security-scanning

# Security Scanning ## Overview AgentShield security audit methodology adapted from the Everything Claude Code project. Scans across 5 categories with 102 static analysis rules. ## Scanning Categories ### 1. Secrets Detection (14 Pattern Categories) - AWS access keys (AKIA pattern) - GitHub tokens (ghp_, gho_, ghs_, ghr_) - Generic API keys and bearer tokens - Database connection strings with credentials - Private keys (RSA, EC, SSH) - JWT secrets and signing keys - OAuth client secrets - Slack tokens and webhooks - Cloud provider credentials (GCP, Azure) ### 2. Permission Auditing - File system read/write scope - Network calls and protocols - Process execution (child_process) - File permissions (777, world-writable) - CORS and CSP headers - Docker privilege escalation ### 3. Hook Injection Analysis - Git hooks for command injection - npm lifecycle scripts (preinstall, postinstall) - Claude Code hooks for unsafe patterns - eval()/Function()/dynamic code execution - Unvalidated user input in shell commands ### 4. MCP Risk Profiling - Tool permission inventory - Data exposure risk mapping - Transport security (stdio vs SSE vs HTTP) - Prompt injection via tool descriptions - Rate limiting verification ### 5. Agent Config Review - Model settings integrity - Prompt injection resistance - Tool allowlist scoping - Output validation and sanitization - Information leakage in error messages ## Optional: Red Team Simulation - Attack simulation against found vulnerabilities - Ex...