Catch security anti-patterns before deploy
security-guidancepluginsetup L2★17,464
alirezarezvani/claude-skills ↗What it does
Catch 12 common security anti-patterns before edits are applied
Best for
Preventing command injection, XSS, SQL injection, unsafe deserialization, code injection, and GitHub Actions workflow injection at the moment of writing, before code reaches review
Inputs
- · Edit/Write/MultiEdit tool call
- · code snippet
Outputs
- · security alert
- · remediation guidance
Requires
- · PreToolUse hook
- · session-state cache (30-day auto-cleanup)
- · stdlib pattern matcher
Preconditions
Claude Code running with hook enabled; ENABLE_SECURITY_REMINDER not set to 0
Failure modes
Hook alerts on false positives (legitimate dynamic SQL with bound parameters); alert fatigue causes dismissal of real issues; stale state cache causes missed warnings
Trust signals
- · Catches 12 specific patterns with examples
- · Session-state caching prevents duplicate warnings
- · 30-day auto-cleanup of stale state
- · Ported from David Dworken's MIT-licensed plugin
- · Adds 3 new patterns beyond original (subprocess shell=True, SQL f-string/.format, yaml.unsafe_load)