What is the Opus 4.6 Deep Analysis mode?

This is an advanced adversarial pipeline that utilizes three different agent perspectives—Attacker, Defender, and Auditor—to find complex vulnerabilities that static analysis might miss.

Can this skill automatically fix security issues?

Yes, using the --fix flag, it can automatically remediate safe issues such as replacing hardcoded secrets with environment variables and tightening overly permissive tool access.

What files does the security-scan skill analyze?

It scans the entire .claude/ directory, specifically checking CLAUDE.md, settings.json, mcp.json, custom hooks, and agent definitions.

Does it detect prompt injection risks?

Yes, it specifically scans for auto-run instructions, unrestricted tool access patterns, and common prompt injection surfaces within your instructions and agent files.

Can I integrate this into my CI/CD pipeline?

Absolutely. It supports a GitHub Action that allows you to fail builds if findings exceed a specific severity threshold, ensuring no insecure configurations reach production.

Security Scan & Audit

Name: Security Scan & Audit
Author: unju-ai

byunju-ai

0•

Security & Testing

Audits Claude Code configurations for security vulnerabilities, prompt injection risks, and misconfigurations using AgentShield.

The Security Scan skill provides a comprehensive auditing layer for your Claude Code environment, scanning the .claude/ directory to identify hardcoded secrets, dangerous permission levels, and potential prompt injection vectors. It evaluates CLAUDE.md files, MCP server configurations, and custom agent definitions to assign a security grade from A to F. With features like automated remediation for safe fixes and a deep-analysis adversarial mode using Opus 4.6, this skill ensures your AI agent harness remains secure and compliant with best practices before deployment or version control commits.

Key Features

01Multi-file security auditing covering CLAUDE.md, settings.json, and mcp.json

02CI/CD integration via GitHub Actions for automated security enforcement

03Automated vulnerability remediation for safe fixes like secret replacement

040 GitHub stars

05Detailed security grading (A-F) with JSON, HTML, and Markdown reporting

06Deep Red Team analysis using an adversarial three-agent pipeline

Use Cases

01Identifying prompt injection risks in newly onboarded third-party repositories

02Hardening local Claude Code configurations before committing changes to git

03Enforcing security compliance across development teams via automated CI gates

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add unju-ai/ecc security-scan

For use in Claude.ai and ChatGPT