This runs security audits on code diffs, PRs, or branches with an emphasis on cutting false positives. It does a three-phase analysis (context research, pattern comparison, vulnerability assessment) and filters findings down to only high-confidence exploitable issues. Comes with GitHub Actions integration that can post inline PR comments, plus custom filtering rules and domain-specific scan templates for compliance or finserv workflows. The eval framework is nice: point it at any public PR to test against real code. The philosophy is refreshingly pragmatic: better to miss theoretical vulnerabilities than drown teams in noise. Only flags HIGH and MEDIUM severity issues with 8+ confidence scores.
npx skills add https://github.com/leonmelamud/claude-code-security-review --skill code-security-audit