This audits your .claude/ directory for security issues using AgentShield. It scans CLAUDE.md for hardcoded secrets and prompt injection patterns, checks settings.json for overly permissive allow lists, flags risky MCP server configs, and looks for command injection in hooks. You'd run it before committing config changes or when inheriting someone else's Claude Code setup. The --opus flag runs a three-agent red team/blue team analysis if you want deeper coverage. Outputs terminal, JSON, markdown, or HTML. The auto-fix mode handles safe remediations like replacing hardcoded secrets with env var references. Useful security hygiene tool if you're working with Claude Code configurations that touch sensitive repos or production systems.
npx -y skills add affaan-m/ecc --skill security-scan --agent claude-codeInstalls into .claude/skills of the current project.
Select a file.
giuseppe-trisciuoglio/developer-kit