Security Scanning

Overview

AgentShield security audit methodology adapted from the Everything Claude Code project. Scans across 5 categories with 102 static analysis rules.

Scanning Categories

1. Secrets Detection (14 Pattern Categories)

• AWS access keys (AKIA pattern)
• GitHub tokens (ghp_, gho_, ghs_, ghr_)
• Generic API keys and bearer tokens
• Database connection strings with credentials
• Private keys (RSA, EC, SSH)
• JWT secrets and signing keys
• OAuth client secrets
• Slack tokens and webhooks
• Cloud provider credentials (GCP, Azure)

2. Permission Auditing

• File system read/write scope
• Network calls and protocols
• Process execution (child_process)
• File permissions (777, world-writable)
• CORS and CSP headers
• Docker privilege escalation

3. Hook Injection Analysis

• Git hooks for command injection
• npm lifecycle scripts (preinstall, postinstall)
• Claude Code hooks for unsafe patterns
• eval()/Function()/dynamic code execution
• Unvalidated user input in shell commands

4. MCP Risk Profiling

• Tool permission inventory
• Data exposure risk mapping
• Transport security (stdio vs SSE vs HTTP)
• Prompt injection via tool descriptions
• Rate limiting verification

5. Agent Config Review

• Model settings integrity
• Prompt injection resistance
• Tool allowlist scoping
• Output validation and sanitization
• Information leakage in error messages

Optional: Red Team Simulation

• Attack simulation against found vulnerabilities
• Exploitability rating: trivial, moderate, difficult, theoretical
• Blue-team defense recommendations

When to Use

• Pre-deployment security review
• New dependency introduction
• Hook or plugin configuration changes
• Agent or MCP server setup

Agents Used

• security-reviewer (primary consumer)