Back to Skills
Skill

review

Comprehensive security review combining code audit, secrets scan, and dependency check

From security
Install
1
Run in your terminal
$
npx claudepluginhub melodic-software/claude-code-plugins --plugin security
Tool Access

This skill is limited to using the following tools:

Task
Skill Content

Security Review Command

Run a comprehensive security review combining multiple security checks.

Usage

/security:review                   # Full review of current directory
/security:review src/              # Review specific directory
/security:review --staged          # Review staged changes (pre-commit)
/security:review --pr              # Review PR changes (pre-merge)

Execution

This command orchestrates multiple security agents in parallel for comprehensive coverage.

Step 1: Launch parallel security checks

Spawn three agents in parallel using the Task tool:

  1. Security Auditor Agent (security-auditor): "Perform a security audit on [scope]. Focus on OWASP Top 10, CWE weaknesses, authentication/authorization flaws, and security anti-patterns. Generate findings with severity, CWE references, and remediation guidance."

  2. Secrets Scanner Agent (secrets-scanner): "Scan [scope] for hardcoded secrets, API keys, credentials, and sensitive data. Validate findings to minimize false positives. Report with severity and remediation steps."

  3. Dependency Checker Agent (dependency-checker): "Check dependencies in [scope] for known CVEs. Auto-detect ecosystems and run appropriate audits. Report vulnerabilities with CVSS scores and upgrade recommendations."

Where [scope] is:

  • Current directory (no args)
  • Specified path ($ARGUMENTS without flags)
  • Staged changes (--staged)
  • PR changes (--pr)

Step 2: Synthesize results

After all agents complete, synthesize a unified security review report:

Output Format

# Comprehensive Security Review

**Scope:** [What was reviewed]
**Date:** [Current date]
**Review Type:** Full / Staged / PR

## Executive Summary

| Category | Critical | High | Medium | Low |
|----------|----------|------|--------|-----|
| Code Vulnerabilities | X | X | X | X |
| Exposed Secrets | X | X | X | X |
| Vulnerable Dependencies | X | X | X | X |
| **Total** | X | X | X | X |

## Risk Assessment

[Overall risk level: Critical / High / Medium / Low]
[Key concerns and attack surface summary]

## Code Vulnerabilities

[Findings from security-auditor agent]

## Secrets Findings

[Findings from secrets-scanner agent]

## Dependency Vulnerabilities

[Findings from dependency-checker agent]

## Prioritized Remediation Plan

### Immediate (Block Release)
1. [Critical items requiring immediate attention]

### Short-term (This Sprint)
2. [High-priority items]

### Medium-term (Next Release)
3. [Medium-priority items]

## Security Posture Improvements

[Recommendations for improving overall security posture]

Notes

  • This command runs multiple agents in parallel for efficiency
  • Results are synthesized into a unified report
  • Use for pre-release security gates or periodic security assessments
  • For individual checks, use /security:audit, /security:scan-secrets, or /security:check-deps
Similar Skills
Stats
Parent Repo Stars40
Parent Repo Forks6
Last CommitFeb 15, 2026
Actions
View SourceView PluginView on GitHubView README