cc-audit
🥈SilverAI-free static security scanner for Claude Code artifacts. Detects data exfiltration, prompt injection, and supply chain risks. Works with Skills, Hooks, and MCP configs. Provides deterministic, reproducible results for operations teams.
1500Updated 1mo ago
Intermediate30min to implementautomation
Saves ~180 min per use
Quick InstallView Source
git clone https://github.com/ryo-ebata/cc-audit.gitWorks with:
Claude
Overview
About This Skill
AI-free static security scanner for Claude Code artifacts. Detects data exfiltration, prompt injection, and supply chain risks. Works with Skills, Hooks, and MCP configs. Provides deterministic, reproducible results for operations teams.
Tags
Setup & Installation
Quick Install
No install command available. Check the GitHub repository for manual installation instructions.
Alternative Install (Git Clone)
git clone https://github.com/ryo-ebata/cc-auditRequirements
- Claude Code or compatible AI agent
- Works with: Claude
Quick Start Guide
1
Install the Skill
Copy the install command above and run it in your terminal.
2
Open Your AI Agent
Launch Claude Code, Cursor, or your preferred AI coding agent.
3
Try It Out
Use the prompt template or examples below to test the skill.
4
Customize
Adapt the skill to your specific use case and workflow.
Usage Examples
Prompt Template
Run a security audit on the following Claude Code artifact: [ARTIFACT]. Check for data exfiltration, prompt injection, and supply chain risks. Provide a detailed report with findings and recommendations. The artifact is used by [COMPANY] in the [INDUSTRY] sector.
Example Output
## Security Audit Report ### Artifact: Customer Support Skill ### Company: TechCorp ### Industry: Retail #### Findings: - **Data Exfiltration Risk**: The skill sends customer data to an external API endpoint (`api.externalvendor.com`). This endpoint is not whitelisted in the company's security policy. - **Prompt Injection Risk**: The skill uses user input directly in prompts without proper sanitization. This could allow malicious users to inject harmful instructions. - **Supply Chain Risk**: The skill depends on a third-party library (`lib:external/analytics`) that has not been updated in over a year and may contain vulnerabilities. #### Recommendations: - **Data Exfiltration**: Replace the external API endpoint with a whitelisted internal API or implement strict data filtering. - **Prompt Injection**: Sanitize user input and implement input validation to prevent injection attacks. - **Supply Chain**: Update the third-party library to the latest version or find an alternative with active maintenance. ### Conclusion: The artifact has several security risks that need to be addressed to ensure the safety and integrity of the system.
Apply to these tools
Browse all toolsHook
Agents that listen, think and act for you.
Claude
AI assistant built for thoughtful, nuanced conversation
IronCalc
IronCalc is a spreadsheet engine and ecosystem
Supahub
Customer feedback management made simple
ServiceNow
Enterprise workflow automation and service management platform
GPT for work
Automate your spreadsheet tasks with AI power
Compatible MCP servers
Browse all MCP servers
Find the right skills for your stack
Take a free 3-minute scan and get personalized AI skill recommendations.
Take free scan