Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/danielrosehill/Claude-Security-Auditor-Plugin

Pattern/model for using CC for conducting device level security audits
https://github.com/danielrosehill/Claude-Security-Auditor-Plugin

claude-code lan-audit security

Last synced: 7 days ago
JSON representation

Pattern/model for using CC for conducting device level security audits

Awesome Lists containing this project

README 

          
# Security Auditor



A Claude Code plugin for managing a fleet of machines and running repeatable security audits over SSH. Each machine gets a persistent profile and a timestamped report history; audits can be diffed across runs to surface drift.



## What it does



- Register machines with structured profiles (SSH address, OS, privilege level, purpose).

- Run security audits over SSH using Claude Code (or fall back to direct shell checks).

- Persist timestamped audit reports per machine.

- Diff successive audits to highlight new findings, resolved issues, and drift.

- List, edit, and remove machines from the fleet.



## Skills



| Skill | Purpose |

|---|---|

| `add-machine` | Register a new machine for auditing. |

| `edit-machine` | Update an existing machine's profile. |

| `audit-machine` | Run a security audit on one registered machine. |

| `audit-all` | Audit every registered machine in one pass. |

| `list-machines` | List the fleet — brief, detailed, with live status, or as JSON. |

| `view-audit-report` | Display the latest (or a specified) audit report for a machine. |

| `compare-audits` | Diff the two most recent audits for a machine and surface what changed. |

| `remove-machine` | Deregister a machine (archived to a trash dir). |

| `onboard` | First-run setup — verify deps, create the data dir, scaffold a first machine. |



## Installation



```bash

claude plugins install security-auditor@danielrosehill

```



Or for project-scoped use:



```bash

claude plugins install security-auditor@danielrosehill --scope project

```



## Requirements



- `bash` 4.0+

- `python3` 3.6+

- `ssh`, `scp` with key-based authentication to each machine you want to audit

- (Optional, on the remote) Claude Code — used for richer audits when present, with a shell-only fallback when not



## Data storage



Machine profiles, audit reports, and the fleet log live under:



```

${CLAUDE_USER_DATA:-${XDG_DATA_HOME:-$HOME/.local/share}/claude-plugins}/security-auditor/data/machines//

```



Per-machine layout:



- `claude-profile.json` — structured profile

- `user-responses.json` / `user-responses.md` — original onboarding inputs

- `readable-profile.md` — human-readable narrative profile

- `audit-log.json` — timestamped event log

- `reports//audit-report.md` — full audit reports

- `reports/latest/` → symlink to the most recent report



This data persists across plugin updates.



## Audit coverage



The default audit checklist covers seven domains:



1. Antivirus / endpoint protection presence and configuration

2. Automatic security update status

3. Rootkit / IOC detection tooling

4. File and directory permission posture

5. User account hygiene (sudo, idle accounts, password policy)

6. Network exposure (firewall, open ports, listening services)

7. Auxiliary hardening (fail2ban, SSH config, etc.)



The checklist is currently Linux-shaped. macOS and Windows targets work with caveats — flag any false positives via the repo's issue tracker.



## Quick start



1. `/security-auditor:onboard` — verifies dependencies and creates the data dir.

2. `/security-auditor:add-machine` — register your first machine.

3. `/security-auditor:audit-machine ` — run the audit.

4. `/security-auditor:view-audit-report ` — read the report.



## Status



Initial release: ports the upstream `Claude-Code-Security-Auditor` toolkit into a Claude Code plugin. The vendored bash scripts under `scripts/` retain their original interface for direct use; the skills wrap them with the plugin's data-storage convention.



## Licence



MIT — see `LICENSE`.