Stats
Actions
Tags
From gemini
Get a security-focused review using Gemini CLI. This checks for OWASP Top 10 vulnerabilities, injection attacks, auth flaws, hardcoded secrets, and more.
How this command is triggered — by the user, by Claude, or both
Slash command
/gemini:security-reviewThe summary Claude sees in its command listing — used to decide when to auto-load this command
Get a security-focused review using Gemini CLI. This checks for OWASP Top 10 vulnerabilities, injection attacks, auth flaws, hardcoded secrets, and more. ## Step 1: Parse --model parameter Check if $ARGUMENTS contains `--model <value>`: - If yes: extract the value as MODEL, remove `--model <value>` from $ARGUMENTS - If no: set MODEL = pro Valid model values: flash, pro, flash-lite, or any full model name. ## Step 2: Determine input If $ARGUMENTS (after --model removal) is provided: - If it contains glob characters (* or ?), use the Glob tool to expand it, then Read each matched file - ...
Get a security-focused review using Gemini CLI. This checks for OWASP Top 10 vulnerabilities, injection attacks, auth flaws, hardcoded secrets, and more.
Check if $ARGUMENTS contains --model <value>:
--model <value> from $ARGUMENTSValid model values: flash, pro, flash-lite, or any full model name.
If $ARGUMENTS (after --model removal) is provided:
If $ARGUMENTS is empty:
git diff HEAD 2>/dev/nullgit diff --cachedDetermine the absolute path to the plugin root (the parent of the commands/ directory containing this file).
system-prompts/security-review.md → SYSTEM_PROMPT_PATHpolicies/readonly.toml → POLICY_PATHRun the following bash command, passing REVIEW_INPUT via stdin:
output=$(printf "%s" "$REVIEW_INPUT" | GEMINI_SYSTEM_MD="$SYSTEM_PROMPT_PATH" gemini -m $MODEL --admin-policy "$POLICY_PATH" 2>&1)
exit_code=$?
if [ $exit_code -ne 0 ] && echo "$output" | grep -qi "429\|quota\|RESOURCE_EXHAUSTED\|rate limit\|overloaded"; then
echo "[Fallback] $MODEL unavailable (quota/rate limit), retrying with flash..." >&2
output=$(printf "%s" "$REVIEW_INPUT" | GEMINI_SYSTEM_MD="$SYSTEM_PROMPT_PATH" gemini -m flash --admin-policy "$POLICY_PATH" 2>&1)
fi
echo "$output"
Note: We pipe input via stdin instead of -p flag to handle large diffs and special characters safely. If the preferred model hits quota limits, it automatically falls back to flash.
Show the Gemini response directly to the user. Do not modify, summarize, or reformat it.
gemini command is not found: suggest running /gemini:setup firstgemini interactively to re-authenticate via Google OAuthnpx claudepluginhub haunchen/gemini-plugin-cc --plugin gemini/security-reviewPerforms CWE Top 25 security review and STRIDE threat modeling on files/directories at maximum effort. Supports git diff scans (--auto/--quick), dependency checks, and markdown/json reports.
/security-reviewAnalyzes security vulnerabilities in the codebase or specified scope and generates a prioritized improvement plan as markdown report in /reports.
/security-reviewPerforms STRIDE-based security review on code paths or instructions with optional framework, generating Mermaid threat diagrams and assessment reports.