security-guidance

Q: How to install security-guidance?

Add a marketplace: /plugin marketplace add . Then add the config to /plugin install security-guidance@ . Finally, /plugin in Claude Code.

Q: What is security-guidance best for?

security-guidance is categorized under General. It covers: security, code-review, agent.

30.2kOfficial PluginGeneralby Anthropic

Security review for Claude-generated code. Pattern-based warnings on edits, LLM-powered diff review on Stop, and an agentic commit reviewer that catches injection, XSS, SSRF, hardcoded secrets, and 25+ other vulnerability classes.

Python3272 forks747 issuesUpdated 6/16/2026First seen 4/17/2026

Summary

It catches injection, XSS, SSRF, hardcoded secrets, and 25+ other vulnerability classes, helping developers ship safer code without slowing down.

Install & Usage

Add a marketplace

/plugin marketplace add <org/repo>

Install the plugin

Add the configuration to /plugin install security-guidance@<marketplace>

Manage with /plugin

/plugin

Use Cases

Review a pull request diff for security vulnerabilities before merging.

Get real-time warnings while Claude edits code that might introduce SQL injection or XSS.

Scan a file or code snippet for hardcoded API keys, passwords, or tokens.

Audit a new feature implementation for SSRF, path traversal, or command injection risks.

Check a commit message and associated changes for insecure patterns before pushing.

Review third-party library usage for known vulnerability classes like prototype pollution.

Usage Examples

/security-guidance review the last commit for any security issues

/security-guidance scan src/app.js for hardcoded secrets and injection vulnerabilities

/security-guidance analyze this diff for XSS, CSRF, and SQL injection patterns

View source on GitHub

securitycode-reviewagentclaude-codemcpskills

Security Audits

LicenseUnknownSourcePassRepositoryPass

Frequently Asked Questions

What is security-guidance?

This skill provides real-time security review for Claude-generated code by detecting pattern-based warnings during edits, performing LLM-powered diff analysis on Stop, and acting as an agentic commit reviewer. It catches injection, XSS, SSRF, hardcoded secrets, and 25+ other vulnerability classes, helping developers ship safer code without slowing down.

How to install security-guidance?

To install security-guidance: add a marketplace (/plugin marketplace add <org/repo>), then add the config to /plugin install security-guidance@<marketplace>. Finally, /plugin in Claude Code.

What is security-guidance best for?

security-guidance is a plugin categorized under General. It is designed for: security, code-review, agent. Created by Anthropic.

What can I use security-guidance for?

security-guidance is useful for: Review a pull request diff for security vulnerabilities before merging.; Get real-time warnings while Claude edits code that might introduce SQL injection or XSS.; Scan a file or code snippet for hardcoded API keys, passwords, or tokens.; Audit a new feature implementation for SSRF, path traversal, or command injection risks.; Check a commit message and associated changes for insecure patterns before pushing.; Review third-party library usage for known vulnerability classes like prototype pollution..