The security review
Claude Code scans your code for the holes that get apps hacked — then fixes them. Here's how to run it, and how it works.
Start here
The one-word version: type /security-review in Claude Code. It scans the changes on your branch, reports the risks with a severity and a fix for each, and then you tell it to fix them — all in the same chat.
Want a deeper pass, or more control over what it looks at? Paste this instead:
When it's finished, say now fix the issues you found, and explain each change — and it'll action them for you.
What it looks for
It hunts the high-impact, actually-exploitable stuff — and filters to the findings it's confident about, so the report stays short and real.
How it works
Run it
Type /security-review in Claude Code. You need a git repo with some pending changes — it reviews the diff on your current branch, not the whole codebase, so it stays fast and focused.
Read the report
It hands you a short markdown report in the chat: each issue with a severity, the file and line, why it's actually exploitable, and how to fix it. It filters to high- and medium-confidence findings, so you're not drowning in noise.
Get Claude to fix them
Stay in the same chat and say fix the issues you found. It works through them, proposes the changes, and you approve each one — the normal Claude Code flow. No restart, no re-run.
Automate it on PRs (optional)
For a repo you care about, the anthropics/claude-code-security-review GitHub Action runs the same review on every pull request and posts findings as inline comments. Honest caveat: it isn't hardened against prompt injection — run it on trusted PRs only.
The honest bit — what it isn't
- -It's a first-pass, in-development tool — not a replacement for a proper security audit or a pentest. Think of it as the obvious stuff you need covered before you ship, not a clean bill of health.
- -Static analysis only. It reads your code, so it won't catch runtime issues, business-logic flaws, or misconfigured production infrastructure.
- -It can miss things, and the odd false positive gets through — it's a model, not a guarantee.
- -It deliberately ignores some categories (denial-of-service, rate limiting, secrets already committed to disk, client-side-only checks) to keep the signal high.
- -Needs a paid Claude plan (Pro, Max, Team, or Enterprise).