Identifies security vulnerabilities, logical bugs, and code quality issues in local git branch changes.
This skill provides a systematic framework for reviewing code changes before they are merged. It automates a multi-phase audit process that includes mapping the attack surface, running a comprehensive security checklist covering OWASP risks like injection and XSS, and verifying findings against existing tests and context. By prioritizing critical security flaws and functional bugs over stylistic linting, it helps developers harden their applications and prevent regressions within their Claude Code workflow.
Key Features
01Prioritized reporting focusing on security vulnerabilities and high-severity bugs
02Multi-phase verification process to reduce false positives by checking surrounding context
03Comprehensive security checklist covering SQLi, XSS, CSRF, and broken access control
04Detailed findings including severity, evidence, concrete fix suggestions, and references
05Automated attack surface mapping for user inputs, database queries, and external calls
06118 GitHub stars
Use Cases
01Conducting a pre-PR security audit to identify potential vulnerabilities before code review
02Reviewing complex branch changes for logical edge cases and race conditions
03Verifying that new API endpoints have proper authentication and authorization checks
