This is a proactive security review tool that kicks in when you explicitly ask for a security audit or secure coding guidance across Python, JavaScript/TypeScript, and Go. It identifies your tech stack, pulls framework-specific best practices from its reference library (like Django, Express, or Gin security patterns), then either writes secure-by-default code going forward or generates a severity-ranked vulnerability report with line numbers. The nice touch is the three-mode approach: passive detection of critical issues while you work, full security reports when requested, and guided fixes that respect your commit workflow and testing setup. It won't fight you on project-specific overrides, which is refreshingly pragmatic. Just know it only triggers on explicit security requests, not general code review.
npx skills add https://github.com/davila7/claude-code-templates --skill security-best-practices