Skip to main content
Security workflows · commands · 18 picks

Claude Code security workflows

Security commands, hooks, rules, MCP servers, and skills for auditing code, checking risky changes, and tightening agent behavior.

Curated by @heyclaude-editors Updated 2026-07-18

Security commands, hooks, rules, MCP servers, and skills for auditing code, checking risky changes, and tightening agent behavior.

Compared at a glance

The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.

2 trust signals differ across this comparison (Package trust, Source provenance).

Next steps differ across picks — use the actions in the table below to copy install commands and source links per resource.

Field

Build layered defenses against prompt injection, data exfiltration, and unsafe tool execution in AI agent systems.

Open dossier

Comprehensive security audit with vulnerability detection, threat analysis, and automated remediation recommendations

Open dossier

Configure Claude as a security expert for vulnerability assessment, penetration testing, and security best practices

Open dossier

Automated security vulnerability scanning that integrates with development workflow to detect and prevent security issues before deployment.

Open dossier

Expert code-review capability pack for deterministic PR audits, risk-ranked findings, and low-noise fix planning without SaaS lock-in.

Open dossier
Next stepsDiffers
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage verified2026-04-10Package not verifiedPackage not verifiedPackage not verifiedPackage verified2026-04-11
Source provenanceDiffersNo submission linkSource-backedSource-backedSource-backedNo submission link
Submitter
Install riskLow riskReview firstReview firstReview firstLow risk
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
Brand
Categoryskillscommandsruleshooksskills
SourceFirst-partySource-backedSource-backedSource-backedFirst-party
AuthorJSONboredJSONboredJSONboredJSONboredJSONbored
Added2026-04-102025-09-162025-09-152025-09-162026-04-11
Platforms
Harness
Source repo
Safety notesTreat findings and generated mitigations as review inputs; validate suspected vulnerabilities and patches before changing production controls. Coordinate disclosure-sensitive security work privately and avoid running destructive probes outside authorized systems.Review generated changes and commands before applying them; slash commands can ask the agent to read, write, edit, or run tools in the current project. Limit scope to the intended files and run in a trusted checkout when the command analyzes code, tests, security findings, or generated output.Only assess, scan, or test systems you own or are explicitly authorized to test; unauthorized penetration testing or exploitation is illegal. Treat any active scanning, exploitation, or DAST tooling as potentially destructive; run it against staging or scoped targets, never production without written authorization. Vulnerability findings and exploit details are sensitive; handle and disclose them responsibly rather than committing live exploits or unredacted reports.Runs automatically after write, edit, or multiedit activity and invokes installed security tools against the touched file. May run truffleHog, Semgrep, npm audit, Bandit, or gosec depending on the file type and tools available. Treats scanner findings as warnings and does not guarantee that code is safe or unsafe.Installs from a downloaded package and may run local commands or scaffold files as part of the workflow; review the package and any generated changes before applying.
Privacy notesSecurity prompts and reports can include source snippets, vulnerability details, internal URLs, dependency metadata, and operational context. Redact secrets, customer data, exploit details, private infrastructure names, and unreleased findings before sharing outputs publicly.Prompts, source files, logs, errors, dependency metadata, and generated reports may be sent to the configured AI model during command execution. Redact secrets, customer data, private repository details, and proprietary code before sharing command output outside the workspace.Security review reads source code, configuration, environment files, and logs that can contain secrets, API keys, tokens, credentials, and PII. Do not paste discovered secrets, customer data, or internal log contents into shared chats, issues, or public notes; redact before reporting. Scanned outputs and incident artifacts may carry user data subject to GDPR/CCPA; store and transmit them only through approved, access-controlled channels.Reads modified file contents for security scanning and prints scanner output to local hook output. Semgrep and package audit commands may contact external rule, registry, or advisory services depending on local tool configuration. Scanner output may include file paths, code snippets, dependency names, and suspected secrets.Operates on your local project files and any context you share in the session; review what you expose before sharing — nothing is sent beyond the model unless a step calls an external service.
Prerequisites
  • Agent flow that processes user input or external web/content data
  • Ability to add policy checks before tool execution
  • Test harness for adversarial prompt scenarios
— none listed— none listed— none listed
  • Repository access and PR diff
  • Security severity policy
  • Test/lint/typecheck commands
Install
curl -L https://heyclau.de/downloads/skills/prompt-injection-defense-guardrails.zip -o prompt-injection-defense-guardrails.zip && unzip -o prompt-injection-defense-guardrails.zip -d ./prompt-injection-defense-guardrails
/security [options] <file_or_project>
mkdir -p .claude/hooks && touch .claude/hooks/security-scanner-hook.sh && chmod +x .claude/hooks/security-scanner-hook.sh
curl -L https://heyclau.de/downloads/skills/coderabbit-lite-pr-review-capability-pack.zip -o coderabbit-lite-pr-review-capability-pack.zip && unzip -o coderabbit-lite-pr-review-capability-pack.zip -d ./coderabbit-lite-pr-review-capability-pack
Config
{
  "hooks": {
    "postToolUse": {
      "script": "./.claude/hooks/security-scanner-hook.sh",
      "matchers": [
        "write",
        "edit",
        "multiedit"
      ]
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool
  1. 01
    Why it made the cut

    Prompt Injection Defense Guardrails Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  2. 02
    Why it made the cut

    /security - Vulnerability Scan Command for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  3. 03
    Why it made the cut

    Security Auditor Expert - CLAUDE.md Rules for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  4. 04
    Why it made the cut

    Security Scanner Hook - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  5. 05
    Why it made the cut

    Code Review Automation Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  6. 06
    Why it made the cut

    MCP Server Authoring Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  7. 07
    Why it made the cut

    Ethereum Base Smart Contract Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  8. 08
    Why it made the cut

    MCP Server Security Hardening Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  9. 09
    Why it made the cut

    n8n Production Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  10. 10
    Why it made the cut

    Socket MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  11. 11
    Why it made the cut

    AWS CloudTrail MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  12. 12
    Why it made the cut

    Prompt-Injection Content Scanner - Claude Code Hook is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  13. 13
    Why it made the cut

    Cloudflare MCP Server - MCP Servers is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  14. 14
    Why it made the cut

    Ethereum Solidity Security Foundry Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  15. 15
    Why it made the cut

    GitHub Actions Secure CI/CD Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  16. 16
    Why it made the cut

    OpenClaw Agent Ops Hardening Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  17. 17
    Why it made the cut

    OpenClaw Operator Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  18. 18
    Why it made the cut

    Stytch MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.

Suggest a pick
Weekly · Sundays

Get the weekly brief

One calm read on Claude workflows. Sundays. No tracking pixels.

Unsubscribe any time. No tracking pixels. No partner blasts.