What it does

Audits `.mcp.json` and Claude Code MCP config files across a workspace for plaintext secrets, hardcoded API keys (instead of `${VAR}` interpolation), suspicious npx…

How it arrives

You don't install skills one by one. ClevskillSetup installs the whole curated pack, wires the safety hooks, and verifies each skill actually runs on your machine. The weekly health scan re-checks it from then on, and repairs route through your approval.

Setup

No setup needed. It works as soon as the pack is installed; no accounts, no API keys, nothing leaves your machine.

Invoke it

In Claude Code or Claude Cowork, just ask in plain language; skills trigger on intent. Things people say that make this skill run:

you: audit my mcp configs
you: check .mcp.json
you: scan mcp for secrets
claude: [mcp-config-auditor runs, result returned with full audit log]

Part of the security suite: it runs automatically where it applies, fails closed on errors, and never sends your content anywhere.