Plugin

patchman

Name: patchman
Author: muhammedzohaib

By muhammedzohaib

Defensive security audit mode for authorized code review and architecture assessment.

Component Overview

/api-review, /audit-report +7

Commands

Agents

api-review, auth-review +5

Skills

SessionStart, UserPromptSubmit +1

Hooks

MCP Servers

LSP Servers

Output Styles

Install

npx claudepluginhub muhammedzohaib/patchman --plugin patchman

Component Details

Commands (9)

/api-review

Focused review of REST, GraphQL, RPC, and webhook surfaces.

/audit-report

Converts raw findings into an engineering-ready report.

/auth-review

Focused review of authentication, authorization, session, token, and reset flows.

/bizlogic-review

Focused review of business invariants, approval flows, sequencing assumptions, and abuse cases.

/pr-diff-review

Reviews a pull request diff for security regressions.

/query-review

Focused review of ORM usage, raw SQL, N+1 patterns, and tenant scoping in the data-access layer.

/quick-triage

Fast pass over a narrow area when time is constrained.

/security-audit

Runs a full defensive review of a codebase, service, or focused path.

/threat-model

Builds a lightweight threat model for a feature or service.

Skills (7)

api-review

/api-review

Review an authorized API surface for access control, mass assignment, schema validation, rate limiting, SSRF, error leakage, webhook verification, and unsafe defaults. Use for REST, GraphQL, RPC, and webhook handlers.

auth-review

/auth-review

Perform a defensive review of authentication and authorization flows in an authorized codebase. Use for login, session, MFA, OAuth, password reset, cookie security, JWT validation, impersonation, privilege checks, and object-level access control.

business-logic-review

/business-logic-review

Review an authorized application for business-logic vulnerabilities, workflow abuse, approval bypasses, replay conditions, quota circumvention, plan enforcement bugs, and state-transition errors. Use for billing, invites, approvals, refunds, admin actions, and multi-step workflows.

pr-diff-review

/pr-diff-review

Review an authorized pull request diff for security regressions. Use when changes modify trust boundaries, auth logic, data-access scope, file handling, logging, headers, or secrets.

query-review

/query-review

Review an authorized codebase for ORM misuse, N+1 query patterns, authorization-after-fetch bugs, raw SQL risks, cache key collisions, and missing tenant scopes. Use for data-access layers and security-adjacent performance pitfalls.

quick-triage

/quick-triage

Perform a rapid defensive triage on an authorized code area when time is limited. Use to find the most plausible high-impact issues fast, then recommend the next best review target.

security-audit

/security-audit

Conduct authorized defensive security audits of codebases and web applications. Use for broad appsec review across OWASP, authz, business logic, SSRF, XSS, CSRF, injection, file upload, secrets, logging, and tenant isolation. Produces structured findings with severity, confidence, evidence, and safe remediation guidance.

Hooks (1)

Review workflow modifications before installing

Event Hooks

3 hooks across 2 events

README

patchman

Defensive security audit skill pack for agentic code review and web application assessment.

Overview

Patchman is a skill and plugin bundle for authorized security reviews. It operates in read-first, review-first mode — inspecting code and architecture against OWASP and common appsec failure patterns, then producing structured findings with actionable remediation guidance.

Supported agents: Claude Code · Codex · Cursor · Windsurf · Copilot · Gemini-style skill installers

Installation

Claude Code (Recommended)

claude plugin marketplace add https://github.com/MuhammedZohaib/patchman.git
claude plugin install patchman@patchman-marketplace

Restart Claude Code. The session hooks activate automatically.

Verify installation

claude plugin list

Uninstall

claude plugin uninstall patchman@patchman-marketplace

Claude Code — Local Install

git clone https://github.com/MuhammedZohaib/patchman.git
claude plugin marketplace add ./patchman
claude plugin install patchman@patchman-marketplace

Codex — Local Install

git clone https://github.com/MuhammedZohaib/patchman.git
mkdir -p ~/.codex/plugins
cp -R patchman/plugins/patchman ~/.codex/plugins/patchman
codex marketplace add ./patchman

Use ~/.codex/plugins/patchman if you want to point Codex directly at the plugin path.

Use codex marketplace add ./patchman if you want Patchman to appear in Codex marketplace or picker discovery.

Review Modes

Mode	Command
Full security audit	`/security-audit focus=full severity>=medium output=report`
Auth review	`/auth-review area=login,session,reset`
Business logic review	`/bizlogic-review feature=billing-upgrade workflow=invite-approval`
API review	`/api-review surface=public-api include=authz,rate-limit,headers`
ORM / data-access review	`/query-review path=app/models include=n-plus-one,tenant-scope`
PR diff review	`/pr-diff-review base=main head=feature/auth-refactor`
Quick triage	`/quick-triage path=admin/ reason=pre-release`
Threat modeling	`/threat-model feature=file-import`
Audit report	`/audit-report format=engineering-summary`

What Patchman Detects

OWASP Top 10 classes with code-level evidence
Broken authentication, authorization, and session management
IDOR and tenant isolation failures
Business logic gaps and approval bypasses
SSRF, XSS, CSRF, injection, and insecure deserialization
Secret leakage and sensitive data in logs
Unsafe file upload handling
Weak headers, insecure defaults, and risky cryptography
Missing rate limiting and anti-abuse controls
ORM misuse, N+1 query issues, and cross-tenant data access
Admin path, webhook, queue, and background job vulnerabilities

Example Prompts

Full audit

Run a full security audit on this repo. Prioritize broken access control, unsafe defaults,
tenant isolation, secret handling, and exploitable auth issues. Use the Patchman findings format.

Targeted review

Review only the password reset flow. Focus on token lifetime, replay attacks, host header
trust, user enumeration, and session invalidation after reset.

PR review

Audit this pull request as a defensive security reviewer. Flag regressions, rank by severity
and confidence, and suggest minimal safe patches.

Findings Format

Every finding includes:

Evidence — specific code or configuration reference
Severity — based on blast radius and realistic abuse conditions
Confidence — drops when context is incomplete
Remediation — specific enough to implement directly

Scope and Limitations

Patchman is for authorized defensive auditing only.

In scope: secure code review, architecture review, configuration review, exploitability analysis in plain language, remediation planning

Out of scope: unauthorized intrusion, exploit weaponization, credential harvesting, malware or persistence guidance, destructive payloads, live attack chains

Patchman infers risk from static code and configuration. It does not replace runtime validation and will request missing deployment, proxy, or identity-boundary context when evidence is insufficient.

Repository Structure

patchman/
├── .claude-plugin/
├── .agents/plugins/
├── commands/
├── docs/
├── evals/
├── hooks/
├── plugins/patchman/
├── rules/
├── skills/
└── patchman.skill

Contributing

View full README on GitHub

Similar Plugins

everything-claude-code

Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, rules, and legacy command shims evolved over 10+ months of intensive daily use

Stats

Version1.0.0

Stars1

MaintenanceExcellent

AddedApr 16, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Available In

patchman-marketplace1

patchman

Defensive security audit skill pack for agentic code review and web application assessment.

Overview

Supported agents: Claude Code · Codex · Cursor · Windsurf · Copilot · Gemini-style skill installers

Installation

Claude Code (Recommended)

claude plugin marketplace add https://github.com/MuhammedZohaib/patchman.git
claude plugin install patchman@patchman-marketplace

Restart Claude Code. The session hooks activate automatically.

Verify installation

claude plugin list

Uninstall

claude plugin uninstall patchman@patchman-marketplace

Claude Code — Local Install

git clone https://github.com/MuhammedZohaib/patchman.git
claude plugin marketplace add ./patchman
claude plugin install patchman@patchman-marketplace

Codex — Local Install

git clone https://github.com/MuhammedZohaib/patchman.git
mkdir -p ~/.codex/plugins
cp -R patchman/plugins/patchman ~/.codex/plugins/patchman
codex marketplace add ./patchman

Use ~/.codex/plugins/patchman if you want to point Codex directly at the plugin path.

Use codex marketplace add ./patchman if you want Patchman to appear in Codex marketplace or picker discovery.

Review Modes

Mode	Command
Full security audit	`/security-audit focus=full severity>=medium output=report`
Auth review	`/auth-review area=login,session,reset`
Business logic review	`/bizlogic-review feature=billing-upgrade workflow=invite-approval`
API review	`/api-review surface=public-api include=authz,rate-limit,headers`
ORM / data-access review	`/query-review path=app/models include=n-plus-one,tenant-scope`
PR diff review	`/pr-diff-review base=main head=feature/auth-refactor`
Quick triage	`/quick-triage path=admin/ reason=pre-release`
Threat modeling	`/threat-model feature=file-import`
Audit report	`/audit-report format=engineering-summary`

What Patchman Detects

OWASP Top 10 classes with code-level evidence
Broken authentication, authorization, and session management
IDOR and tenant isolation failures
Business logic gaps and approval bypasses
SSRF, XSS, CSRF, injection, and insecure deserialization
Secret leakage and sensitive data in logs
Unsafe file upload handling
Weak headers, insecure defaults, and risky cryptography
Missing rate limiting and anti-abuse controls
ORM misuse, N+1 query issues, and cross-tenant data access
Admin path, webhook, queue, and background job vulnerabilities

Example Prompts

Full audit

Run a full security audit on this repo. Prioritize broken access control, unsafe defaults,
tenant isolation, secret handling, and exploitable auth issues. Use the Patchman findings format.

Targeted review

Review only the password reset flow. Focus on token lifetime, replay attacks, host header
trust, user enumeration, and session invalidation after reset.

PR review

Audit this pull request as a defensive security reviewer. Flag regressions, rank by severity
and confidence, and suggest minimal safe patches.

Findings Format

Every finding includes:

Evidence — specific code or configuration reference
Severity — based on blast radius and realistic abuse conditions
Confidence — drops when context is incomplete
Remediation — specific enough to implement directly

Scope and Limitations

Patchman is for authorized defensive auditing only.

In scope: secure code review, architecture review, configuration review, exploitability analysis in plain language, remediation planning

Out of scope: unauthorized intrusion, exploit weaponization, credential harvesting, malware or persistence guidance, destructive payloads, live attack chains

Patchman infers risk from static code and configuration. It does not replace runtime validation and will request missing deployment, proxy, or identity-boundary context when evidence is insufficient.

Repository Structure

patchman/
├── .claude-plugin/
├── .agents/plugins/
├── commands/
├── docs/
├── evals/
├── hooks/
├── plugins/patchman/
├── rules/
├── skills/
└── patchman.skill

patchman

Component Overview

Install

Component Details

Commands (9)

Skills (7)

Hooks (1)

README

patchman

Overview

Installation

Claude Code (Recommended)

Claude Code — Local Install

Codex — Local Install

Review Modes

What Patchman Detects

Example Prompts

Findings Format

Scope and Limitations

Repository Structure

Contributing

Similar Plugins

everything-claude-code

patchman

Component Overview

Install

Component Details

Commands (9)

Skills (7)

Hooks (1)

README

patchman

Overview

Installation

Claude Code (Recommended)

Claude Code — Local Install

Codex — Local Install

Review Modes

What Patchman Detects

Example Prompts

Findings Format

Scope and Limitations

Repository Structure

Contributing

Similar Plugins

everything-claude-code

everything-claude-code

everything-claude-code

everything-claude-code

cc-polymath

vibeworks-library