Pricing

Pay per usage

CLAUDE.md Security Auditor — Scan AI Agent Configs

Scan any GitHub repo's CLAUDE.md + .claude/hooks/* for hardcoded secrets, prompt-injection patterns, destructive commands, and AI-agent security antipatterns. Free triage, paid full audit.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

Yanlong Mu

Actor stats

Bookmarked

Total users

Monthly active users

4 hours ago

Last modified

CLAUDE.md Security Auditor

Scan any AI agent project's CLAUDE.md, settings, and hooks for security antipatterns — secrets, prompt-injection, destructive commands, exfil channels.

What does this Actor do?

This Actor takes a GitHub repository URL (or pasted CLAUDE.md content) and produces a security audit report flagging:

Hardcoded secrets: Anthropic / OpenAI / GitHub / AWS / Supabase / Slack tokens that should be env vars
Prompt-injection vectors: bypass-permissions, --dangerously-skip-permissions, "ignore previous instructions" patterns
Destructive command exec: rm -rf $HOME, sudo rm, curl | sh, eval $var in hook scripts
Permission antipatterns: chmod 777, world-writable assets
Exfiltration channels: outbound curl / wget to dynamic webhook endpoints (webhook.site, requestbin, ngrok)

Output: structured JSON findings + downloadable Markdown report ranked by severity (critical/high/medium/low).

Why use this Actor?

CLAUDE.md and .claude/hooks/* are the new attack surface. Anyone who can edit them controls what Claude Code does on the user's machine. The 2026 trend of "agent skills marketplaces" + "plugin distribution" means you're going to be installing other people's CLAUDE.md and hooks — and most of them aren't audited.

Use cases:

Pre-install audit: scan a community CLAUDE.md / plugin / skill before installing it locally
CI/CD gate: run this Actor on every PR that touches CLAUDE.md or .claude/
Team standardization: audit all repos in your org for AI-agent hygiene
Personal hygiene: scan your own configs to catch the time you committed a sk-ant- token by accident

How to use

Paste a GitHub repo as owner/repo (e.g. anthropics/claude-code) into the GitHub repo field, OR paste your CLAUDE.md content into the textarea
(Optional) Paste concatenated hook scripts into the second textarea
Click Start
View results in the Output tab, or download the full Markdown report from the Storage tab → Key-Value Store → security-report.md

Input

githubRepo — owner/repo format. Public repos only (no GitHub auth needed; rate-limited to 60 req/hour from anonymous IPs)
claudeMdContent — paste CLAUDE.md content directly (use if your repo is private)
hooksDirContent — paste concatenated hook scripts for additional scanning

Output

{
  "repo": "anthropics/claude-code",
  "audited_at": "2026-05-20T15:30:00.000Z",
  "summary": {
    "files_scanned": 4,
    "total_findings": 7,
    "by_severity": {
      "critical": 1,
      "high": 2,
      "medium": 3,
      "low": 1
    }
  },
  "findings": [
    {
      "path": ".claude/hooks/deploy.sh",
      "line": 23,
      "severity": "critical",
      "category": "secret",
      "message": "Hardcoded Anthropic API key",
      "matched": "sk-ant-api03-Abc...",
      "context": "ANTHROPIC_API_KEY=sk-ant-api03-Abc..."
    }
  ]
}

Each finding includes file path, line number, severity, category, the matched string, and surrounding context.

Severity scale

Severity	Examples	Action
🔴 Critical	Hardcoded API keys / tokens / private keys	Rotate immediately, never commit
🟠 High	Prompt-injection patterns, `rm -rf $HOME`, `curl \| sh`, JWT in code	Fix before merging
🟡 Medium	`chmod 777`, `eval $var`, suspicious outbound URLs	Review and remediate
⚪ Low	TODO comments in security-sensitive files	Optional cleanup

Pricing

Pay-per-event model on Apify:

First audit: free trial
Per-audit rate: $0.25 per repo audit
What you get: JSON findings + Markdown report + 7-day result retention

Need a full team audit + remediation PR? See the author's $499 Custom Hook Development service at landing-ianymu.vercel.app.

FAQ

Does this Actor have false positives?

Yes — particularly on the "prompt-injection" patterns. A doc that explains the pattern (e.g., "do NOT use --dangerously-skip-permissions") will trigger. Review every finding before acting.

Does this scan private repos?

Not directly. For private repos, paste the contents into the claudeMdContent / hooksDirContent textareas. The Actor only sees what you paste; it does not store inputs outside the run's transient storage.

What about the `bypass-permissions` flag — is that always bad?

It loses Claude Code's per-tool approval prompts, which is the primary safety layer for autonomous agents. The Actor flags it because most users don't know they're enabling it. There are legitimate uses (sandboxed CI environments), but they should be explicit.

Why is this important now?

CLAUDE.md and .claude/hooks/* are the only files that determine what Claude Code does autonomously on your machine. As skill/plugin distribution accelerates, you're going to install other people's configs. Scanning them is the same hygiene as scanning package.json for known vulnerabilities — and almost nobody does it yet.

Support

Issues / feature requests: open in the Issues tab on the Apify console for this Actor.

Built by Ian Mu — github.com/ianymu — also author of verify-before-stop, the open-source Claude Code Stop hook against false completion claims.

Financial Crime Screening MCP Server

ryanclinton/financial-crime-screening-mcp

AML/CFT composite screening intelligence via the Model Context Protocol. This MCP server orchestrates 13 data sources for sanctions checks, criminal watchlist scans, PEP influence analysis, corporate shell detection, financial institution verification, and proximity-to-crime scoring.

Ryan Clinton

Competitive Digital Intelligence MCP Server

ryanclinton/competitive-digital-intelligence-mcp

Multi-signal digital competitive analysis intelligence for AI agents via the Model Context Protocol.

Ryan Clinton

NPM Vulnerability Checker

automation-lab/npm-vulnerability-checker

Check npm packages for known vulnerabilities via OSV.dev API. Input package names with optional versions — get CVE IDs, severity (CRITICAL/HIGH/MEDIUM/LOW), affected ranges, and fix versions. No proxy needed.

Stas Persiianenko

CVE Vulnerability Lookup (NIST NVD)

automation-lab/cve-vulnerability-lookup

Query the NIST NVD for CVE details — lookup by CVE ID, keyword, or CPE product. Returns CVSS scores, descriptions, CWE IDs, affected software, and patch links. No API key required.

Stas Persiianenko

SEC EDGAR Intel - 8-K Triggers, Form 4 Patterns, Form D Funding

seibs.co/sec-edgar-intel

SEC filings intelligence. 8-K trigger classifier (M&A/exec-change/going-concern/etc), Form 4 insider patterns (cluster buys, unusual size), 13F position tracker, Form D startup raises, earnings transcript extraction. For hedge funds, fintech, due diligence, journalists.

Seibs.co

Instagram Scraper Pro

red.cars/instagram-scraper-pro

Extract Instagram profiles, posts, stories, hashtags, and engagement metrics. Influencer research and social media analytics without an API key.

AutomateLab

118

1.0

(1)

URL Shortener Expander

automation-lab/url-shortener-expander

This actor takes any list of shortened or redirecting URLs and follows each redirect step by step to reveal the final destination URL. It returns the complete redirect chain, redirect count, final status code, and final domain. Use it for link analysis, security verification, or marketing...

Stas Persiianenko

Hex.pm Elixir & Erlang Package Registry Scraper

parseforge/hex-elixir-packages-scraper

Browse and search the Hex.pm registry of Elixir and Erlang packages. Filter by search query, sort by recency, downloads, or alphabetical, and pull versions, dependencies, licenses, and download counts per package.