Diablo_Rain/Diablo_ClaudeMD_Ricing_example
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
master
Diablo_ClaudeMD_Ricing_example/skills/security-audit/SKILL.md
diablo 50fa79407d
Some checks are pending
CI — CoM Config Validation / Validate JSON Configs (push) Waiting to run
Details
CI — CoM Config Validation / Validate YAML Configs (push) Waiting to run
Details
CI — CoM Config Validation / Lint Shell Scripts (push) Waiting to run
Details
CI — CoM Config Validation / Secret Detection (push) Waiting to run
Details
CI — CoM Config Validation / Lint Markdown (push) Waiting to run
Details
CI — CoM Config Validation / Validate CODEOWNERS (push) Waiting to run
Details
CoM Claude Command Center — sanitized public configuration 
Public, sanitized mirror of an AI orchestration command center: agents, skills,
MCP servers, slash-command workflows. All infrastructure identifiers, hostnames,
mesh IPs/subnets, repo paths, maintainer identity, and hardware fleet specifics
scrubbed to <placeholders>; session debug logs and host-specific memory removed.
No live credentials. Verified clean by automated leak sweep. See SANITIZATION.md.

churchofmalware.org . authorized research only
2026-06-10 02:02:03 -04:00

2.4 KiB
Raw Permalink Blame History

name description allowed-tools
security-audit Automated security audit of the .claude configuration and system posture. Checks env vars, hooks, credentials, WSL, SSH, Tailscale, and reports pass/fail with recommendations. Bash, Read, Grep, Glob

/security-audit — CoM Configuration Security Audit

Comprehensive automated audit of this admin node's security posture.

Checks (run all):

1. Environment Variables

Verify required env vars are set:

  • GITHUB_TOKEN — GitHub MCP
  • SLACK_BOT_TOKEN — Slack MCP
  • BRAVE_API_KEY — Brave Search MCP Report: set/missing for each.

2. Credential Exposure Scan

Scan these files for plaintext secrets:

  • ~/.claude/settings.json
  • ~/.claude/settings.local.json
  • ~/.claude/config.json Flag any API keys, tokens, or passwords stored in plaintext.

3. Hook Validation

Verify all hooks are active:

  • ~/.claude/hooks/pre-tool-validate.sh exists and is executable
  • ~/.claude/hooks/post-download-scan.sh exists and is executable
  • ~/.claude/hooks/session-cleanup.sh exists and is executable
  • settings.json references all 4 hook events (SessionStart, PreToolUse, PostToolUse, Stop)

4. Permission Deny List

Verify the deny list in settings.json blocks:

  • rm -rf, format, del /s /q
  • PowerShell Remove-Item recursive
  • Registry deletion, boot config modification
  • Pipe-to-shell patterns
  • .env and .key file writes

5. Network Security

  • Tailscale status: tailscale status — connected nodes, health
  • SSH server: port, key-auth only, password disabled
  • RDP: NLA enabled, firewall rule restricted
  • Open ports: netstat -an | grep LISTEN

6. WSL Security

  • WSL version (should be 2)
  • Distro state (running/stopped)
  • Check for exposed SSH from WSL to host

7. Constitution Compliance

Verify A2A files exist:

  • ~/.claude/a2a/agent-cards.json
  • ~/.claude/a2a/constitution.md Verify 5 non-negotiables are documented.

Output Format

SECURITY AUDIT REPORT — [date]
═══════════════════════════
[PASS] Environment: 3/3 vars set
[WARN] Credentials: API key in config.json (rotate recommended)
[PASS] Hooks: 3/3 scripts active, 4/4 events configured
[PASS] Permissions: 13 deny rules active
[PASS] Network: Tailscale connected, SSH key-only
[PASS] WSL: v2, Kali running
[PASS] Constitution: A2A governance active
═══════════════════════════
Overall: 6 PASS, 1 WARN, 0 FAIL