rigscore v0.1.0
- #rigscore
- #security
- #ai
- #devtools
- #mcp
- #open-source
Why this exists
AI coding tools ship fast and configure loose. Claude Code, Cursor, Windsurf — they all read your filesystem, execute commands, and call APIs. Most developers set them up once and never look at the configuration again.
rigscore checks the things that matter and gives you a number. Run it, see the score, fix what’s broken.
What v0.1.0 checks
6 checks, each contributing to a score out of 100:
- MCP server configuration — transport type, wildcard env passthrough, filesystem scope
- CLAUDE.md governance — governance file existence, forbidden actions, approval gates
- Secret exposure —
.envin.gitignore, API key patterns in configs, file permissions - Docker security — socket mounts, privileged mode, host paths, missing user/cap_drop, host network mode
- Git hooks — pre-commit hooks, push URL guards
- Skill file safety — injection patterns, shell execution, external URLs
How it works
1npx rigscore
Scans the current directory, evaluates each check, prints a score. JSON output available for CI integration with --json.
Every check runs locally. Nothing leaves your machine.