npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@clawaudit/cli

v1.0.3

Published

Static security auditor for AI agent configs — CLAUDE.md, .mcp.json, .cursorrules. Compound threat detection, OWASP mapping, SARIF output.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

4worlds4worlds

Keywords

securityai-agentstatic-analysisclaudemcpopenclawllm-securitysarifowaspagent-securityclaude-codemcp-server

Readme

ClawAudit

Security gate for AI agent configs. Scans CLAUDE.md, .mcp.json, .cursorrules, and other agent config files for dangerous permissions, credential leaks, and compound threats — SARIF-native, offline, zero dependencies.

npx @clawaudit/cli scan .

What It Does

CLAUDE.md
  🔴 20/100 Dangerous  claude

  Compound Threats
    CRITICAL Reads local files AND sends data to external servers  LLM02,LLM06
             capabilities: file_read + network_out
    CRITICAL Accesses system credential store AND sends externally  LLM02
             capabilities: credential_store + network_out

  Permission Integrity
    HIGH     Makes network requests but does not declare curl/wget
    MEDIUM   Performs file operations but does not declare file-accessing binaries

  Findings
    CRITICAL Accesses AWS credentials file [prose/instruction] LLM02
    HIGH     Accesses cloud provider credentials [prose/instruction] LLM06

.mcp.json
  🔴 23/100 Dangerous  mcp

  Compound Threats
    CRITICAL Hardcoded credentials in config AND network transport  LLM02,LLM03

════════════════════════════════════════════════════════════
Cross-File Trust Trace
2 nodes, 4 edges, 9 combined capabilities
    CRITICAL [credential flow] Hardcoded credentials in MCP server
             "remote-tools" sent to remote endpoint
    HIGH     [capability escalation] CLAUDE.md does not surface
             "dangerous_command" but MCP server deployer grants it
    HIGH     [remote tool delegation] Tool responses from remote
             MCP server are not integrity-verified

Install

npx @clawaudit/cli scan .          # Run without installing
npm install -g @clawaudit/cli      # Or install globally

Requires Node.js 18+. Zero runtime dependencies.

Usage

# Scan current directory (auto-discovers config files)
clawaudit scan .

# Scan specific files
clawaudit scan CLAUDE.md .mcp.json

# Output formats
clawaudit scan . --format json
clawaudit scan . --format sarif     # GitHub Code Scanning, VS Code SARIF Viewer

# Filter by severity
clawaudit scan . --severity high    # Only show high+ findings

Exit codes: 0 clean, 1 findings detected, 2 critical/dangerous.

What It Scans

| Format | File | What | |--------|------|------| | Claude Code | CLAUDE.md | Project instructions — implicit permissions, MCP tool refs, file paths | | MCP Config | .mcp.json, claude_desktop_config.json | Server definitions, credentials, transport risks | | OpenClaw | SKILL.md | Agent skills with YAML frontmatter | | Cursor | .cursorrules | Editor rule files |

When multiple formats are found in the same directory, cross-file trust tracing connects them — detecting capability escalation, credential flows, and trust boundary violations that are invisible when scanning files individually.

Detection

Zone-Aware Analysis

Parses markdown into semantic zones (code blocks, prose, security docs, frontmatter). Pattern matches in code blocks get full severity. Matches in documentation about threats get suppressed. This kills false positives from security tutorials and "don't do this" warnings.

196 Detection Patterns

Code execution, shell injection, obfuscation, network access, credential access, filesystem operations, prompt injection, agent manipulation. Unicode confusable normalization catches homoglyph evasion.

20 Compound Threat Rules

Flags dangerous capability combinations:

  • file_read + network_out = data exfiltration
  • credential_access + network_out = credential theft
  • network_out + dynamic_eval = remote code execution
  • credential_in_config + network_out = exposed credentials
  • agent_memory + network_out = memory exfiltration

Permission Integrity

Compares declared permissions against actual capabilities in code. Catches undeclared network access, credential usage, over-declared binaries, and opaque runtime dependencies.

OWASP LLM Top 10 Mapping

Every finding, compound threat, and integrity issue is mapped to OWASP Top 10 for LLM Applications (2025). SARIF output includes OWASP tags for integration with security dashboards.

Cross-File Trust Tracing

When CLAUDE.md and .mcp.json are scanned together:

  • Capability escalation — MCP servers grant powers the CLAUDE.md doesn't surface
  • Credential flows — traces how secrets move across config boundaries
  • Remote delegation — flags non-localhost MCP servers with unverified tool responses
  • Phantom tools — CLAUDE.md references MCP tools with no backing config

Output Formats

Text (default)

Human-readable terminal output with ANSI colors. Respects NO_COLOR.

JSON (--format json)

Machine-readable report with trust scores, findings, compound threats, capabilities, and trust trace.

SARIF (--format sarif)

SARIF v2.1.0 for:

  • GitHub Code Scanning (upload via github/codeql-action/upload-sarif)
  • VS Code SARIF Viewer extension
  • Azure DevOps

Scoring

| Dimension | Weight | What | |-----------|--------|------| | Security | 50% | Pattern findings + compound threats + permission integrity | | Transparency | 25% | Trust signals, declared vs actual alignment | | Maintenance | 25% | Versioning, documentation, package structure |

Trust tiers: Trusted (80+), Caution (60-79), Risky (35-59), Dangerous (<35).

Hard caps: critical compound threats or 3+ critical findings cap the score regardless of other dimensions.

Architecture

cli.js                    CLI entry point, file discovery, output formatting
src/
  analyzer.js             Zone-aware scanner, multi-format dispatch, scoring
  zones.js                Markdown zone parser, capability extractor
  compounds.js            Compound threat detection (20 rules)
  permissions.js          Permission risk classification + integrity checking
  owasp.js                OWASP LLM Top 10 (2025) mapping
  trust.js                Cross-file trust tracing
  report.js               Report formatter, scoring, human summaries
  fetcher.js              ClawHub/GitHub skill fetcher (for API mode)
  index.js                Cloudflare Worker entry point (API mode)
  formats/
    detect.js             Auto-detection (skill/claude/mcp)
    skill.js              SKILL.md YAML frontmatter parser
    claude.js             CLAUDE.md implicit permission extractor
    mcp.js                MCP config parser, credential scanning
  output/
    sarif.js              SARIF v2.1.0 output generator

CI Integration

# .github/workflows/clawaudit.yml
name: ClawAudit
on: [push, pull_request]
jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: '20' }
      - run: npx @clawaudit/cli scan . --format sarif > clawaudit.sarif
      - uses: github/codeql-action/upload-sarif@v3
        with: { sarif_file: clawaudit.sarif }
        if: always()

API

ClawAudit also runs as a hosted API on Cloudflare Workers:

# Scan a ClawHub skill by slug
curl https://api.clauwdit.4worlds.dev/audit/agentmail

# Paste raw config content
curl -X POST https://api.clauwdit.4worlds.dev/audit \
  -H 'Content-Type: application/json' \
  -d '{"content": "# My CLAUDE.md\n\nRun `curl` to fetch data...", "filename": "CLAUDE.md"}'

# One-liner format
curl https://api.clauwdit.4worlds.dev/audit/agentmail?format=oneliner

License

BSL 1.1 — free to use for scanning your own projects, CI/CD, internal use, research, and education. Converts to Apache 2.0 on 2030-03-17. See LICENSE for details.