{"id":50101855,"url":"https://github.com/danielrosehill/Claude-Security-Auditor-Plugin","last_synced_at":"2026-06-08T23:01:15.296Z","repository":{"id":320798836,"uuid":"1083208501","full_name":"danielrosehill/Claude-Security-Auditor-Plugin","owner":"danielrosehill","description":"Pattern/model for using CC for conducting device level security audits","archived":false,"fork":false,"pushed_at":"2026-04-30T18:55:06.000Z","size":38,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-03T15:30:41.935Z","etag":null,"topics":["claude-code","lan-audit","security"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/danielrosehill.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-25T15:02:06.000Z","updated_at":"2026-04-30T18:55:11.000Z","dependencies_parsed_at":null,"dependency_job_id":"a5bb867e-8236-4d94-9ed6-fe86e4fa8898","html_url":"https://github.com/danielrosehill/Claude-Security-Auditor-Plugin","commit_stats":null,"previous_names":["danielrosehill/claude-code-security-auditor","danielrosehill/claude-security-auditor-plugin"],"tags_count":0,"template":true,"template_full_name":null,"purl":"pkg:github/danielrosehill/Claude-Security-Auditor-Plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielrosehill%2FClaude-Security-Auditor-Plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielrosehill%2FClaude-Security-Auditor-Plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielrosehill%2FClaude-Security-Auditor-Plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielrosehill%2FClaude-Security-Auditor-Plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/danielrosehill","download_url":"https://codeload.github.com/danielrosehill/Claude-Security-Auditor-Plugin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielrosehill%2FClaude-Security-Auditor-Plugin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34083848,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["claude-code","lan-audit","security"],"created_at":"2026-05-23T08:00:31.592Z","updated_at":"2026-06-08T23:01:15.282Z","avatar_url":"https://github.com/danielrosehill.png","language":"Shell","funding_links":[],"categories":["🛠️ Security Tools and Scanners"],"sub_categories":["Claude Code Specific"],"readme":"# Security Auditor\n\nA Claude Code plugin for managing a fleet of machines and running repeatable security audits over SSH. Each machine gets a persistent profile and a timestamped report history; audits can be diffed across runs to surface drift.\n\n## What it does\n\n- Register machines with structured profiles (SSH address, OS, privilege level, purpose).\n- Run security audits over SSH using Claude Code (or fall back to direct shell checks).\n- Persist timestamped audit reports per machine.\n- Diff successive audits to highlight new findings, resolved issues, and drift.\n- List, edit, and remove machines from the fleet.\n\n## Skills\n\n| Skill | Purpose |\n|---|---|\n| `add-machine` | Register a new machine for auditing. |\n| `edit-machine` | Update an existing machine's profile. |\n| `audit-machine` | Run a security audit on one registered machine. |\n| `audit-all` | Audit every registered machine in one pass. |\n| `list-machines` | List the fleet — brief, detailed, with live status, or as JSON. |\n| `view-audit-report` | Display the latest (or a specified) audit report for a machine. |\n| `compare-audits` | Diff the two most recent audits for a machine and surface what changed. |\n| `remove-machine` | Deregister a machine (archived to a trash dir). |\n| `onboard` | First-run setup — verify deps, create the data dir, scaffold a first machine. |\n\n## Installation\n\n```bash\nclaude plugins install security-auditor@danielrosehill\n```\n\nOr for project-scoped use:\n\n```bash\nclaude plugins install security-auditor@danielrosehill --scope project\n```\n\n## Requirements\n\n- `bash` 4.0+\n- `python3` 3.6+\n- `ssh`, `scp` with key-based authentication to each machine you want to audit\n- (Optional, on the remote) Claude Code — used for richer audits when present, with a shell-only fallback when not\n\n## Data storage\n\nMachine profiles, audit reports, and the fleet log live under:\n\n```\n${CLAUDE_USER_DATA:-${XDG_DATA_HOME:-$HOME/.local/share}/claude-plugins}/security-auditor/data/machines/\u003cmachine-name\u003e/\n```\n\nPer-machine layout:\n\n- `claude-profile.json` — structured profile\n- `user-responses.json` / `user-responses.md` — original onboarding inputs\n- `readable-profile.md` — human-readable narrative profile\n- `audit-log.json` — timestamped event log\n- `reports/\u003ctimestamp\u003e/audit-report.md` — full audit reports\n- `reports/latest/` → symlink to the most recent report\n\nThis data persists across plugin updates.\n\n## Audit coverage\n\nThe default audit checklist covers seven domains:\n\n1. Antivirus / endpoint protection presence and configuration\n2. Automatic security update status\n3. Rootkit / IOC detection tooling\n4. File and directory permission posture\n5. User account hygiene (sudo, idle accounts, password policy)\n6. Network exposure (firewall, open ports, listening services)\n7. Auxiliary hardening (fail2ban, SSH config, etc.)\n\nThe checklist is currently Linux-shaped. macOS and Windows targets work with caveats — flag any false positives via the repo's issue tracker.\n\n## Quick start\n\n1. `/security-auditor:onboard` — verifies dependencies and creates the data dir.\n2. `/security-auditor:add-machine` — register your first machine.\n3. `/security-auditor:audit-machine \u003cmachine-name\u003e` — run the audit.\n4. `/security-auditor:view-audit-report \u003cmachine-name\u003e` — read the report.\n\n## Status\n\nInitial release: ports the upstream `Claude-Code-Security-Auditor` toolkit into a Claude Code plugin. The vendored bash scripts under `scripts/` retain their original interface for direct use; the skills wrap them with the plugin's data-storage convention.\n\n## Licence\n\nMIT — see `LICENSE`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanielrosehill%2FClaude-Security-Auditor-Plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanielrosehill%2FClaude-Security-Auditor-Plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanielrosehill%2FClaude-Security-Auditor-Plugin/lists"}