OpenSkillIndex← back to search
claude-codesecurity

Vibecosystem config-security-scan

Scan .claude/ directory for security misconfigurations, exposed secrets, unsafe permissions

install
source · Clone the upstream repo
git clone https://github.com/vibeeval/vibecosystem
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/vibeeval/vibecosystem "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/config-security-scan" ~/.claude/skills/vibeeval-vibecosystem-config-security-scan && rm -rf "$T"
manifest: skills/config-security-scan/SKILL.md
tags
#security#config#scan#audit#secrets#permissions
source content

Config Security Scan

Scan your 

.claude/
directory and related configuration files for security issues. Inspired by AgentShield pattern - checks CLAUDE.md, settings.json, MCP configs, hooks, and agent definitions for misconfigurations, exposed secrets, and unsafe permissions.

Usage

/config-security-scan [path]

Default path: 

.claude/
in current project.

What It Checks

1. Secrets Detection (CRITICAL)

- API keys, tokens, passwords in CLAUDE.md
- Hardcoded credentials in hook scripts
- Secrets in MCP server configs
- Bearer tokens in agent definitions
- .env files committed to git

2. Permission Escalation (HIGH)

- dangerouslySkipPermissions in settings.json
- Overly broad tool permissions (all tools for simple agents)
- MCP servers with filesystem write access
- Hooks with shell execution and no validation
- Agents with Bash tool that don't need it

3. MCP Server Security (HIGH)

- Unknown/untrusted MCP servers
- MCP servers with network access + filesystem access
- Missing authentication on MCP endpoints
- MCP servers running as root/admin
- Unverified npm packages in MCP configs

4. Hook Security (MEDIUM)

- Hooks that execute user input
- Hooks without error handling
- Hooks that modify git config
- Hooks that access external networks
- Hooks with hardcoded paths

5. Agent Definition Security (MEDIUM)

- Agents with unnecessary tools
- Agents with system-level Bash access
- Agent descriptions that could enable prompt injection
- Agents without clear scope boundaries

6. Configuration Hygiene (LOW)

- Unused MCP server configs
- Deprecated settings
- Conflicting rules
- Missing recommended security settings

Scan Procedure

# Step 1: Find all config files
find .claude/ -type f \( -name "*.json" -o -name "*.md" -o -name "*.yml" -o -name "*.yaml" -o -name "*.js" -o -name "*.mjs" -o -name "*.ts" \)

# Step 2: Secret patterns
grep -rn "api[_-]?key\|password\|secret\|token\|bearer\|sk-\|pk_\|ghp_\|gho_\|xoxb-\|xoxp-" .claude/

# Step 3: Permission checks
grep -rn "dangerouslySkipPermissions\|allowedTools.*Bash\|shell_exec\|eval(" .claude/

# Step 4: MCP config review
cat .mcp.json 2>/dev/null | jq '.mcpServers | keys'

# Step 5: Hook review
ls .claude/hooks/ 2>/dev/null

Output Format

# Config Security Scan Report
Scanned: [path]
Date: [timestamp]

## Summary
- CRITICAL: X issues
- HIGH: Y issues
- MEDIUM: Z issues
- LOW: W issues

## CRITICAL Issues

### [Issue Title]
**File:** [path]
**Line:** [number]
**Issue:** [description]
**Fix:** [remediation]

## Recommendations
1. [Action item]

Hard Exclusion List (Skip These)

These are NOT security issues in the .claude/ context:

  • Environment variable references (not actual values)
  • Test/example credentials clearly marked as such
  • Public API keys meant to be public
  • SHA hashes used as identifiers
  • Base64-encoded non-secret data
  • localhost/127.0.0.1 URLs

Integration

  • security-reviewer: Calls this skill during security audits
  • verifier: Includes config scan in pre-commit checks
  • shipper: Runs before deployments