Source-backed agent that threat-models an MCP server before it is connected to Claude Code, covering trust verification, tool authority and side effects, prompt injection via tool output, network and credential exposure, and least-privilege mitigations, grounded in the official security docs.

Source-backed agent for security review of open-source pull requests, including untrusted fork boundaries, GitHub Actions permissions, secret and code scanning, dependency review, provenance signals, and maintainer-owned merge recommendations.

AI-powered code review specialist focusing on security vulnerabilities, OWASP Top 10, static analysis, secrets detection, and automated security best practices enforcement

Expert code reviewer that provides thorough, constructive feedback on code quality, security, performance, and best practices