Security Guidance (security-review)
Anthropic plugin that reviews each code change for vulnerabilities across three checkpoints and instructs Claude to fix them.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for Security Guidance (security-review), derived from its capabilities.
AIVSS 3.0 · Low
View MAESTRO 7-layer threat model →Overview
The security-guidance plugin from Anthropic reviews each change Claude makes for common vulnerabilities and instructs Claude to fix them in the same session. It operates across three checkpoints, the first being a fast deterministic pattern match on every file edit (a hook) that flags dangerous constructs like eval(), new Function(), os.system(), child_process.exec(), pickle deserialization, and DOM injection. It covers 25 high-risk vulnerability types.
Key features
- Deterministic per-edit pattern-match hook
- Three-layer review pipeline
- Flags eval/exec/pickle/DOM-injection sinks
- Covers 25 high-risk vulnerability types
Use cases
- Shift-left vulnerability detection while coding
- Auto-fixing insecure code in the same session