What files does the Security Scan skill check?

It scans everything in the .claude/ directory, including settings.json, CLAUDE.md, MCP server configurations, hooks, and custom agent definitions.

Can it fix the security issues it finds automatically?

Yes, it includes an --fix flag that can automatically resolve safe-to-fix issues, such as replacing hardcoded secrets with environment variable references.

Does this skill require an external API key to run?

Standard scans are performed locally, but the Opus 4.6 deep analysis feature requires an Anthropic API key to run its multi-agent adversarial pipeline.

Can I integrate this security scan into my CI/CD pipeline?

Yes, it supports JSON and Markdown output formats and provides a dedicated GitHub Action for automated security gatekeeping during builds.

Security Scan

Name: Security Scan
Author: Infopibe

byInfopibe

•

Security & Testing

Audits Claude Code configurations for security vulnerabilities, misconfigurations, and potential injection risks using AgentShield.

The Security Scan skill provides a comprehensive auditing tool for your Claude Code environment, specifically designed to identify risks within the .claude/ directory and CLAUDE.md files. By leveraging AgentShield, it automatically detects hardcoded secrets, overly permissive shell access, and malicious prompt injection patterns that could compromise your development environment. Whether you are onboarding to a new project or performing a routine hygiene check, this skill ensures your AI agent's permissions, MCP servers, and hooks align with security best practices.

Key Features

01Detection of hardcoded API keys, tokens, and sensitive credentials

02Deep analysis mode using a multi-agent adversarial pipeline (Red/Blue Team analysis)

03Analysis of shell permission levels and command injection risks in hooks

041 GitHub stars

05Automated scanning of settings.json, CLAUDE.md, and MCP server definitions

06Auto-fix capabilities for non-destructive security hardening of configurations

Use Cases

01Identifying and neutralizing potential prompt injection vectors in system instructions

02Onboarding developers to projects with existing AI configurations to ensure environment safety

03Validating security posture before committing Claude Code configuration changes to a repository

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add infopibe/everything-claude-code security-scan

For use in Claude.ai and ChatGPT

Key Features

01Detection of hardcoded API keys, tokens, and sensitive credentials

02Deep analysis mode using a multi-agent adversarial pipeline (Red/Blue Team analysis)

03Analysis of shell permission levels and command injection risks in hooks

041 GitHub stars

05Automated scanning of settings.json, CLAUDE.md, and MCP server definitions

06Auto-fix capabilities for non-destructive security hardening of configurations

Use Cases

01Identifying and neutralizing potential prompt injection vectors in system instructions

02Onboarding developers to projects with existing AI configurations to ensure environment safety

03Validating security posture before committing Claude Code configuration changes to a repository

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add infopibe/everything-claude-code security-scan

For use in Claude.ai and ChatGPT