Name: jbvc/claude-security-scan
Rating: 0.18 (1 reviews)
Author: jbvc

jbvc/claude-security-scan

Scan your Claude Code configuration (.claude/ directory) for security vulnerabilities, misconfigurations, and injection risks using AgentShield. Checks CLAUDE.md, settings.json, MCP servers, hooks, and agent definitions.

Quality

18%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Validation failed for skills in this tile

One or more skills have errors that need to be fixed before they can move to Implementation and Discovery review.

Security

1 medium severity finding. This skill can be installed but you should review these findings before use.

Medium

W012: Unverifiable external dependency detected (runtime URL that controls agent)

What this means

The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.

Why it was flagged

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires and instructs running an external npm package via npx which will fetch and execute remote code at runtime (e.g., https://www.npmjs.com/package/ecc-agentshield and the associated repo https://github.com/affaan-m/agentshield), so it relies on external code execution.

Report incorrect finding

Audited: 1 day ago
Security analysis