What files does the Security Scan skill check?

It audits all critical configuration files within the .claude/ directory, including CLAUDE.md, settings.json, mcp.json, custom hooks, and agent definitions.

What is the Opus 4.6 Deep Analysis mode?

This is an advanced adversarial mode that runs a 'Red Team' attacker, 'Blue Team' defender, and an auditor agent to discover complex vulnerabilities that static analysis might miss.

Does it support CI/CD integration?

Yes, it provides JSON output for programmatic checks and a dedicated GitHub Action to fail builds if high-severity vulnerabilities are detected.

Can this skill fix security issues automatically?

Yes, by using the --fix flag, the skill can automatically resolve safe findings, such as replacing hardcoded secrets with environment variable references.

Do I need to install AgentShield separately?

Yes, AgentShield (ecc-agentshield) is a prerequisite. You can install it globally via npm or run it on-demand using npx.

Security Scan

Name: Security Scan
Author: Infopibe

byInfopibe

•

Security & Testing

Audits Claude Code configurations for security vulnerabilities, misconfigurations, and prompt injection risks using AgentShield.

The Security Scan skill integrates AgentShield to provide a comprehensive security audit of your Claude Code environment. By scanning the .claude/ directory, it identifies critical risks such as hardcoded API keys, command injection vectors in hooks, and overly permissive MCP server settings. It offers automated remediation for common issues and features an advanced adversarial analysis mode that utilizes a multi-agent pipeline to stress-test your security posture before deployment or commits.

Key Features

01Automated remediation for safe security fixes and permission tightening

02Multi-format reporting including HTML, JSON, and Markdown for CI/CD integration

031 GitHub stars

04Detection of hardcoded secrets and command injection vulnerabilities

05Comprehensive audit of CLAUDE.md, settings.json, and mcp.json files

06Adversarial deep analysis using a three-agent (Red/Blue/Auditor) pipeline

Use Cases

01Initial setup and hardening of new Claude Code projects

02Pre-commit validation of configuration changes to prevent data leaks

03Continuous security monitoring within CI/CD pipelines using GitHub Actions

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add infopibe/everything-claude-code security-scan

For use in Claude.ai and ChatGPT

Key Features

01Automated remediation for safe security fixes and permission tightening

02Multi-format reporting including HTML, JSON, and Markdown for CI/CD integration

031 GitHub stars

04Detection of hardcoded secrets and command injection vulnerabilities

05Comprehensive audit of CLAUDE.md, settings.json, and mcp.json files

06Adversarial deep analysis using a three-agent (Red/Blue/Auditor) pipeline

Use Cases

01Initial setup and hardening of new Claude Code projects

02Pre-commit validation of configuration changes to prevent data leaks

03Continuous security monitoring within CI/CD pipelines using GitHub Actions

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add infopibe/everything-claude-code security-scan

For use in Claude.ai and ChatGPT