← 返回
未分类 中文

Claude Code Security Scan

Audit Claude Code configuration for security vulnerabilities, misconfigurations, and injection risks using AgentShield. Scans settings, MCP servers, hooks, a...
使用AgentShield 审计 Claude Code 配置的安全漏洞、错误配置和注入风险。扫描设置、MCP 服务器、钩子等。
djc00p djc00p 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 427
下载
💾 0
安装
1
版本
#latest

概述

Security Scan

Audit Claude Code configuration for security issues using AgentShield.

When to Activate

  • Setting up a new Claude Code project
  • After modifying settings.json, CLAUDE.md, or MCP configs
  • Before committing configuration changes
  • Onboarding to repo with existing configs
  • Periodic security hygiene checks

What It Scans

  • CLAUDE.md — Hardcoded secrets, auto-run instructions, injection patterns
  • settings.json — Overly permissive allow lists, missing deny lists
  • mcp.json — Risky MCP servers, hardcoded env secrets
  • hooks/ — Command injection via interpolation, data exfiltration
  • agents/ — Unrestricted tool access, missing model specs

Setup & Usage

# Install globally (recommended)
npm install -g ecc-agentshield

# Or run via npx (no install needed)
npx ecc-agentshield scan

Commands

# Basic scan
npx ecc-agentshield scan

# Scan specific path
npx ecc-agentshield scan --path /path/to/.claude

# Filter by severity
npx ecc-agentshield scan --min-severity medium

# Output formats
npx ecc-agentshield scan --format json
npx ecc-agentshield scan --format markdown
npx ecc-agentshield scan --format html > report.html

# Auto-fix safe issues
npx ecc-agentshield scan --fix

# Deep analysis (requires ANTHROPIC_API_KEY)
npx ecc-agentshield scan --opus --stream

# Initialize secure config
npx ecc-agentshield init

Severity Grades

GradeScoreMeaning
-----------------------
A90-100Secure
B75-89Minor issues
C60-74Needs attention
D40-59Significant risks
F0-39Critical

Critical Findings (Fix Immediately)

  • Hardcoded API keys in config
  • Bash(*) unrestricted shell access
  • Command injection via ${file} interpolation
  • Shell-running MCP servers

High Findings (Fix Before Production)

  • Auto-run instructions in CLAUDE.md
  • Missing deny lists
  • Unnecessary Bash access in agents

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-05-03 09:03 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 31,098
it-ops-security

Free Ride - Unlimited free AI

shaivpidadi
管理OpenClaw的OpenRouter免费AI模型,自动按质量排名模型,配置速率限制备用方案,并更新opencla...
★ 472 📥 78,678
it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装后可防止您和您的用户受到提示注入、数据泄露及恶意行为的侵害。
★ 116 📥 31,033