By dgalarza
Perform expert security code reviews on Rails and React applications using OAuth, assessing vulnerabilities, threat modeling, authentication, API security, cryptography, and delivering remediation guidance with secure implementation advice.
npx claudepluginhub dgalarza/claude-code-workflows --plugin cybersecurity-reviewerA collection of skills, agents, and workflows for Claude Code.
YouTube | Newsletter | Blog
Via npx (skills only):
npx skills add dgalarza/claude-code-workflows --skill "tdd-workflow"
Via Claude marketplace (skills, agents, bundles):
/plugin marketplace add dgalarza/claude-code-workflows
/plugin install tdd-workflow@dgalarza-workflows
See INSTALL.md for full details.
Does your codebase support AI agent work — or fight against it?
The Codebase Readiness plugin scores your repo across 8 dimensions (0-100) and tells you exactly where you stand — framed against teams shipping 1,000+ AI-generated PRs per week.
/plugin install codebase-readiness@dgalarza-workflows
/codebase-readiness
You get a band rating (Agent-Ready → Not Agent-Ready), a concrete improvement roadmap, and an optional saved report to share with your team. Not opinions — evidence gathered from your actual codebase.
Once you have your score, the agent-ready plugin fixes the documentation gaps automatically: CLAUDE.md, ARCHITECTURE.md, and docs/ structure following progressive disclosure patterns.
Learn more → | See the full assessment details | Get the Agent-Ready Codebase Playbook | Want help improving your score?
| Skill | Description |
|---|---|
| Codebase Readiness | Score your repo's readiness for autonomous AI agent work |
| Agent Ready | Fix documentation gaps: scaffold CLAUDE.md, ARCHITECTURE.md, and docs/ |
| TDD Workflow | Test-driven development, one test at a time |
| Conventional Commits | Structured commit messages |
| Parallel Code Review | Multi-agent code reviews |
| Meeting Transcript | Process transcripts into structured notes |
| Gridfinity Planner | 3D printing baseplate planning |
| Agent | Description |
|---|---|
| Cybersecurity Reviewer | Security analysis and threat modeling |
| Bundle | Description |
|---|---|
| Rails Toolkit | Complete Rails workflow with TDD, reviews, Linear integration |
If this helped you, give it a star — it helps others find it.
| Tip | Description |
|---|---|
| Use Worktrees for Parallel Agents | Run multiple Claude Code agents on the same codebase without conflicts |
| Customize Your Status Bar | Configure the status bar to show model, tokens, and more |
| Compact Context Proactively | Keep Claude effective by compacting at the right times |
| Structure Your CLAUDE.md Files | Give Claude the project context it needs |
| Use Subagents for Focused Tasks | Spawn specialized subagents for reviews, research, and more |
| MCP Servers Worth Installing | Linear, Memory, and Sentry integrations |
| Plugins Worth Installing | Claudit configuration auditor and more |
| Skills Worth Installing | Frontend Design, Remotion video creation, and more |
Found a bug? Have a workflow to share? PRs welcome.
MIT
Built by Damian Galarza - Former CTO, 15+ years in software. I make videos about Claude Code and AI development workflows.
Security skills for vibe coding — pre-coding security assessment, code vulnerability review, and threat modeling. Works without any MCP server or Jira/Confluence setup.
Uses power tools
Uses Bash, Write, or Edit tools
Share bugs, ideas, or general feedback.
Specialized security review subagent
AI-powered cybersecurity code review with 8 specialist agents, OWASP Top 10:2021, CWE Top 25:2024, MITRE ATT&CK v15, and framework-aware false-positive suppression
Agents specialized in security engineering and threat mitigation. Focuses on secure architecture, vulnerability assessment, and compliance.
Security best practices advisor with vulnerability detection and fixes
Expert code review specialist. Proactively reviews code for quality, security, and maintainability. Use immediately after writing or modifying code.