cc-safe banner
ykdojo ykdojo

cc-safe

Development community intermediate
SOURCE https://github.com/ykdojo/cc-safe

Description

Security scanner for Claude Code settings files. Recursively scans all subdirectories for dangerous patterns in your approved commands that could compromise your host machine. You can run it manually or ask Claude Code to run it with `npx cc-safe .`

Installation

Terminal
claude install-skill https://github.com/ykdojo/cc-safe

README

cc-safe

Security scanner for Claude Code settings files. Recursively scans all subdirectories for dangerous patterns in your approved commands that could compromise your host machine. You can run it manually or ask Claude Code to run it with `npx cc-safe .`

Motivation

A user [reported on Reddit](https://www.reddit.com/r/ClaudeAI/comments/1pgxckk/claude_cli_deleted_my_entire_home_directory_wiped/) that Claude Code ran `rm -rf tests/ patches/ plan/ ~/` - that trailing `~/` wiped their entire home directory.

It's easy to dismiss this as a "vibe coder" mistake, but when you're approving dozens of commands across multiple projects, mistakes happen. The permission prompt becomes muscle memory, and one bad approval can be catastrophic.

cc-safe automates what's hard to do manually: scan all your approved commands across all projects and flag the dangerous ones before they cause damage.

Installation

npm install -g cc-safe

Usage

cc-safe  [options]

Examples

cc-safe .                  # Scan current directory and all subfolders
cc-safe ~/projects         # Scan a specific directory recursively
cc-safe . --no-low         # Hide LOW severity findings
cc-safe --help             # Show help

Options

Option Description
--no-low Hide LOW severity findings (show only HIGH and MEDIUM)
--help, -h Show help message

What It Detects

cc-safe scans `.claude/settings.json` and `.claude/settings.local.json` files for risky patterns in the `permissions.allow` array.

Severity Levels

**HIGH** - Critical security risks:

    undefined

...

Related Skills

next.js preview

next.js

| The React Framework | 138360 | 1503 | 1 |

vercel Development community
sharing-skills preview

sharing-skills

skill for guidance.

obra Development community
root-cause-tracing preview

root-cause-tracing

Use when errors occur deep in execution and you need to trace back to find the original trigger.

obra Development community
Template Skill preview

Template Skill

Minimal skeleton for a new skill project structure.

anthropics Development community
Third-party Notices preview

Third-party Notices

THE FOLLOWING SETS FORTH ATTRIBUTION NOTICES FOR THIRD PARTY SOFTWARE THAT MAY BE CONTAINED IN PORTIONS OF THIS PRODUCT. ---

Anthropic Development official
Claude API preview

Claude API

When code imports anthropic/@anthropic-ai/sdk/claude_agent_sdk, or user asks to use Claude API

Build apps with the Claude API or Anthropic SDK

Anthropic Development official

Related Agents

Openai Codex CLI

(55.8k ⭐) - Lightweight coding agent that runs in your terminal.

Development agent

Contributing to nanobot

Thank you for being here. nanobot is built with a simple belief: good tools should feel calm, clear, and humane. We care deeply about useful features, but we also believe in achieving more with less:

Development agent

Key exports from each phase

for summary in .planning/phases/*/*-SUMMARY.md; do echo "=== $summary ===" grep -A 10 "Key Files\|Exports\|Provides" "$summary" 2>/dev/null done

Development agent