Skills

perform-security-review

Installation
SKILL.md

Parameters

--output-dir <path>: When using --output file, write the report to <path>/security-review-YYYY-MM-DD-{identifier}.md instead of the current working directory. Tip: use --output-dir ~/.claude/security-reviews/ to keep reports outside git repos.

Security Review Mode

Determine review mode from the invocation:

  • PR mode (PR number or URL): gh pr view <number> for context, gh pr diff <number> for the diff.
  • Commit mode (commit SHA): git diff <sha>..HEAD — reviews all changes after that commit.
  • Time-based mode (duration, e.g., "last 48 hours"): find the oldest commit in range with git log --since="<duration>" --reverse --format=%H | head -1, then git diff <sha>^..HEAD to include it.
  • Local changes mode (no argument, pending changes exist): git diff HEAD for staged + unstaged changes.
  • Branch comparison mode (no argument, no pending changes): git diff main...HEAD — changes since the branch diverged from main.

Security Review Process

Model selection: If --model is specified, use that model for all agents. Otherwise, default to opus.

Execute these steps in order. Do not skip, reorder, or combine steps.

Installs
33
Repository
bitwarden/ai-plugins
GitHub Stars
119
First Seen
Apr 10, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykFail
perform-security-review — bitwarden/ai-plugins