CtrlK
BlogDocsLog inGet started
Tessl Logo

security-scan

AgentShield を使用して、Claude Code の設定(.claude/ ディレクトリ)のセキュリティ脆弱性、設定ミス、インジェクションリスクをスキャンします。CLAUDE.md、settings.json、MCP サーバー、フック、エージェント定義をチェックします。

82

2.25x
Quality

73%

Does it follow best practices?

Impact

97%

2.25x

Average score across 3 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./docs/ja-JP/skills/security-scan/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

91%

51%

Claude Code Configuration Security Audit

Security audit with structured output

Criteria
Without context
With context

Uses ecc-agentshield

0%

100%

Checks install first

0%

100%

Targets .claude/ directory

0%

100%

JSON output format

0%

100%

Output file saved

100%

100%

Grade/score present

100%

100%

Critical findings identified

100%

100%

Severity interpretation

100%

100%

Min-severity filter used

0%

0%

No alternative tool

0%

100%

100%

69%

Automated Security Gate for Claude Code Configurations

CI/CD GitHub Actions integration

Criteria
Without context
With context

Correct action reference

0%

100%

path parameter set

0%

100%

min-severity parameter set

0%

100%

min-severity value is medium or stricter

0%

100%

fail-on-findings enabled

0%

100%

Triggers on pull_request

100%

100%

Proper YAML action syntax

0%

100%

No hardcoded secrets

100%

100%

Workflow file location

100%

100%

Documentation included

80%

100%

100%

41%

Bootstrapping a Secure Claude Code Project Configuration

Secure configuration initialization

Criteria
Without context
With context

Uses init command

0%

100%

Does not manually craft config

0%

100%

settings.json has scoped permissions

100%

100%

settings.json has deny list

100%

100%

CLAUDE.md created

100%

100%

mcp.json placeholder created

100%

100%

Post-init scan run

50%

100%

Scan uses ecc-agentshield

0%

100%

Scan result saved

100%

100%

Setup script produced

100%

100%

Repository
affaan-m/everything-claude-code
Commit

5df943e

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Claude Code Configuration Security AuditAutomated Security Gate for Claude Code ConfigurationsBootstrapping a Secure Claude Code Project Configuration

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill