Search everything...

Stats

Actions

Available In

paladin

Name: paladin
Author: onehorizonai

By onehorizonai

Paladin helps engineering teams review PRs, audit risky code paths, and turn known security findings into mitigation plans with regression tests.

npx claudepluginhub onehorizonai/paladin --plugin paladin

Popularity

Stars

Med: 0·Avg: 285

Installs

Med: 0·Avg: 1

What's Inside

Skills5

paladin-assess

/paladin-assess

Paladin's security context dispatcher. Use when no specific Paladin skill is requested, when the user asks for a security review but the mode is unclear, or when Codex should inspect git state and route to PR review, repository audit, or vulnerability mitigation.

paladin-mitigate

/paladin-mitigate

Turn a known vulnerability, CVE, CWE, dependency alert, scanner result, audit finding, or PR security finding into concrete mitigation steps and regression tests. Use when the user asks how to fix, remediate, patch, reduce risk, or validate a security issue.

paladin-pr-review

/paladin-pr-review

Review a pull request, diff, staged changes, or uncommitted local changes for high-confidence security vulnerabilities. Use for PR security review, code security review, OWASP/CWE review of changed code, or security-sensitive diffs touching auth, authorization, input handling, data access, external calls, secrets, dependencies, infrastructure, logging, or file handling.

paladin-repo-audit

/paladin-repo-audit

Audit a local repository for security-relevant architecture, configuration, dependency, auth, authorization, input-handling, data-flow, secrets, logging, and infrastructure risks. Use for broad security checklists, weekly sweeps, repository security backlog creation, OWASP/CWE baseline review, or public GPT-style codebase audit guidance.

paladin-setup

/paladin-setup

Configure Paladin for a repository by creating or updating PALADIN.md. Use when the user asks to set up Paladin, initialize Paladin config, configure review actions, choose One Horizon/Linear/Jira/email/custom destinations, or prepare a repo for Paladin security review.

Stats

Version1.0.0

Stars0

MaintenanceGood

LicenseApache-2.0

Last CommitMay 20, 2026

AddedMay 20, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

paladin

README

Paladin

Security review for pull requests, repositories, and mitigation planning.

Paladin is a local skill plugin for AI-native engineering teams. It reviews code where the repo context is available, checks current advisory sources when needed, and turns real security findings into clear next steps.

Use it before merging a risky PR, during a weekly security sweep, or when a CVE, dependency alert, scanner result, or review note needs a practical fix plan.

Paladin is defensive by design. It does not promise full coverage, replace a security team, or claim to find unknown zero-days. It reviews known high-risk vulnerability classes, known exploited weaknesses, and regressions against a security baseline.

Why Paladin Runs In Your Repo

Security review depends on context. A generic warning is not enough.

Paladin checks the code paths around a change so it can answer the question that matters:

Is this actually exploitable here, and what should we do next?

Running inside the repo gives Paladin access to:

changed files, staged files, branches, and PR diffs
existing auth, permissions, tenant boundaries, validation, escaping, and database patterns
package manifests, lockfiles, deployment files, CI config, and tests
local instructions such as AGENTS.md, CLAUDE.md, Cursor rules, and PALADIN.md
current Git state and the open PR for the branch

That context helps Paladin avoid noisy reports. If existing authorization, validation, escaping, parameterization, or package versions already block the issue, Paladin should say that instead of inventing work.

What Paladin Does

Paladin gives teams three practical security workflows:

Workflow	What you get
PR review	A focused review of changed code for medium, high, and critical security findings
Repo audit	A prioritized local backlog for risky areas in the codebase
Mitigation planning	A concrete fix plan for a known finding, CVE, CWE, dependency alert, or scanner result

It checks for issues around:

authentication and session handling
authorization, ownership checks, and tenant isolation
user input, file handling, path traversal, SSRF, XSS, request forgery, and injection
secrets, insecure logging, and leaky error handling
dependencies, build scripts, supply chain risk, and known exploited vulnerabilities
infrastructure, deployment config, CORS, headers, and exposed admin paths

Every real finding should include evidence, impact, mitigation, a required regression test, severity, and whether it should block the PR.

Start Here

1. Install Paladin

Run this from the repo where you want Paladin available:

npx skills add onehorizonai/paladin

Registry URL after publication: skills.sh/onehorizonai/paladin

For Claude Code:

/plugin marketplace add onehorizonai/paladin
/plugin install paladin
/reload-plugins

Manual project install:

git clone --depth 1 https://github.com/onehorizonai/paladin .claude/skills/paladin

Manual user install:

git clone --depth 1 https://github.com/onehorizonai/paladin ~/.claude/skills/paladin

Restart your agent tool after installing.

2. Configure The Repo

Run:

/paladin-setup

paladin-setup creates or updates PALADIN.md in the repo root. It asks what Paladin should do after it finds actionable security work:

create an item automatically
ask before creating an item
only report in chat

It also asks where the follow-up should go. One Horizon is the default, but not the only option. You can route findings to Linear, Jira, email, or a custom workflow.

Setup uses repo-root references/security-sources.md as the default advisory source list and creates it from Paladin's bundled source list when the target repo is missing it.

3. Run Paladin

Start with the dispatcher when you want Paladin to choose the right mode:

/paladin

Or call a workflow directly:

/paladin-pr-review
/paladin-repo-audit
/paladin-mitigate

Plain English works too:

Use Paladin to review my uncommitted changes.
Use Paladin to review this PR for security risks.
Use Paladin to audit this repository for security risks.
Use Paladin to turn this CVE into a mitigation plan.

Common Ways To Use Paladin

Moment	Run
You start work with changed files	`/paladin`
You are about to open or merge a PR	`/paladin-pr-review`
A PR touches auth, permissions, input handling, dependencies, infra, logs, or file handling	`/paladin-pr-review`
You want a weekly security sweep	`/paladin-repo-audit`
A scanner, dependency alert, CVE, CWE, or review note appears	`/paladin-mitigate`

Useful cloud-agent prompts:

Before opening a PR, run Paladin on the diff. Include evidence, impact, mitigation, required test, severity, and blocking status.

View full README on GitHub

paladin

Popularity

What's Inside

Confidence

README

Paladin

Why Paladin Runs In Your Repo

What Paladin Does

Start Here

1. Install Paladin

2. Configure The Repo

3. Run Paladin

Common Ways To Use Paladin

Similar Plugins

fullstack-dev-skills

everything-claude-code

dotnet-skills

ecc

More by onehorizonai

sensei

Paladin

Why Paladin Runs In Your Repo

What Paladin Does

Start Here

1. Install Paladin

2. Configure The Repo

3. Run Paladin

Common Ways To Use Paladin

More by onehorizonai

sensei

Popularity

Health & Quality

Similar Plugins

fullstack-dev-skills

everything-claude-code

dotnet-skills

ecc

octo

claude-md-management