security-scan
Audit Claude Code configurations for security vulnerabilities, misconfigurations, and injection risks.
- Scans five configuration areas:
CLAUDE.md,settings.json, MCP servers, hooks, and agent definitions for hardcoded secrets, prompt injection patterns, overly permissive permissions, and command injection risks - Provides four output formats (terminal, JSON, Markdown, HTML) and integrates with CI/CD via GitHub Action with configurable severity filtering
- Includes auto-fix mode for safe remediations like replacing hardcoded secrets with environment variables, plus optional Opus 4.6 deep analysis using a three-agent red-team/blue-team pipeline
- Requires AgentShield installation via npm; can run directly with
npxwithout setup
Security Scan Skill
Audit your Claude Code configuration for security issues using AgentShield.
When to Activate
- Setting up a new Claude Code project
- After modifying
.claude/settings.json,CLAUDE.md, or MCP configs - Before committing configuration changes
- When onboarding to a new repository with existing Claude Code configs
- Periodic security hygiene checks
What It Scans
| File | Checks |
|---|---|
CLAUDE.md |
Hardcoded secrets, auto-run instructions, prompt injection patterns |
settings.json |
Overly permissive allow lists, missing deny lists, dangerous bypass flags |
mcp.json |
Risky MCP servers, hardcoded env secrets, npx supply chain risks |
More from affaan-m/everything-claude-code
security-review
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
7.9Kgolang-patterns
Idiomatic Go patterns, best practices, and conventions for building robust, efficient, and maintainable Go applications.
7.4Kcoding-standards
Baseline cross-project coding conventions for naming, readability, immutability, and code-quality review. Use detailed frontend or backend skills for framework-specific patterns.
6.7Kfrontend-patterns
Frontend development patterns for React, Next.js, state management, performance optimization, and UI best practices.
6.6Kbackend-patterns
Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes.
6.6Kgolang-testing
Go testing patterns including table-driven tests, subtests, benchmarks, fuzzing, and test coverage. Follows TDD methodology with idiomatic Go practices.
6.1K