> performing-security-code-review
This skill enables Claude to conduct a security-focused code review using the security-agent plugin. It analyzes code for potential vulnerabilities like SQL injection, XSS, authentication flaws, and insecure dependencies. Claude uses this skill when the user explicitly requests a security audit, asks for a code review with a focus on security, or mentions security concerns related to code. The security-agent plugin then provides structured security findings with severity ratings, code locations,
curl "https://skillshub.wtf/jeremylongshore/claude-code-plugins-plus-skills/security-agent?format=md"Overview
This skill empowers Claude to act as a security expert, identifying and explaining potential vulnerabilities within code. It leverages the security-agent plugin to provide detailed security analysis, helping developers improve the security posture of their applications.
How It Works
- Receiving Request: Claude identifies a user's request for a security review or audit of code.
- Activating Security Agent: Claude invokes the security-agent plugin to analyze the provided code.
- Generating Security Report: The security-agent produces a structured report detailing identified vulnerabilities, their severity, affected code locations, and recommended remediation steps.
When to Use This Skill
This skill activates when you need to:
- Review code for security vulnerabilities.
- Perform a security audit of a codebase.
- Identify potential security risks in a software application.
Examples
Example 1: Identifying SQL Injection Vulnerability
User request: "Please review this database query code for SQL injection vulnerabilities."
The skill will:
- Activate the security-agent plugin to analyze the database query code.
- Generate a report identifying potential SQL injection vulnerabilities, including the vulnerable code snippet, its severity, and suggested remediation, such as using parameterized queries.
Example 2: Checking for Insecure Dependencies
User request: "Can you check this project's dependencies for known security vulnerabilities?"
The skill will:
- Utilize the security-agent plugin to scan the project's dependencies against known vulnerability databases.
- Produce a report listing any vulnerable dependencies, their Common Vulnerabilities and Exposures (CVE) identifiers, and recommendations for updating to secure versions.
Best Practices
- Specificity: Provide the exact code or project you want reviewed.
- Context: Clearly state the security concerns you have regarding the code.
- Iteration: Use the findings to address vulnerabilities and request further reviews.
Integration
This skill integrates with Claude's code understanding capabilities and leverages the security-agent plugin to provide specialized security analysis. It can be used in conjunction with other code analysis tools to provide a comprehensive assessment of code quality and security.
> related_skills --same-repo
> agent-context-loader
PROACTIVE AUTO-LOADING: Automatically detects and loads AGENTS.md files from the current working directory when starting a session or changing directories. This skill ensures agent-specific instructions are incorporated into Claude Code's context alongside CLAUDE.md, enabling specialized agent behaviors. Triggers automatically when Claude detects it's working in a directory, when starting a new session, or when explicitly requested to "load agent context" or "check for AGENTS.md file".
> Google Cloud Agent SDK Master
Automatic activation for ALL Google Cloud Agent Development Kit (ADK) and Agent Starter Pack operations - multi-agent systems, containerized deployment, RAG agents, and production orchestration. **TRIGGER PHRASES:** - "adk", "agent development kit", "agent starter pack", "multi-agent", "build agent" - "cloud run agent", "gke deployment", "agent engine", "containerized agent" - "rag agent", "react agent", "agent orchestration", "agent templates" **AUTO-INVOKES FOR:** - Agent creation and scaffold
> Vertex AI Media Master
Automatic activation for ALL Google Vertex AI multimodal operations - video processing, audio generation, image creation, and marketing campaigns. **TRIGGER PHRASES:** - "vertex ai", "gemini multimodal", "process video", "generate audio", "create images", "marketing campaign" - "imagen", "video understanding", "multimodal", "content generation", "media assets" **AUTO-INVOKES FOR:** - Video processing and understanding (up to 6 hours) - Audio generation and transcription - Image generation with I
> yaml-master
PROACTIVE YAML INTELLIGENCE: Automatically activates when working with YAML files, configuration management, CI/CD pipelines, Kubernetes manifests, Docker Compose, or any YAML-based workflows. Provides intelligent validation, schema inference, linting, format conversion (JSON/TOML/XML), and structural transformations with deep understanding of YAML specifications and common anti-patterns.