Engineering
secure-claude-code avatar

secure-claude-code

Monitor Runwall security posture, enabled guardrails, and recent audit logs for Claude Code, Codex, and MCP-based development environments.

Introduction

Runwall is a critical runtime security guardrail system designed for AI-driven coding agents like Claude Code, Codex, and various MCP-based setups. This skill allows users to inspect the health and activity of their security configuration, ensuring that automated coding workflows remain within defined safety boundaries. It provides a direct interface to verify whether the agent's security profile is active, review the currently enforced protection families, and analyze recent security events, blocks, or warnings triggered during development tasks.

  • Perform comprehensive health checks on the security environment using doctor and validation utilities.

  • Inspect the full inventory of enabled protection families, covering areas such as Secrets & Identity, Supply Chain, Git & Source Control, Network & Egress, and Destructive Actions.

  • Retrieve and summarize recent logs, providing visibility into blocked shell commands, unauthorized tool calls, or suspicious MCP requests.

  • Audit repositories and runtime configurations before execution to identify potential risks or drift from the intended 'minimal', 'balanced', or 'strict' security profiles.

  • This tool is intended for developers and security engineers who integrate AI agents into their workflow and need to enforce granular control over agent capabilities.

  • Usage involves invoking the status commands via the skill interface to parse and summarize local agent state files and policy settings.

  • Key inputs include the target security profile and agent runtime identity, while outputs provide actionable insights into the agent's trust-plane, including IPC targets, file system access, and external network interactions.

  • Be aware that logging levels may vary based on the configured profile; ensure that the agent has sufficient read access to the local .runwall state directory to generate accurate reports.

  • Use this for ongoing oversight to prevent data exfiltration, unintended destructive git operations, or unauthorized execution of local scripts and services.

Repository Stats

Stars
14
Forks
1
Open Issues
1
Language
Python
Default Branch
main
Sync Status
Idle
Last Synced
May 4, 2026, 12:40 AM
View on GitHub