Context
-
Agent definitions: !find .claude/agents -name ".md" -not -name "settings"
-
Settings file: !find .claude/agents -maxdepth 1 -name "settings.local.json" -type f
Your task
- Discovery Phase
-
Use Glob to find all agent definition files in .claude/agents/
-
Read each agent file to extract frontmatter and configuration
-
Identify the settings.local.json for permission overrides
- Frontmatter Validation
For each agent, verify required fields are present:
-
✅ name: Agent identifier (must match filename)
-
✅ model: Claude model to use (e.g., "claude-opus-4-5")
-
✅ color: Hex color code for UI (e.g., "#E53E3E")
-
✅ description: Clear usage guidance with "Use proactively when..."
-
✅ tools: Tool list or "All" for full access
Flag issues:
-
Missing required fields
-
Mismatched name vs filename
-
Invalid model names
-
Malformed color codes
- Tool Assignment Analysis
Evaluate tool assignments for security and appropriateness:
Read-only agents (should NOT have write access):
-
research-documentation
-
code-analysis (read only)
-
code-review (read + LSP only)
-
security-audit (read + LSP + Bash for scanning)
Write-enabled agents (appropriate write access):
-
code-refactoring (Edit, MultiEdit)
-
documentation (Write, MultiEdit)
-
cicd-pipelines (Write, Edit, GitHub)
Special privileges (validate necessity):
-
Bash access (security-audit, system-debugging, cicd-pipelines, test-architecture)
-
GitHub access (cicd-pipelines, commit-review)
-
Zen MCP access (system-debugging only)
-
All tools access (should be rare, validate justification)
LSP tool assignments (language-specific):
-
Verify LSP tools match agent's language focus
-
security-audit should have broad LSP coverage (6+ servers)
-
code-review should have multi-language LSP support
-
code-analysis should have appropriate LSP access
- Security Assessment
Check for potential security issues:
Overprivileged agents:
-
Agents with "All" tools without clear justification
-
Read-only agents with write/edit capabilities
-
Unnecessary Bash or GitHub access
-
Research agents with modification permissions
Missing restrictions:
-
settings.local.json should have deny rules for destructive operations
-
Allow list should be minimal and specific
-
No wildcard tool access unless justified
Privilege escalation risks:
-
Agents that can modify other agent configs
-
Agents with both read and execute permissions
-
Cross-agent permission leakage
- Consistency Checks
Validate configuration consistency:
Naming conventions:
-
Agent names use kebab-case
-
Filenames match agent names
-
Descriptions follow consistent format
Model assignments:
-
All agents use appropriate Claude models
-
No deprecated model references
-
Consistent model selection strategy
Tool groupings:
-
Similar agents have similar tool sets
-
No duplicate or redundant tool assignments
-
Clear separation of concerns
- Report Generation
Create comprehensive audit report with:
Executive Summary:
-
Total agents audited
-
Critical issues found
-
Security concerns
-
Overall health rating
Detailed Findings:
-
❌ Critical: Missing required fields, security violations
-
⚠️ Warnings: Overprivileged agents, inconsistencies
-
ℹ️ Info: Best practice suggestions, optimization opportunities
Agent-by-Agent Analysis: For each agent, report:
-
Configuration completeness (✅/❌ for each required field)
-
Tool assignment appropriateness (✅/⚠️/❌)
-
Security assessment (safe/review/risk)
-
Recommendations for improvement
Action Items:
-
Immediate fixes required (with file paths and line numbers)
-
Optional improvements
-
Configuration validation passed/failed
- Output Format
Structure the report as:
Claude Agent Configuration Audit
Executive Summary
- Total Agents: X
- Configuration Issues: Y
- Security Concerns: Z
- Health Rating: [EXCELLENT|GOOD|NEEDS_WORK|CRITICAL]
Critical Issues
[List any critical problems requiring immediate fix]
Agent Analysis Table
| Agent | Model | Tools | Color | Status | Notes |
|---|---|---|---|---|---|
| agent-name | ✅/❌ | ✅/⚠️/❌ | ✅/❌ | PASS/FAIL | Issues |
Security Assessment
[Tool privilege analysis and security concerns]
Recommendations
[Prioritized action items with file paths]
Detailed Findings
[Per-agent breakdown with specific issues]
- Best Practices Reference
Tool access principles:
-
Least privilege principle for tool access
-
Clear separation between read-only and write-enabled agents
-
Appropriate LSP tool coverage for language-specific work
-
Minimal Bash access (only when required)
-
Restricted GitHub access (only for git-ops and CI/CD)
Configuration standards:
-
All required frontmatter fields present
-
Consistent model selections across agents
-
Appropriate tool permissions for agent role
-
Clear descriptions with proactive usage guidance
- Optional: Verbose Mode
If --verbose flag is provided:
-
Show full frontmatter for each agent
-
Display complete tool lists
-
Include settings.local.json content
-
Provide detailed fix commands for each issue
Notes
-
This is a read-only audit - modifications require explicit user request
-
Focus on configuration correctness and security implications
-
Provide actionable recommendations with specific file locations
-
Use TodoWrite to track audit progress if checking multiple agents