# CLAUDE.md Security Auditor — Scan AI Agent Configs (`ianymu/claudemd-security-auditor`) Actor Scan any GitHub repo's CLAUDE.md + .claude/hooks/\* for hardcoded secrets, prompt-injection patterns, destructive commands, and AI-agent security antipatterns. Free triage, paid full audit. - **URL**: https://apify.com/ianymu/claudemd-security-auditor.md - **Developed by:** [Yanlong Mu](https://apify.com/ianymu) (community) - **Categories:** AI, Developer tools - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing Pay per usage This Actor is paid per platform usage. The Actor is free to use, and you only pay for the Apify platform usage, which gets cheaper the higher subscription plan you have. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-usage ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ## CLAUDE.md Security Auditor > **Scan any AI agent project's CLAUDE.md, settings, and hooks for security antipatterns — secrets, prompt-injection, destructive commands, exfil channels.** ### What does this Actor do? This Actor takes a GitHub repository URL (or pasted CLAUDE.md content) and produces a security audit report flagging: - **Hardcoded secrets**: Anthropic / OpenAI / GitHub / AWS / Supabase / Slack tokens that should be env vars - **Prompt-injection vectors**: `bypass-permissions`, `--dangerously-skip-permissions`, "ignore previous instructions" patterns - **Destructive command exec**: `rm -rf $HOME`, `sudo rm`, `curl | sh`, `eval $var` in hook scripts - **Permission antipatterns**: `chmod 777`, world-writable assets - **Exfiltration channels**: outbound `curl` / `wget` to dynamic webhook endpoints (`webhook.site`, `requestbin`, `ngrok`) Output: structured JSON findings + downloadable Markdown report ranked by severity (critical/high/medium/low). ### Why use this Actor? CLAUDE.md and `.claude/hooks/*` are the new attack surface. Anyone who can edit them controls what Claude Code does on the user's machine. The 2026 trend of "agent skills marketplaces" + "plugin distribution" means **you're going to be installing other people's CLAUDE.md and hooks** — and most of them aren't audited. **Use cases:** - **Pre-install audit**: scan a community CLAUDE.md / plugin / skill before installing it locally - **CI/CD gate**: run this Actor on every PR that touches `CLAUDE.md` or `.claude/` - **Team standardization**: audit all repos in your org for AI-agent hygiene - **Personal hygiene**: scan your own configs to catch the time you committed a `sk-ant-` token by accident ### How to use 1. Paste a GitHub repo as `owner/repo` (e.g. `anthropics/claude-code`) into the **GitHub repo** field, OR paste your `CLAUDE.md` content into the textarea 2. (Optional) Paste concatenated hook scripts into the second textarea 3. Click **Start** 4. View results in the **Output** tab, or download the full Markdown report from the **Storage** tab → Key-Value Store → `security-report.md` ### Input - **`githubRepo`** — `owner/repo` format. Public repos only (no GitHub auth needed; rate-limited to 60 req/hour from anonymous IPs) - **`claudeMdContent`** — paste CLAUDE.md content directly (use if your repo is private) - **`hooksDirContent`** — paste concatenated hook scripts for additional scanning ### Output ```json { "repo": "anthropics/claude-code", "audited_at": "2026-05-20T15:30:00.000Z", "summary": { "files_scanned": 4, "total_findings": 7, "by_severity": { "critical": 1, "high": 2, "medium": 3, "low": 1 } }, "findings": [ { "path": ".claude/hooks/deploy.sh", "line": 23, "severity": "critical", "category": "secret", "message": "Hardcoded Anthropic API key", "matched": "sk-ant-api03-Abc...", "context": "ANTHROPIC_API_KEY=sk-ant-api03-Abc..." } ] } ```` Each finding includes file path, line number, severity, category, the matched string, and surrounding context. ### Severity scale | Severity | Examples | Action | |---|---|---| | 🔴 Critical | Hardcoded API keys / tokens / private keys | Rotate immediately, never commit | | 🟠 High | Prompt-injection patterns, `rm -rf $HOME`, `curl \| sh`, JWT in code | Fix before merging | | 🟡 Medium | `chmod 777`, `eval $var`, suspicious outbound URLs | Review and remediate | | ⚪ Low | TODO comments in security-sensitive files | Optional cleanup | ### Pricing Pay-per-event model on Apify: - **First audit**: free trial - **Per-audit rate**: $0.25 per repo audit - **What you get**: JSON findings + Markdown report + 7-day result retention Need a **full team audit + remediation PR**? See the author's $499 Custom Hook Development service at landing-ianymu.vercel.app. ### FAQ #### Does this Actor have false positives? Yes — particularly on the "prompt-injection" patterns. A doc that *explains* the pattern (e.g., "do NOT use --dangerously-skip-permissions") will trigger. Review every finding before acting. #### Does this scan private repos? Not directly. For private repos, paste the contents into the `claudeMdContent` / `hooksDirContent` textareas. The Actor only sees what you paste; it does not store inputs outside the run's transient storage. #### What about the `bypass-permissions` flag — is that always bad? It loses Claude Code's per-tool approval prompts, which is the primary safety layer for autonomous agents. The Actor flags it because most users don't know they're enabling it. There are legitimate uses (sandboxed CI environments), but they should be explicit. #### Why is this important now? `CLAUDE.md` and `.claude/hooks/*` are the **only** files that determine what Claude Code does autonomously on your machine. As skill/plugin distribution accelerates, you're going to install other people's configs. Scanning them is the same hygiene as scanning `package.json` for known vulnerabilities — and almost nobody does it yet. ### Support Issues / feature requests: open in the **Issues** tab on the Apify console for this Actor. Built by Ian Mu — github.com/ianymu — also author of [`verify-before-stop`](https://github.com/ianymu/claude-verify-before-stop), the open-source Claude Code Stop hook against false completion claims. # Actor input Schema ## `githubRepo` (type: `string`): Format: owner/repo (e.g. anthropics/claude-code). Pulls CLAUDE.md + .claude/settings.json + .claude/hooks/\* and scans them. ## `claudeMdContent` (type: `string`): If you don't want to give a public repo, paste your CLAUDE.md here. ## `hooksDirContent` (type: `string`): Optional: paste .claude/hooks/\* scripts concatenated for additional scanning. ## Actor input object example ```json { "githubRepo": "anthropics/claude-code" } ``` # Actor output Schema ## `results` (type: `string`): No description # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "githubRepo": "anthropics/claude-code" }; // Run the Actor and wait for it to finish const run = await client.actor("ianymu/claudemd-security-auditor").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "githubRepo": "anthropics/claude-code" } # Run the Actor and wait for it to finish run = client.actor("ianymu/claudemd-security-auditor").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "githubRepo": "anthropics/claude-code" }' | apify call ianymu/claudemd-security-auditor --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=ianymu/claudemd-security-auditor", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "CLAUDE.md Security Auditor — Scan AI Agent Configs", "description": "Scan any GitHub repo's CLAUDE.md + .claude/hooks/* for hardcoded secrets, prompt-injection patterns, destructive commands, and AI-agent security antipatterns. Free triage, paid full audit.", "version": "0.0", "x-build-id": "dzfFGQ32x1cRgAc9b" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/ianymu~claudemd-security-auditor/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-ianymu-claudemd-security-auditor", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/ianymu~claudemd-security-auditor/runs": { "post": { "operationId": "runs-sync-ianymu-claudemd-security-auditor", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/ianymu~claudemd-security-auditor/run-sync": { "post": { "operationId": "run-sync-ianymu-claudemd-security-auditor", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "properties": { "githubRepo": { "title": "GitHub repo to audit", "type": "string", "description": "Format: owner/repo (e.g. anthropics/claude-code). Pulls CLAUDE.md + .claude/settings.json + .claude/hooks/* and scans them." }, "claudeMdContent": { "title": "OR: Paste CLAUDE.md content directly", "type": "string", "description": "If you don't want to give a public repo, paste your CLAUDE.md here." }, "hooksDirContent": { "title": "OR: Paste hook scripts concatenated", "type": "string", "description": "Optional: paste .claude/hooks/* scripts concatenated for additional scanning." } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```