π¦ ClawHub
Claude Code Security Scan
by @djc00p
Audit Claude Code configuration for security vulnerabilities, misconfigurations, and injection risks using AgentShield. Scans settings, MCP servers, hooks, a...
TERMINAL
clawhub install claude-code-security-scanπ About This Skill
name: claude-code-security-scan description: "Audit Claude Code configuration for security vulnerabilities, misconfigurations, and injection risks using AgentShield. Scans settings, MCP servers, hooks, agents, and hardcoded secrets. Trigger phrases: security audit, scan config, find vulnerabilities, check MCP, security check, hardcoded secrets. Adapted from everything-claude-code by @affaan-m (MIT)" metadata: {"clawdbot":{"emoji":"π","requires":{"bins":["npm","node"],"env":[],"optional_env":["ANTHROPIC_API_KEY"]},"os":["linux","darwin","win32"]}}
Security Scan
Audit Claude Code configuration for security issues using AgentShield.
When to Activate
What It Scans
CLAUDE.md β Hardcoded secrets, auto-run instructions, injection patternssettings.json β Overly permissive allow lists, missing deny listsmcp.json β Risky MCP servers, hardcoded env secretshooks/ β Command injection via interpolation, data exfiltrationagents/ β Unrestricted tool access, missing model specsSetup & Usage
# Install globally (recommended)
npm install -g ecc-agentshieldOr run via npx (no install needed)
npx ecc-agentshield scan
Commands
# Basic scan
npx ecc-agentshield scanScan specific path
npx ecc-agentshield scan --path /path/to/.claudeFilter by severity
npx ecc-agentshield scan --min-severity mediumOutput formats
npx ecc-agentshield scan --format json
npx ecc-agentshield scan --format markdown
npx ecc-agentshield scan --format html > report.htmlAuto-fix safe issues
npx ecc-agentshield scan --fixDeep analysis (requires ANTHROPIC_API_KEY)
npx ecc-agentshield scan --opus --streamInitialize secure config
npx ecc-agentshield init
Severity Grades
| Grade | Score | Meaning | |-------|-------|---------| | A | 90-100 | Secure | | B | 75-89 | Minor issues | | C | 60-74 | Needs attention | | D | 40-59 | Significant risks | | F | 0-39 | Critical |
Critical Findings (Fix Immediately)
Bash(*) unrestricted shell access${file} interpolation