This runs Ruflo security scans across your codebase at three depth levels: quick hits dependencies and CVEs, standard adds input validation and secrets detection, and full goes deep with threat modeling and auth flow analysis. It's basically a wrapper around their CLI tools that stores findings in MCP memory and can train on patterns via post-task hooks. Honest take: the tiered approach is smart for balancing speed versus thoroughness, though you're still dependent on Ruflo's underlying tooling quality. Most useful when you want repeatable security checks that Claude can reference later, less so if you already have a mature security pipeline that does this stuff better.
npx skills add https://github.com/ruvnet/ruflo --skill security-scan