From variant-analysis
Finds similar vulnerabilities in the codebase by analyzing the current bug pattern using conversation context. Leverages grep, glob, and shell tools to locate variants.
How this command is triggered — by the user, by Claude, or both
Slash command
/variant-analysis:variants (uses conversation context for bug pattern)This command is limited to the following tools:
The summary Claude sees in its command listing — used to decide when to auto-load this command
# Find Vulnerability Variants **Arguments:** $ARGUMENTS This command is context-driven. Use conversation context to understand: 1. The original bug/vulnerability that was found 2. The codebase to search If context is unclear, ask for a description of the original vulnerability. Invoke the `variant-analysis` skill for the full workflow.
Arguments: $ARGUMENTS
This command is context-driven. Use conversation context to understand:
If context is unclear, ask for a description of the original vulnerability.
Invoke the variant-analysis skill for the full workflow.
14plugins reuse this command
First indexed Jan 29, 2026
Showing the 6 earliest of 14 plugins
npx claudepluginhub pcanwar/skills --plugin variant-analysis/variantsFinds similar vulnerabilities in the codebase by analyzing the current bug pattern using conversation context. Leverages grep, glob, and shell tools to locate variants.
/propagateFinds all instances of a vulnerability pattern throughout the codebase from a description or file:line reference using grep searches.
/cross-pollinateExtracts vulnerability pattern from confirmed finding, searches similar packages via npm/GitHub, filters and ranks top candidates by match likelihood, proposes for targeted hunts.
/review-securityOrchestrates security scanners (gitleaks, semgrep, etc.) with AI-powered triage to reduce false positives, explain exploitability, and suggest fixes. Analyzes git diffs or specified files.
/security-scanRuns a full static security audit on a file or directory, reporting exploitable vulnerabilities with severity, CWE, and remediation snippets.
/securityScans code for exposed secrets and vulnerabilities via the github-autopilot MCP server, reporting risk level, severity, and fixes with redacted secrets.