KS
Killer-Skills

security-scan — security-scan claude code security-scan claude code, how to use security-scan skill, claude code security audit, AgentShield security scan, scan .claude directory vulnerabilities, security-scan vs manual audit, install security-scan skill, claude MCP server security, CLAUDE.md security check, security-scan setup guide

Verified
v1.0.0
GitHub

About this Skill

Perfect for AI Agents like Claude Code, AutoGPT, and LangChain needing comprehensive security scans for vulnerability detection and configuration validation. security-scan is an AI agent skill that performs security audits on Claude Code configurations. It leverages AgentShield to scan the .claude/ directory, including files like CLAUDE.md, settings.json, MCP server configs, hooks, and agent definitions for potential security issues.

Features

Scans CLAUDE.md for hardcoded secrets and security misconfigurations
Audits .claude/settings.json for vulnerabilities and injection risks
Checks MCP (Model Context Protocol) server configurations for security issues
Validates agent definitions and hook scripts within the .claude/ directory
Integrates AgentShield for comprehensive security analysis
Designed for pre-commit checks and periodic security hygiene audits

# Core Topics

security-scan claude code how to use security-scan skill claude code security audit AgentShield security scan scan .claude directory vulnerabilities security-scan vs manual audit
affaan-m affaan-m
[62.0k]
[7678]
Updated: 3/6/2026

Quality Score

Top 5%
95
Excellent
Based on code quality & docs
Installation
SYS Universal Install (Auto-Detect)
Cursor IDE Windsurf IDE VS Code IDE
> npx killer-skills add affaan-m/everything-claude-code/security-scan

Agent Capability Analysis

The security-scan MCP Server by affaan-m is an open-source Categories.official integration for Claude and other AI agents, enabling seamless task automation and capability expansion. Optimized for security-scan claude code, how to use security-scan skill, claude code security audit.

Ideal Agent Persona

Perfect for AI Agents like Claude Code, AutoGPT, and LangChain needing comprehensive security scans for vulnerability detection and configuration validation.

Core Value

Empowers agents to detect security vulnerabilities, misconfigurations, and injection risks in their Claude Code configurations using AgentShield, scanning critical files like CLAUDE.md, settings.json, and MCP server configurations.

Capabilities Granted for security-scan MCP Server

Auditing Claude Code configurations for security issues before committing changes
Scanning for potential injection risks in MCP server settings
Validating security hygiene in existing repository configurations

! Prerequisites & Limits

  • Requires AgentShield installation
  • Specific to Claude Code configurations
  • Needs access to .claude/ directory and its files
Project
SKILL.md
4.1 KB
.cursorrules
1.2 KB
package.json
240 B
Ready
UTF-8
SKILL.md
Readonly

Security Scan Skill

Audit your Claude Code configuration for security issues using AgentShield.

When to Activate

  • Setting up a new Claude Code project
  • After modifying .claude/settings.json, CLAUDE.md, or MCP configs
  • Before committing configuration changes
  • When onboarding to a new repository with existing Claude Code configs
  • Periodic security hygiene checks

What It Scans

FileChecks
CLAUDE.mdHardcoded secrets, auto-run instructions, prompt injection patterns
settings.jsonOverly permissive allow lists, missing deny lists, dangerous bypass flags
mcp.jsonRisky MCP servers, hardcoded env secrets, npx supply chain risks
hooks/Command injection via interpolation, data exfiltration, silent error suppression
agents/*.mdUnrestricted tool access, prompt injection surface, missing model specs

Prerequisites

AgentShield must be installed. Check and install if needed:

bash
1# Check if installed
2npx ecc-agentshield --version
3
4# Install globally (recommended)
5npm install -g ecc-agentshield
6
7# Or run directly via npx (no install needed)
8npx ecc-agentshield scan .

Usage

Basic Scan

Run against the current project's .claude/ directory:

bash
1# Scan current project
2npx ecc-agentshield scan
3
4# Scan a specific path
5npx ecc-agentshield scan --path /path/to/.claude
6
7# Scan with minimum severity filter
8npx ecc-agentshield scan --min-severity medium

Output Formats

bash
1# Terminal output (default) — colored report with grade
2npx ecc-agentshield scan
3
4# JSON — for CI/CD integration
5npx ecc-agentshield scan --format json
6
7# Markdown — for documentation
8npx ecc-agentshield scan --format markdown
9
10# HTML — self-contained dark-theme report
11npx ecc-agentshield scan --format html > security-report.html

Auto-Fix

Apply safe fixes automatically (only fixes marked as auto-fixable):

bash
1npx ecc-agentshield scan --fix

This will:

  • Replace hardcoded secrets with environment variable references
  • Tighten wildcard permissions to scoped alternatives
  • Never modify manual-only suggestions

Opus 4.6 Deep Analysis

Run the adversarial three-agent pipeline for deeper analysis:

bash
1# Requires ANTHROPIC_API_KEY
2export ANTHROPIC_API_KEY=your-key
3npx ecc-agentshield scan --opus --stream

This runs:

  1. Attacker (Red Team) — finds attack vectors
  2. Defender (Blue Team) — recommends hardening
  3. Auditor (Final Verdict) — synthesizes both perspectives

Initialize Secure Config

Scaffold a new secure .claude/ configuration from scratch:

bash
1npx ecc-agentshield init

Creates:

  • settings.json with scoped permissions and deny list
  • CLAUDE.md with security best practices
  • mcp.json placeholder

GitHub Action

Add to your CI pipeline:

yaml
1- uses: affaan-m/agentshield@v1
2  with:
3    path: '.'
4    min-severity: 'medium'
5    fail-on-findings: true

Severity Levels

GradeScoreMeaning
A90-100Secure configuration
B75-89Minor issues
C60-74Needs attention
D40-59Significant risks
F0-39Critical vulnerabilities

Interpreting Results

Critical Findings (fix immediately)

  • Hardcoded API keys or tokens in config files
  • Bash(*) in the allow list (unrestricted shell access)
  • Command injection in hooks via ${file} interpolation
  • Shell-running MCP servers

High Findings (fix before production)

  • Auto-run instructions in CLAUDE.md (prompt injection vector)
  • Missing deny lists in permissions
  • Agents with unnecessary Bash access

Medium Findings (recommended)

  • Silent error suppression in hooks (2>/dev/null, || true)
  • Missing PreToolUse security hooks
  • npx -y auto-install in MCP server configs

Info Findings (awareness)

  • Missing descriptions on MCP servers
  • Prohibitive instructions correctly flagged as good practice

Links

Related Skills

Looking for an alternative to security-scan or building a Categories.official AI Agent? Explore these related open-source MCP Servers.

View All

flags

Logo of facebook
facebook

flags is a feature flag management system that enables developers to check flag states, compare channels, and debug feature behavior differences across release channels.

243.6k
0
Design

extract-errors

Logo of facebook
facebook

extract-errors is a skill that assists in extracting and managing error codes in React applications using yarn extract-errors command.

243.6k
0
Design

fix

Logo of facebook
facebook

fix is a technical skill that resolves lint errors, formatting issues, and ensures code quality in declarative, frontend, and UI projects

243.6k
0
Design

flow

Logo of facebook
facebook

Flow is a type checking system for JavaScript, used to validate React code and ensure consistency across applications

243.6k
0
Design

Related Collections

View All Collections →
Top 12 AI Agent Tools for Enhanced Development & Productivity [12] Top Community AI Tools & MCP Servers [12] Top Developer Tools AI Agents & MCP Servers [12] Top 12 MCP Servers for AI Development [12] Top 12 Official AI Tools & MCP Servers [12] Top 5 Productivity AI Tools & MCP Servers [5]