npx claudepluginhub melodic-software/claude-code-plugins --plugin claude-ecosystemWant just this skill?
Add to a custom plugin, then install with one command.
Audit Claude Code settings.json files for quality, compliance, and security. Use to validate configuration before deployment or check for exposed secrets.
This skill is limited to using the following tools:
Audit Settings Command
Audit Claude Code settings.json files for quality, compliance, and security.
Initialization
Before auditing, initialize the environment:
Get the current UTC date, capture the project root path, ensure the temp directory exists, and clean up stale audit files. The settings-management skill provides authoritative validation guidance (auto-loaded when this command runs).
What Gets Audited
- JSON syntax validity
- Schema compliance (valid settings options)
- Permission rules configuration
- Sandbox settings
- Environment variable configuration
- Security (no exposed secrets)
Command Arguments
| Argument | Description |
|---|---|
| (none) | Audit all discoverable settings files |
project | Only audit .claude/settings.json |
user | Only audit ~/.claude/settings.json |
all | Audit all scopes explicitly |
--force | Audit regardless of modification status |
--skip-validation | Skip finding validation (faster, but may include false positives) |
Step 1: Discover Settings Files
Check project settings (.claude/settings.json), user settings (~/.claude/settings.json on Unix, %USERPROFILE%\.claude\settings.json on Windows), and plugin settings in marketplace repos.
Step 2: Parse Arguments
Parse scope selector and --force flag. Filter files to match requested scope.
Step 3: Present Audit Plan
Display mode, files discovered, and list with scope and last modified date.
Step 4: Execute Audits
For each file, spawn the settings-auditor subagent with scope, path, and last audit date. Run in parallel when multiple exist.
Subagents write findings to .claude/temp/. The main conversation thread collects results and updates audit logs using its Write/Edit tools.
Step 4.5: Validate Findings
Unless --skip-validation flag is present:
- Spawn the
audit-finding-validatoragent with:project_root: The captured project root pathaudit_type: "settings"audit_files: List of.claude/temp/audit-*-settings-*.jsonfile paths
- Wait for validation to complete
- Read updated JSON files with validation results
- Filter out FALSE_POSITIVE findings completely before aggregation
- Note: Filtered findings are logged to
.claude/temp/audit-filtered-findings.json
If --skip-validation flag is present:
- Skip validation phase entirely (current speed preserved)
- Present all findings without filtering
- Note in summary: "Validation: Skipped"
Step 5: Final Summary
Report total audited by scope, results, and details table. List security alerts with remediation.
Include validation statistics (if validation was performed):
- Validation performed: Yes/No
- Findings validated: X
- False positives filtered: Y
- Verified findings: Z
- Unverified findings: W
Security Considerations
| Scope | Credentials Found | Result |
|---|---|---|
| Project | Yes | CRITICAL - version controlled |
| User | Yes | WARNING - not version controlled |
Project settings should NEVER contain API keys or tokens (version controlled).
Cross-Platform Paths
| Platform | User Settings |
|---|---|
| Unix | ~/.claude/settings.json |
| Windows | %USERPROFILE%\.claude\settings.json |
Audit Log Location
All audit results are written to .claude/audit/settings.md.
Use /audit-log settings to view current audit status.
Example Usage
Example 1: Audit All Settings Files
User: /audit-settings
Claude: Discovering settings files...
## Audit Plan
**Mode**: SMART
**Files discovered**: 2
1. [project] .claude/settings.json
2. [user] ~/.claude/settings.json
[Spawns settings-auditor subagents]
## Audit Complete
| Scope | File | Result | Score |
| --- | --- | --- | --- |
| project | .claude/settings.json | PASS | 100/100 |
| user | ~/.claude/settings.json | PASS | 98/100 |
Example 2: Audit Project Only
User: /audit-settings project
Claude: Auditing project settings...