Stats
Actions
Tags
From vibe
Detects code risks and security issues during review, risk scanning, or code evaluation. Writes findings to risks.md with impact level and file:line references.
How this skill is triggered — by the user, by Claude, or both
Slash command
/vibe:risk-detectionThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Scan using Grep with these patterns. Tag each finding with impact level and file:line.
Scan using Grep with these patterns. Tag each finding with impact level and file:line.
Language-agnostic (all projects):
(api_key|password|secret|token|private_key)\s*=\s*["'][^"']+["'].env files committed to git (check .gitignore)JavaScript/TypeScript:
eval(), new Function()innerHTML, dangerouslySetInnerHTMLreq.params, req.query, req.bodyconsole.log in production code (not in debug/ or test files)Python:
exec(), eval()cursor.execute with string formatting (SQL injection)except: (swallows all errors)print() in production code (not in debug/ or test files)Write findings to risks.md using sequential IDs (#R1, #R2...). One line per risk, max two lines.
Format: #RN [IMPACT] Description. file:line (found DATE)
Compare against existing risks.md baseline. Report delta: added (list), resolved (list), net change per impact level.
npx claudepluginhub jwlutz/claude_code_framework --plugin vibeDelivers one-shot structured code reviews for PRs, diffs, files, or functions. One line per issue: L<line>: SEVERITY problem. Fix: exact change. Severities: BUG, RISK, SEC, PERF, NIT, Q. No summaries.
Reviews code for best practices, security issues, bugs, error handling, performance, and testing coverage using Read, Grep, Glob tools. Use for PRs, code changes, quality analysis, security audits.
Reviews code for security vulnerabilities, correctness issues, and maintainability problems with prioritized findings, fix diffs, and commit recommendations.