performing-security-code-review

jeremylongshore

Updated Yesterday

20 views

712

Metaaidesign

About

This skill enables Claude to perform automated security code reviews using the security-agent plugin. It detects vulnerabilities like SQL injection and XSS, providing structured findings with severity ratings and remediation guidance. Use it when requesting a security audit or reviewing code for security concerns.

Documentation

Overview

This skill empowers Claude to act as a security expert, identifying and explaining potential vulnerabilities within code. It leverages the security-agent plugin to provide detailed security analysis, helping developers improve the security posture of their applications.

How It Works

Receiving Request: Claude identifies a user's request for a security review or audit of code.
Activating Security Agent: Claude invokes the security-agent plugin to analyze the provided code.
Generating Security Report: The security-agent produces a structured report detailing identified vulnerabilities, their severity, affected code locations, and recommended remediation steps.

When to Use This Skill

This skill activates when you need to:

Review code for security vulnerabilities.
Perform a security audit of a codebase.
Identify potential security risks in a software application.

Examples

Example 1: Identifying SQL Injection Vulnerability

User request: "Please review this database query code for SQL injection vulnerabilities."

The skill will:

Activate the security-agent plugin to analyze the database query code.
Generate a report identifying potential SQL injection vulnerabilities, including the vulnerable code snippet, its severity, and suggested remediation, such as using parameterized queries.

Example 2: Checking for Insecure Dependencies

User request: "Can you check this project's dependencies for known security vulnerabilities?"

The skill will:

Utilize the security-agent plugin to scan the project's dependencies against known vulnerability databases.
Produce a report listing any vulnerable dependencies, their Common Vulnerabilities and Exposures (CVE) identifiers, and recommendations for updating to secure versions.

Best Practices

Specificity: Provide the exact code or project you want reviewed.
Context: Clearly state the security concerns you have regarding the code.
Iteration: Use the findings to address vulnerabilities and request further reviews.

Integration

This skill integrates with Claude's code understanding capabilities and leverages the security-agent plugin to provide specialized security analysis. It can be used in conjunction with other code analysis tools to provide a comprehensive assessment of code quality and security.

Quick Install

/plugin add https://github.com/jeremylongshore/claude-code-plugins-plus/tree/main/security-agent

Copy and paste this command in Claude Code to install this skill

GitHub 仓库

jeremylongshore/claude-code-plugins-plus

Path: backups/skills-batch-20251204-000554/plugins/examples/security-agent/skills/security-agent

aiautomationclaude-codedevopsmarketplacemcp

Related Skills

sglang

evaluating-llms-harness

Testing

This Claude Skill runs the lm-evaluation-harness to benchmark LLMs across 60+ standardized academic tasks like MMLU and GSM8K. It's designed for developers to compare model quality, track training progress, or report academic results. The tool supports various backends including HuggingFace and vLLM models.

View skill

llamaguard

Other

LlamaGuard is Meta's 7-8B parameter model for moderating LLM inputs and outputs across six safety categories like violence and hate speech. It offers 94-95% accuracy and can be deployed using vLLM, Hugging Face, or Amazon SageMaker. Use this skill to easily integrate content filtering and safety guardrails into your AI applications.