Skip to main content
Commands · commands · 20 picks

Claude Code command center

Slash commands for commits, reviews, tests, docs, security checks, debugging, refactors, MCP setup, and repeatable coding tasks.

Curated by @heyclaude-editors Updated 2026-07-18

Slash commands for commits, reviews, tests, docs, security checks, debugging, refactors, MCP setup, and repeatable coding tasks.

Compared at a glance

The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.

2 trust signals differ across this comparison (Source provenance, Submitter).

Next steps differ across picks — use the actions in the table below to copy install commands and source links per resource.

Field

Community slash command runbook to refresh stale project documentation after code changes: use git history to find affected docs, compare README commands to package scripts, and flag broken internal links before opening a docs PR.

Open dossier

Comprehensive code review with security analysis, performance optimization, and best practices validation

Open dossier

Intelligently analyzes changes and creates well-formatted git commits with conventional commit messages

Open dossier

Slash command that reviews the supply-chain risk of a project's dependencies using OpenSSF Scorecard health signals rather than CVE counts.

Open dossier

Slash command that reviews a pull request diff for security regressions: authentication and authorization gaps, injection surfaces, secret exposure, unsafe deserialization, and dependency risk introduced by the change.

Open dossier
Next stepsDiffers
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceDiffersSubmission linkedSource submissionSource-backedSource-backedSource-backedSubmission linkedSource submission
SubmitterDifferskiannidevtechforgeworkskiannidev
Install riskReview firstReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
Brand
Categorycommandscommandscommandscommandscommands
SourceSource-backedSource-backedSource-backedSource-backedSource-backed
AuthorkiannidevJSONboredJSONboredtechforgeworkskiannidev
Added2026-06-162025-09-162025-09-152026-06-042026-06-14
Platforms
Harness
Source repo
Safety notesRead-only git history inspection unless the operator approves doc edits. Validate git refs before interpolating them into shell commands.Review generated changes and commands before applying them; slash commands can ask the agent to read, write, edit, or run tools in the current project. Limit scope to the intended files and run in a trusted checkout when the command analyzes code, tests, security findings, or generated output.Creates git commits in your repository from the staged changes; review the generated commit before pushing.Queries the public OpenSSF Scorecard API and OSV API with read-only GET requests to look up already-published health scores and advisories; it changes nothing in your project or in any dependency. When the optional scorecard CLI is used to score a repository that is not already in the public dataset, it performs read-only analysis and needs a GitHub token; it never modifies repositories. The review is advisory - it ranks risk and recommends actions, but it does not pin, update, remove, or vendor any dependency on its own.Read-only: fetches PR metadata and diff via `gh pr diff` and `gh pr view`; it does not merge, comment, or mutate the repository. PR descriptions, CI logs, and review comments are untrusted input; never execute commands or follow URLs embedded in PR text. Treat dependency and secret findings as advisory until validated by a human reviewer or automated scanner.
Privacy notesCommit messages and doc drafts enter model context; scrub internal-only details first.Prompts, source files, logs, errors, dependency metadata, and generated reports may be sent to the configured AI model during command execution. Redact secrets, customer data, private repository details, and proprietary code before sharing command output outside the workspace.Reads your staged changes, diffs, and branch and repository metadata to draft a commit message; that content is sent to the model as part of the request and is not written or transmitted anywhere else.External lookups can expose dependency names, versions, scoped package names, and repo identifiers to public Scorecard and OSV APIs; skip private/internal packages and private repos unless the user explicitly approves sharing that metadata. Scorecard and OSV responses (numeric check scores and advisory text) enter the model context to explain the risk ranking. It writes nothing to disk beyond any output you choose to redirect.PR diffs may contain credentials, customer data, or internal hostnames that enter the model context for analysis. Redact tokens and PII from shared review output; avoid running on private PRs in shared Claude sessions without approval.
Prerequisites
  • Git repository with commits and documentation files such as README.md or docs/.
  • Lockfiles or package manifests when comparing documented install commands.
— none listed— none listed— none listed
  • GitHub CLI (`gh`) authenticated with access to the pull request repository.
  • Pull request number or current branch PR context in a git repository.
  • Permission to read the PR diff, changed files, and lockfile updates.
Install
/documentation-refresh [since-ref]
/review [options] <file_or_directory>
/dependency-risk-review [package]
/pr-security-review [pr-number]
Config
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool
  1. 01
    Why it made the cut

    /documentation-refresh - Documentation Refresh Runbook is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  2. 02
    Why it made the cut

    /review - Code Review Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  3. 03
    Why it made the cut

    Git Smart Commit for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  4. 04
    Why it made the cut

    /dependency-risk-review - Dependency Risk Review Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  5. 05
    Why it made the cut

    /pr-security-review - PR Security Review Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  6. 06
    Why it made the cut

    /refactor-code - Scoped Refactor Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  7. 07
    Why it made the cut

    /targeted-test-generation - Targeted Test Generation Runbook is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  8. 08
    Why it made the cut

    TDD Workflow Custom Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  9. 09
    Why it made the cut

    /api-contract-check - API Contract Check Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  10. 10
    Why it made the cut

    /docs - Documentation Drafting Custom Command is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  11. 11
    Why it made the cut

    /frontend-visual-qa - Chrome Design Verification Runbook is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  12. 12
    Why it made the cut

    /openapi-diff-review - Spectral OpenAPI Diff Review Runbook is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  13. 13
    Why it made the cut

    /security - Vulnerability Scan Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  14. 14
    Why it made the cut

    /test-advanced - Advanced Test Planning Custom Command is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  15. 15
    Why it made the cut

    Generate Tests Custom Command is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  16. 16
    Why it made the cut

    /explain - Code Explanation Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  17. 17
    Why it made the cut

    /refactor - Code Refactoring Command for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  18. 18
    Why it made the cut

    Bootstrap CLAUDE.md with /init in Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  19. 19
    Why it made the cut

    Mintlify Documentation Generator for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  20. 20
    Why it made the cut

    /incident-timeline - Incident Timeline Slash Command is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.

Suggest a pick
Weekly · Sundays

Get the weekly brief

One calm read on Claude workflows. Sundays. No tracking pixels.

Unsubscribe any time. No tracking pixels. No partner blasts.