Diablo_Rain/Diablo_ClaudeMD_Ricing_example
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
master
Diablo_ClaudeMD_Ricing_example/skills/security-audit/SKILL.md
diablo 50fa79407d
Some checks are pending
CI — CoM Config Validation / Validate JSON Configs (push) Waiting to run
Details
CI — CoM Config Validation / Validate YAML Configs (push) Waiting to run
Details
CI — CoM Config Validation / Lint Shell Scripts (push) Waiting to run
Details
CI — CoM Config Validation / Secret Detection (push) Waiting to run
Details
CI — CoM Config Validation / Lint Markdown (push) Waiting to run
Details
CI — CoM Config Validation / Validate CODEOWNERS (push) Waiting to run
Details
CoM Claude Command Center — sanitized public configuration 
Public, sanitized mirror of an AI orchestration command center: agents, skills,
MCP servers, slash-command workflows. All infrastructure identifiers, hostnames,
mesh IPs/subnets, repo paths, maintainer identity, and hardware fleet specifics
scrubbed to <placeholders>; session debug logs and host-specific memory removed.
No live credentials. Verified clean by automated leak sweep. See SANITIZATION.md.

churchofmalware.org . authorized research only
2026-06-10 02:02:03 -04:00

73 lines
2.4 KiB
Markdown
Raw Permalink Blame History

---
name: security-audit
description: Automated security audit of the .claude configuration and system posture. Checks env vars, hooks, credentials, WSL, SSH, Tailscale, and reports pass/fail with recommendations.
allowed-tools: Bash, Read, Grep, Glob
---
# /security-audit — CoM Configuration Security Audit
Comprehensive automated audit of this admin node's security posture.
## Checks (run all):
### 1. Environment Variables
Verify required env vars are set:
- `GITHUB_TOKEN` — GitHub MCP
- `SLACK_BOT_TOKEN` — Slack MCP
- `BRAVE_API_KEY` — Brave Search MCP
Report: set/missing for each.
### 2. Credential Exposure Scan
Scan these files for plaintext secrets:
- `~/.claude/settings.json`
- `~/.claude/settings.local.json`
- `~/.claude/config.json`
Flag any API keys, tokens, or passwords stored in plaintext.
### 3. Hook Validation
Verify all hooks are active:
- `~/.claude/hooks/pre-tool-validate.sh` exists and is executable
- `~/.claude/hooks/post-download-scan.sh` exists and is executable
- `~/.claude/hooks/session-cleanup.sh` exists and is executable
- settings.json references all 4 hook events (SessionStart, PreToolUse, PostToolUse, Stop)
### 4. Permission Deny List
Verify the deny list in settings.json blocks:
- rm -rf, format, del /s /q
- PowerShell Remove-Item recursive
- Registry deletion, boot config modification
- Pipe-to-shell patterns
- .env and .key file writes
### 5. Network Security
- Tailscale status: `tailscale status` — connected nodes, health
- SSH server: port, key-auth only, password disabled
- RDP: NLA enabled, firewall rule restricted
- Open ports: `netstat -an | grep LISTEN`
### 6. WSL Security
- WSL version (should be 2)
- Distro state (running/stopped)
- Check for exposed SSH from WSL to host
### 7. Constitution Compliance
Verify A2A files exist:
- `~/.claude/a2a/agent-cards.json`
- `~/.claude/a2a/constitution.md`
Verify 5 non-negotiables are documented.
## Output Format
```
SECURITY AUDIT REPORT — [date]
═══════════════════════════
[PASS] Environment: 3/3 vars set
[WARN] Credentials: API key in config.json (rotate recommended)
[PASS] Hooks: 3/3 scripts active, 4/4 events configured
[PASS] Permissions: 13 deny rules active
[PASS] Network: Tailscale connected, SSH key-only
[PASS] WSL: v2, Kali running
[PASS] Constitution: A2A governance active
═══════════════════════════
Overall: 6 PASS, 1 WARN, 0 FAIL
```
Reference in New Issue View Git Blame Copy Permalink