code project setup before committing configuration files