Do I need to install additional software?

This skill relies on AgentShield (ecc-agentshield). You can install it globally via npm or run it directly using npx during the scan process.

What files does the security-scan skill check?

It scans all critical files in your .claude/ directory, including CLAUDE.md, settings.json, mcp.json, custom hooks, and agent definitions.

Can it fix vulnerabilities automatically?

Yes, by using the --fix flag, the skill can automatically apply safe patches, such as replacing hardcoded keys with environment variable references.

What is the Opus 4.6 deep analysis mode?

It is an advanced adversarial audit that runs a three-agent workflow (Attacker, Defender, and Auditor) to find complex security flaws that static analysis might miss.

Does this support CI/CD pipelines?

Yes, it provides JSON, HTML, and Markdown output formats and includes a dedicated GitHub Action to fail builds if high-severity risks are found.

Claude Code Security Scan

Name: Claude Code Security Scan
Author: saar120

bysaar120

0•

Security & Testing

Audits and secures Claude Code configurations by identifying vulnerabilities, hardcoded keys, and prompt injection risks.

The Security Scan skill utilizes AgentShield to perform comprehensive audits of your .claude/ configuration directory, helping developers prevent security breaches before they happen. It identifies critical issues such as hardcoded API keys, overly permissive shell access, command injection risks in hooks, and potential prompt injection vectors in CLAUDE.md or agent definitions. With features like automated grading, one-click fixes for common issues, and an advanced AI-driven adversarial analysis, this skill ensures that your Claude Code environment remains secure, compliant, and robust against potential attacks.

Key Features

01AI-powered deep analysis using a Red Team/Blue Team adversarial flow

02Automated security fixes for common configuration errors and CI/CD integration

03Comprehensive auditing of .claude/ settings, hooks, and MCP configurations

04Detection of hardcoded secrets, API keys, and sensitive environment variables

050 GitHub stars

06Prevention of command injection and prompt injection attack vectors

Use Cases

01Auditing a new project repository before enabling Claude Code automation

02Validating security posture after modifying MCP servers or custom hooks

03Integrating automated security gates into GitHub Actions or local pre-commit workflows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add saar120/skillgate-registry security-scan

For use in Claude.ai and ChatGPT

Key Features

01AI-powered deep analysis using a Red Team/Blue Team adversarial flow

02Automated security fixes for common configuration errors and CI/CD integration

03Comprehensive auditing of .claude/ settings, hooks, and MCP configurations

04Detection of hardcoded secrets, API keys, and sensitive environment variables

050 GitHub stars

06Prevention of command injection and prompt injection attack vectors

Use Cases

01Auditing a new project repository before enabling Claude Code automation

02Validating security posture after modifying MCP servers or custom hooks

03Integrating automated security gates into GitHub Actions or local pre-commit workflows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add saar120/skillgate-registry security-scan

For use in Claude.ai and ChatGPT