npx claudepluginhub melodic-software/claude-code-plugins --plugin securityThis skill is limited to using the following tools:
Run a comprehensive security review combining multiple security checks.
Conducts OWASP Top 10 security audits and dependency vulnerability checks via Codex MCP. Analyzes git changes and security files like auth/password. Outputs findings report and gates merges.
Runs security audits on code, files, directories, staged git changes, or PRs for OWASP Top 10, CWE vulnerabilities, and anti-patterns. Generates structured reports with severity counts, remediation, and positives.
Scans codebases for vulnerabilities like SQL injection, XSS, auth flaws, insecure deps, and secrets using grep and bash. Generates severity-rated reports with file locations, explanations, and fixes.
Share bugs, ideas, or general feedback.
Run a comprehensive security review combining multiple security checks.
/security:review # Full review of current directory
/security:review src/ # Review specific directory
/security:review --staged # Review staged changes (pre-commit)
/security:review --pr # Review PR changes (pre-merge)
This command orchestrates multiple security agents in parallel for comprehensive coverage.
Spawn three agents in parallel using the Task tool:
Security Auditor Agent (security-auditor): "Perform a security audit on [scope]. Focus on OWASP Top 10, CWE weaknesses, authentication/authorization flaws, and security anti-patterns. Generate findings with severity, CWE references, and remediation guidance."
Secrets Scanner Agent (secrets-scanner): "Scan [scope] for hardcoded secrets, API keys, credentials, and sensitive data. Validate findings to minimize false positives. Report with severity and remediation steps."
Dependency Checker Agent (dependency-checker): "Check dependencies in [scope] for known CVEs. Auto-detect ecosystems and run appropriate audits. Report vulnerabilities with CVSS scores and upgrade recommendations."
Where [scope] is:
After all agents complete, synthesize a unified security review report:
# Comprehensive Security Review
**Scope:** [What was reviewed]
**Date:** [Current date]
**Review Type:** Full / Staged / PR
## Executive Summary
| Category | Critical | High | Medium | Low |
|----------|----------|------|--------|-----|
| Code Vulnerabilities | X | X | X | X |
| Exposed Secrets | X | X | X | X |
| Vulnerable Dependencies | X | X | X | X |
| **Total** | X | X | X | X |
## Risk Assessment
[Overall risk level: Critical / High / Medium / Low]
[Key concerns and attack surface summary]
## Code Vulnerabilities
[Findings from security-auditor agent]
## Secrets Findings
[Findings from secrets-scanner agent]
## Dependency Vulnerabilities
[Findings from dependency-checker agent]
## Prioritized Remediation Plan
### Immediate (Block Release)
1. [Critical items requiring immediate attention]
### Short-term (This Sprint)
2. [High-priority items]
### Medium-term (Next Release)
3. [Medium-priority items]
## Security Posture Improvements
[Recommendations for improving overall security posture]