What does the Audit Settings skill check for?

It scans for JSON syntax errors, schema compliance, insecure sandbox settings, environment variable misconfigurations, and accidentally exposed API keys or credentials.

Does this work on both Windows and Mac/Linux?

Yes, the skill is cross-platform and correctly identifies settings file locations for both Unix-based systems (~/.claude/) and Windows (%USERPROFILE%\.claude\).

How does it prevent false positives in security reports?

The skill includes an audit-finding-validator agent that reviews findings to verify their accuracy and filters out false positives before they are presented in the final report.

Can I audit specific scopes like only the project settings?

Yes, you can use arguments like 'project' or 'user' to limit the audit scope, or use 'all' to check every discoverable settings file.

Where are the audit results saved?

All detailed results, scores, and security alerts are written to .claude/audit/settings.md for easy review and historical tracking.

Audit Settings

Name: Audit Settings
Author: melodic-software

bymelodic-software

•

Security & Testing

Audits Claude Code configuration files for security vulnerabilities, schema compliance, and sensitive information exposure.

The Audit Settings skill provides a robust framework for validating Claude Code settings.json files across project and user scopes. It automatically detects configuration errors, ensures adherence to security best practices, and identifies exposed API keys or credentials before they can be committed to version control. By utilizing a multi-stage process involving subagents and an intelligent validation phase to minimize false positives, this skill helps maintain a secure, compliant, and standardized development environment for Claude-powered workflows.

Key Features

01Deep scanning of settings.json for security risks and exposed secrets

02Multi-scope auditing across project, user, and plugin directories

03Advanced validation logic to filter out false-positive findings

04Comprehensive audit logging with detailed remediation guidance

0538 GitHub stars

06Automated JSON syntax and schema compliance validation

Use Cases

01Troubleshooting syntax errors or schema violations in complex Claude Code setups

02Verifying configuration security before pushing a project to a public repository

03Standardizing developer settings across a team to ensure consistent AI behavior

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add melodic-software/claude-code-plugins audit-settings

For use in Claude.ai and ChatGPT

Download Skill