Stats
Actions
Tags
From oplane
Analyze a pull request for security implications and assess whether security requirements are addressed
How this skill is triggered — by the user, by Claude, or both
Slash command
/oplane:analyze-prThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Analyze this pull request for security implications and create a threat model.
Analyze this pull request for security implications and create a threat model.
$ARGUMENTS
IMPORTANT: You MUST complete ALL steps below. Creating the threat model (step 3) is only the midpoint — you MUST also get implementation advice, assess every requirement against the actual code, and call update_implementation_state for each one. Do NOT stop after new_threatmodel returns.
Verify Oplane MCP tools are available (MANDATORY) — Call my_recent_threatmodels to verify the Oplane MCP connection is working. If this call fails or the tools are not available, STOP IMMEDIATELY. Do not proceed with any analysis. Report the error and tell the user to check the Oplane MCP server status: in Claude Code run /mcp, in Cursor open Settings > MCP. Never perform analysis without working Oplane tools — local-only results cannot be persisted and are not acceptable.
Understand the PR changes — Review the PR title, description, and linked issues. Examine the diff to understand what changed. Use Read/Grep for additional context from the codebase.
Create a threat model — Call new_threatmodel with:
Get implementation advice — Call request_implementation_advice in batches of 3–5 IDs at a time (not all at once — large batches exceed output limits).
Assess each requirement — For every requirement:
update_implementation_state with one of:
Adjust severity — Use update_requirement_severity if the default doesn't match the actual risk for this PR's context.
Summarize — Report the number of requirements, implementation state breakdown, and key findings with recommendations for the PR author.
npx claudepluginhub oplane/oplane-plugin --plugin oplaneSecurity-focused code review for PRs, commits, and diffs. Targets auth, crypto, external calls, and value transfer with evidence-based findings and a report artifact.
Performs security-focused differential review of PRs, commits, and diffs with git history context, blast radius calculation, test coverage checks, and markdown report generation.
Performs security reviews of PRs, commits, and diffs using git history for context, blast radius calculation, test coverage checks, and markdown reports.