Skill

code-graph

Build a cached code-graph (.kuzushi/code-graph.json) — entry points + per-symbol caller counts (blast-radius / attack-surface signal) — so producers like /diff-review query it instead of re-deriving caller info live. Uses real Joern call edges when a CPG is built, else a deterministic ripgrep heuristic (no heavy tooling required). Re-run after large code changes.

npx claudepluginhub allsmog/kuzushi-security-plugin --plugin kuzushi-security-plugin

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/kuzushi-security-plugin:code-graph

User invocable

Model invocable

Inline context

Default effort

Tool Access

This skill is limited to the following tools:

Bash

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Build (or refresh) the persistent code-graph for this repository.

SKILL.md

38 lines · ~502 tokens

Similar Skills

uspto-database

208.4k

Searches USPTO patent and trademark records from official APIs including PatentSearch, TSDR, and assignment databases.

ecc

Stats

LanguageJavaScript

Stars0

MaintenanceExcellent

Last CommitMay 28, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

code-graph

Code graph

Build (or refresh) the persistent code-graph for this repository.

Run, using the project working directory as <repo>:

node "${CLAUDE_PLUGIN_ROOT}/scripts/cmd/code-graph-build.mjs" --target "<repo>"

It writes .kuzushi/code-graph.json ({ entryPoints[], symbols:[{name,file,line,callerCount}], … }, symbols ranked by callerCount — the blast-radius signal) and prints a summary (definition count, top symbols, whether a Joern CPG is present for a higher-fidelity upgrade). Relay the summary.

Consumers read the artifact when present: /diff-review uses each changed symbol's callerCount for a deterministic blast radius (instead of live caller counting), and the hunters may consult it for reachability. With a Joern CPG present (/build-databases) it uses real call edges (callIn counts); otherwise it's a ripgrep call-site tally — either way re-run it after big changes.

When NOT to use

As a vulnerability finder — it's a structural index, not a hunter; it makes no security judgments.

On a repo you haven't changed since the last build — the cached artifact is still valid; only re-run after meaningful code changes.

Rationalizations to Reject

"The caller count is exact." → Only with the Joern backend (real callIn edges). The ripgrep fallback is a call-site tally — a blast-radius signal, not a true graph. Check the backend field.

"No graph, so skip blast radius." → Without the cached graph, /diff-review still falls back to live caller counting — the graph just makes it cheaper and repo-wide.

Code graph

Build (or refresh) the persistent code-graph for this repository.

Run, using the project working directory as <repo>:

node "${CLAUDE_PLUGIN_ROOT}/scripts/cmd/code-graph-build.mjs" --target "<repo>"

When NOT to use

As a vulnerability finder — it's a structural index, not a hunter; it makes no security judgments.
On a repo you haven't changed since the last build — the cached artifact is still valid; only re-run after meaningful code changes.

Rationalizations to Reject

"The caller count is exact." → Only with the Joern backend (real callIn edges). The ripgrep fallback is a call-site tally — a blast-radius signal, not a true graph. Check the backend field.
"No graph, so skip blast radius." → Without the cached graph, /diff-review still falls back to live caller counting — the graph just makes it cheaper and repo-wide.

code-graph

Invocation

Tool Access

Context Preview

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

code-graph

Invocation

Tool Access

Context Preview

SKILL.md

Code graph

When NOT to use

Rationalizations to Reject

Similar Skills

Help us improve

Code graph

When NOT to use

Rationalizations to Reject