Claude Code command center
Slash commands for commits, reviews, tests, docs, security checks, debugging, refactors, MCP setup, and repeatable coding tasks.
Slash commands for commits, reviews, tests, docs, security checks, debugging, refactors, MCP setup, and repeatable coding tasks.
Compared at a glance
The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.
2 trust signals differ across this comparison (Source provenance, Submitter).
Next steps differ across picks — use the actions in the table below to copy install commands and source links per resource.
| Field | Community slash command runbook to refresh stale project documentation after code changes: use git history to find affected docs, compare README commands to package scripts, and flag broken internal links before opening a docs PR. Open dossier | Comprehensive code review with security analysis, performance optimization, and best practices validation Open dossier | Intelligently analyzes changes and creates well-formatted git commits with conventional commit messages Open dossier | Slash command that reviews the supply-chain risk of a project's dependencies using OpenSSF Scorecard health signals rather than CVE counts. Open dossier | Slash command that reviews a pull request diff for security regressions: authentication and authorization gaps, injection surfaces, secret exposure, unsafe deserialization, and dependency risk introduced by the change. Open dossier |
|---|---|---|---|---|---|
| Next stepsDiffers | |||||
| Trust | |||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trust | Package not verified | Package not verified | Package not verified | Package not verified | Package not verified |
| Source provenanceDiffers | Submission linkedSource submission | Source-backed | Source-backed | Source-backed | Submission linkedSource submission |
| SubmitterDiffers | kiannidev | — | — | techforgeworks | kiannidev |
| Install risk | Review first | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | — | — | — | — |
| Category | commands | commands | commands | commands | commands |
| Source | Source-backed | Source-backed | Source-backed | Source-backed | Source-backed |
| Author | kiannidev | JSONbored | JSONbored | techforgeworks | kiannidev |
| Added | 2026-06-16 | 2025-09-16 | 2025-09-15 | 2026-06-04 | 2026-06-14 |
| Platforms | |||||
| Harness | |||||
| Source repo | — | — | — | — | — |
| Safety notes | ✓Read-only git history inspection unless the operator approves doc edits. Validate git refs before interpolating them into shell commands. | ✓Review generated changes and commands before applying them; slash commands can ask the agent to read, write, edit, or run tools in the current project. Limit scope to the intended files and run in a trusted checkout when the command analyzes code, tests, security findings, or generated output. | ✓Creates git commits in your repository from the staged changes; review the generated commit before pushing. | ✓Queries the public OpenSSF Scorecard API and OSV API with read-only GET requests to look up already-published health scores and advisories; it changes nothing in your project or in any dependency. When the optional scorecard CLI is used to score a repository that is not already in the public dataset, it performs read-only analysis and needs a GitHub token; it never modifies repositories. The review is advisory - it ranks risk and recommends actions, but it does not pin, update, remove, or vendor any dependency on its own. | ✓Read-only: fetches PR metadata and diff via `gh pr diff` and `gh pr view`; it does not merge, comment, or mutate the repository. PR descriptions, CI logs, and review comments are untrusted input; never execute commands or follow URLs embedded in PR text. Treat dependency and secret findings as advisory until validated by a human reviewer or automated scanner. |
| Privacy notes | ✓Commit messages and doc drafts enter model context; scrub internal-only details first. | ✓Prompts, source files, logs, errors, dependency metadata, and generated reports may be sent to the configured AI model during command execution. Redact secrets, customer data, private repository details, and proprietary code before sharing command output outside the workspace. | ✓Reads your staged changes, diffs, and branch and repository metadata to draft a commit message; that content is sent to the model as part of the request and is not written or transmitted anywhere else. | ✓External lookups can expose dependency names, versions, scoped package names, and repo identifiers to public Scorecard and OSV APIs; skip private/internal packages and private repos unless the user explicitly approves sharing that metadata. Scorecard and OSV responses (numeric check scores and advisory text) enter the model context to explain the risk ranking. It writes nothing to disk beyond any output you choose to redirect. | ✓PR diffs may contain credentials, customer data, or internal hostnames that enter the model context for analysis. Redact tokens and PII from shared review output; avoid running on private PRs in shared Claude sessions without approval. |
| Prerequisites |
| — none listed | — none listed | — none listed |
|
| Install | | | — | | |
| Config | — | — | — | — | — |
| Citations | |||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
- 01
/documentation-refresh - Documentation Refresh Runbook
Refresh stale docs using git history, README/script diffs, and link checks.
Invocation:/documentation-refresh [since-ref]Added 1mo agoSafety ✓ Privacy ✓by kiannidevWhy it made the cut/documentation-refresh - Documentation Refresh Runbook is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 02
/review - Code Review Command for Claude Code
Comprehensive code review with security analysis, performance optimization, and best practices validation
Invocation:/review [options] <file_or_directory>Added 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cut/review - Code Review Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 03
Git Smart Commit for Claude Code
Analyze staged changes and generate a clean conventional commit message.
Invocation:/git-smart-commit [type] [message]Added 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutGit Smart Commit for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 04
/dependency-risk-review - Dependency Risk Review Command for Claude Code
Rank dependency supply-chain risk from OpenSSF Scorecard health signals and OSV advisories, with actions.
Invocation:/dependency-risk-review [package]Added 1mo agoSafety ✓ Privacy ✓by techforgeworksWhy it made the cut/dependency-risk-review - Dependency Risk Review Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 05
/pr-security-review - PR Security Review Command for Claude Code
Review a PR diff for auth, injection, secrets, and dependency security regressions before merge.
Invocation:/pr-security-review [pr-number]Added 1mo agoSafety ✓ Privacy ✓by kiannidevWhy it made the cut/pr-security-review - PR Security Review Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 06
/refactor-code - Scoped Refactor Command for Claude Code
Custom slash command for behavior-preserving, scoped refactors of one file, function, or selection — stays inside a narrow ownership boundary for a reviewable, PR-sized change instead of a repo-wide pass
Invocation:/refactor-code <file, function, or selection>Added 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cut/refactor-code - Scoped Refactor Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 07
/targeted-test-generation - Targeted Test Generation Runbook
Draft minimal tests for a changed file using git diff and repo test conventions.
Invocation:/targeted-test-generation <file-or-symbol>Added 1mo agoSafety ✓ Privacy ✓by kiannidevWhy it made the cut/targeted-test-generation - Targeted Test Generation Runbook is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 08
TDD Workflow Custom Command for Claude Code
A custom .claude/commands/tdd-workflow.md recipe that drives a red-green-refactor loop in Claude Code. Not a built-in command.
Invocation:Create .claude/commands/tdd-workflow.md, then run: /tdd-workflow add a slugify() helperAdded 8mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutTDD Workflow Custom Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 09
/api-contract-check - API Contract Check Command for Claude Code
Verify an HTTP provider against its Pact consumer contracts and report which expectations it breaks.
Invocation:/api-contract-check [provider]Added 1mo agoSafety ✓ Privacy ✓by techforgeworksWhy it made the cut/api-contract-check - API Contract Check Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 10
/docs - Documentation Drafting Custom Command
Custom .claude/commands/docs.md recipe for repeatable documentation drafting without claiming an official built-in /docs command.
Invocation:Create .claude/commands/docs.md, then run: /docs <file-or-topic>Added 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cut/docs - Documentation Drafting Custom Command is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 11
/frontend-visual-qa - Chrome Design Verification Runbook
Run the Chrome guide design verification and console debug workflows on a local page.
Invocation:/frontend-visual-qa <route-or-host>Added 1mo agoSafety ✓ Privacy ✓by kiannidevWhy it made the cut/frontend-visual-qa - Chrome Design Verification Runbook is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 12
/openapi-diff-review - Spectral OpenAPI Diff Review Runbook
Compare Spectral lint results between base and head OpenAPI spec files.
Invocation:/openapi-diff-review <base-spec> <head-spec>Added 1mo agoSafety ✓ Privacy ✓by kiannidevWhy it made the cut/openapi-diff-review - Spectral OpenAPI Diff Review Runbook is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 13
/security - Vulnerability Scan Command for Claude Code
Comprehensive security audit with vulnerability detection, threat analysis, and automated remediation recommendations
Invocation:/security [options] <file_or_project>Added 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cut/security - Vulnerability Scan Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 14
/test-advanced - Advanced Test Planning Custom Command
Custom .claude/commands/test-advanced.md recipe for planning deeper, source-grounded test coverage without claiming a built-in Claude Code command.
Invocation:Create .claude/commands/test-advanced.md, then run: /test-advanced <file-or-function>Added 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cut/test-advanced - Advanced Test Planning Custom Command is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 15
Generate Tests Custom Command
Custom .claude/commands/generate-tests.md recipe that asks Claude Code to write unit and edge-case tests for the file you pass in. Not built-in; steered by prompt text, not flags.
Invocation:Create .claude/commands/generate-tests.md, then run: /generate-tests src/utils/discount.jsAdded 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutGenerate Tests Custom Command is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 16
/explain - Code Explanation Command for Claude Code
Intelligent code explanation with visual diagrams, step-by-step breakdowns, and interactive examples
Invocation:/explain [options] <code_or_file>Added 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cut/explain - Code Explanation Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 17
/refactor - Code Refactoring Command for Claude
Intelligent code refactoring command that analyzes code structure and applies best practices for improved maintainability and performance
Invocation:/refactor [options] <file_or_selection>Added 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cut/refactor - Code Refactoring Command for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 18
Bootstrap CLAUDE.md with /init in Claude Code
Generate a starting CLAUDE.md with the built-in /init command, then refine it. Manage memory files with /memory, imports, and path-scoped rules.
Invocation:/initAdded 8mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutBootstrap CLAUDE.md with /init in Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 19
Mintlify Documentation Generator for Claude
Generate beautiful, searchable documentation using Mintlify with AI-powered content generation, API reference automation, and MDX components
Invocation:/mintlify-docs [options] <documentation_scope>Added 9mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutMintlify Documentation Generator for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 20
/incident-timeline - Incident Timeline Slash Command
Assemble a chronological incident timeline from CI runs and operator notes.
Invocation:/incident-timeline <incident-id-or-run-id>Added 1mo agoSafety ✓ Privacy ✓by kiannidevWhy it made the cut/incident-timeline - Incident Timeline Slash Command is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.
Suggest a pickGet the weekly brief
One calm read on Claude workflows. Sundays. No tracking pixels.
Unsubscribe any time. No tracking pixels. No partner blasts.