What files does the Security Scan skill check?

It audits the entire .claude directory, including CLAUDE.md, settings.json, MCP server configurations (mcp.json), hooks, and individual agent definitions.

Is it possible to integrate this into my CI/CD pipeline?

Absolutely. It supports JSON output for automation and has a dedicated GitHub Action to fail builds if high-severity vulnerabilities are detected.

Can it automatically fix security issues?

Yes, the skill includes an auto-fix flag that can safely replace hardcoded secrets with environment variable references and tighten overly permissive wildcard permissions.

What is the Opus 4.6 Deep Analysis mode?

This is an adversarial three-agent pipeline where a Red Team agent attempts to exploit your config, a Blue Team agent recommends hardening, and an Auditor synthesizes a final security verdict.

Security Scan

Name: Security Scan
Author: saar120

bysaar120

0•

보안 및 테스팅

Audits your Claude Code configuration for security vulnerabilities, misconfigurations, and prompt injection risks using AgentShield.

The Security Scan skill provides a comprehensive auditing layer for your Claude Code environment, ensuring that project configurations, MCP server definitions, and custom hooks remain secure. By leveraging the AgentShield engine, it identifies critical risks such as hardcoded API keys, overly permissive shell access, and potential command injection vectors within your .claude directory. It is an essential tool for developers who want to maintain high security hygiene when using AI agents, offering both automated fixes and deep adversarial analysis through its triple-agent pipeline to ensure your local AI environment is production-ready.

주요 기능

01Detection of hardcoded secrets, injection patterns, and risky auto-run instructions.

02Multi-agent Red Team/Blue Team deep analysis powered by Opus 4.6.

03Automated vulnerability scanning for CLAUDE.md, settings.json, and MCP configs.

04Standardized security grading (A-F) to benchmark configuration posture.

05Auto-fix capabilities to replace secrets with environment variables and tighten permissions.

060 GitHub stars

사용 사례

01Vetting third-party Claude Code configurations during project onboarding.

02Automated security auditing in CI/CD pipelines via the dedicated GitHub Action.

03Hardening local environment security before committing configuration changes to shared repositories.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add saar120/skillgate-registry security-scan

For use in Claude.ai and ChatGPT

주요 기능

01Detection of hardcoded secrets, injection patterns, and risky auto-run instructions.

02Multi-agent Red Team/Blue Team deep analysis powered by Opus 4.6.

03Automated vulnerability scanning for CLAUDE.md, settings.json, and MCP configs.

04Standardized security grading (A-F) to benchmark configuration posture.

05Auto-fix capabilities to replace secrets with environment variables and tighten permissions.

060 GitHub stars

사용 사례

01Vetting third-party Claude Code configurations during project onboarding.

02Automated security auditing in CI/CD pipelines via the dedicated GitHub Action.

03Hardening local environment security before committing configuration changes to shared repositories.