Does this skill require external tools?

Yes, it utilizes AgentShield, which can be run via npx or installed globally to perform the actual analysis and configuration scanning.

Can I integrate this into my GitHub Actions?

Absolutely. It is designed for CI/CD integration, allowing you to fail builds if findings exceed a specific severity threshold, ensuring no insecure configurations are merged.

What is the Opus Deep Analysis feature?

It is an advanced mode that runs a three-agent adversarial pipeline (Red Team, Blue Team, and Auditor) to find complex attack vectors that standard scans might miss.

What types of vulnerabilities does Security Scan detect?

It identifies hardcoded secrets, unrestricted shell access, command injection risks in hooks, prompt injection patterns in instructions, and insecure MCP server configurations.

Can it automatically fix security issues?

The skill includes an auto-fix feature that can resolve 'safe' issues, such as replacing hardcoded secrets with environment variable references and tightening wildcard permissions.

Security Scan & Agent Hardening

Name: Security Scan & Agent Hardening
Author: flatrick

byflatrick

0•

Security & Testing

Audits AI tool configurations, MCP servers, and instruction files for security vulnerabilities and injection risks.

The Security Scan skill leverages AgentShield to perform comprehensive audits of your AI development environment, identifying critical vulnerabilities such as hardcoded secrets, command injection risks in hooks, and overly permissive tool access. It evaluates everything from instruction files like CLAUDE.md to MCP configurations and agent definitions, providing actionable severity grades (A-F) and automated fixes. Whether you are onboarding to a new repository or preparing for a production deployment, this skill ensures your AI agents operate within a secure, hardened perimeter by detecting prompt injection surfaces and supply chain risks in real-time.

Key Features

01Command injection analysis for hooks using interpolation patterns

02Detection of hardcoded API keys and secrets in tool configurations

030 GitHub stars

04Automated vulnerability scanning for instruction files and agent definitions

05Adversarial Deep Analysis using a Red/Blue team pipeline for high-stakes audits

06Risk assessment for MCP servers and shell-running supply chain threats

Use Cases

01Hardening an agentic workflow before deployment to a production repository

02Enforcing security standards in CI/CD pipelines to block insecure tool definitions

03Auditing third-party MCP server configurations for permission leaks and shell access

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add flatrick/mdt security-scan

For use in Claude.ai and ChatGPT