What security grades does the scan provide?

Scans produce a letter grade from A (Secure) to F (Critical Vulnerabilities) based on a point-based scoring system derived from the severity of findings.

Do I need to install external dependencies?

The skill requires AgentShield, which can be run directly via npx or installed globally using 'npm install -g ecc-agentshield'.

What files does the security-scan skill analyze?

The skill scans all files within the .claude/ directory, including CLAUDE.md, settings.json, MCP server configurations, lifecycle hooks, and custom agent definitions.

Can this skill fix security issues automatically?

Yes, by using the --fix command, the skill can automatically apply safe remediation such as replacing hardcoded keys with environment variables and tightening wildcard permissions.

How does the Opus 4.6 analysis work?

It initiates an adversarial workflow where three separate AI instances act as an Attacker (Red Team), Defender (Blue Team), and Auditor to find complex vulnerabilities that standard scanners might miss.

Claude Code Security Scan

Name: Claude Code Security Scan
Author: unju-ai

byunju-ai

0•

安全与测试

Audit and secure Claude Code configuration files for vulnerabilities, injection risks, and sensitive data leaks using AgentShield.

The security-scan skill provides a robust automated auditing layer for Claude Code environments by integrating AgentShield to identify and remediate configuration risks. It systematically scans project-specific files such as .claude/settings.json, CLAUDE.md, and MCP configurations for hardcoded API keys, command injection vulnerabilities in hooks, and overly permissive tool access. Ideal for both initial project setup and routine security hygiene, this skill ensures AI-driven workflows remain protected against prompt injection and supply chain attacks while providing actionable reports, grading, and automated remediation options.

主要功能

01Automated security auditing of .claude configuration files and MCP servers

02Adversarial three-agent analysis (Red/Blue/Auditor) for deep logic scanning

03Protection against command injection in hooks and prompt injection in CLAUDE.md

04Detection of hardcoded API keys and sensitive credential leaks

050 GitHub stars

06Automated fixing of high-risk vulnerabilities and permission tightening

使用场景

01Auditing existing Claude Code configurations when joining a new repository

02Hardening MCP tool permissions and remediating command injection risks in hooks

03Verifying security compliance before committing configuration changes to version control

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add unju-ai/ecc security-scan

For use in Claude.ai and ChatGPT