rigscore v0.1.0
Why this exists
AI coding tools ship fast and configure loose. Claude Code, Cursor, Windsurf â they all read your filesystem, execute commands, and call APIs. Most developers set them up once and never look at the configuration again.
rigscore checks the things that matter and gives you a number. No accounts, no telemetry, no network calls. Run it, see the score, fix what’s broken.
What v0.1.0 checks
8 checks, each contributing to a score out of 100:
| Check | What it scans |
|---|---|
| MCP server configuration | Transport type, wildcard env passthrough, filesystem scope |
| CLAUDE.md governance | Governance file existence, forbidden actions, approval gates |
| Secret exposure | .env in .gitignore, API key patterns in configs, file permissions |
| Docker security | Socket mounts, privileged mode, host paths |
| Git hooks | Pre-commit hooks, push URL guards |
| Permissions hygiene | SSH directory/key permissions, world-readable sensitive files |
| Skill file safety | Injection patterns, shell execution, external URLs |
| Container security | Missing user/cap_drop, host network mode |
How it works
| |
Scans the current directory, evaluates each check, prints a score. JSON output available for CI integration with --json.
Every check runs locally. Nothing leaves your machine.
Install
| |
MIT licensed. github.com/Back-Road-Creative/rigscore
Configuration details reflect a production environment at time of writing. Implementation specifics vary based on tooling versions, platform updates, and organizational requirements. Validate approaches against current documentation before deployment.