Claude Code Security Guidance: Early Vulnerability Alerts While You Code

Claude Code gets a security‑focused plugin

On May 27, Anthropic released the Security Guidance plugin for Claude Code. The plugin is available to all Claude Code users via the plugin marketplace, and can be installed with the command /plugin install security-guidance@claude-plugins-official or by searching “Security Guidance” in the Discover panel.

Moving security checks forward

The release is notable not because Claude simply gained another add‑on, but because Anthropic is turning Claude Code from a code‑generation CLI into a development environment that embeds security safeguards. Traditionally, security reviews happen after code is written—through linting, CI, PR review, or manual audits. Security Guidance brings those checks to the moment Claude modifies a file.

How the plugin works

Security Guidance hooks into four key moments in Claude Code’s workflow:

UserPromptSubmit : records the Git baseline before the current round, so later checks only consider new changes.

PostToolUse : runs rule checks after each Edit or Write operation, providing immediate alerts for obvious dangerous patterns.

Stop : performs a security diff on the current round’s changes before the session ends.

git commit / push : conducts a backend security review of the commit or push, preventing problems from being shipped.

During the Stop phase the plugin does not scan the entire repository; it diffs the current state against the baseline captured at UserPromptSubmit , focusing on what Claude just changed rather than resurfacing historic issues.

Risks the plugin flags

Security Guidance targets six common vulnerability classes that AI models often introduce for speed:

Command injection : patterns such as child_process.exec(), os.system(), shell=True. The plugin advises against concatenating user input into a shell command.

XSS : uses of innerHTML, dangerouslySetInnerHTML, document.write(). It recommends safe DOM APIs or sanitization libraries.

Deserialization : calls like pickle.load(), yaml.load(), torch.load(). The advice is to avoid loading untrusted objects.

CI/CD injection : modifications to GitHub Actions workflows. The plugin warns about triggers, permissions, and secret exposure.

Cryptographic misuse : ECB mode, ciphers without IV, disabling TLS verification. It suggests using proper, vetted cryptographic primitives.

Remote script risk : external scripts lacking Subresource Integrity (SRI). The plugin urges adding integrity checks for third‑party resources.

These issues often arise not because the model “doesn’t know” security, but because it prioritizes the quickest way to get code running.

Team‑level customization

Beyond the built‑in rules, Security Guidance allows projects to add custom policies via two files: .claude/claude-security-guidance.md – for team‑specific security guidelines. .claude/security-patterns.yaml – for custom regex or string patterns.

This extensibility makes the plugin more useful than a generic scanner, letting teams codify “don’t do X” rules that are enforced at code‑generation time.

Limitations

The plugin is not a silver bullet. It catches obvious dangerous patterns but cannot replace threat modeling, permission design, dependency audits, comprehensive testing, or deep manual reviews. Business‑logic flaws such as “user A modifying user B’s order” or missing webhook signatures require higher‑level analysis beyond regex‑based checks.

Suggested workflow

For heavy Claude Code users, a practical pipeline is:

Enable Security Guidance so the agent receives early warnings while writing.

Run unit tests and broader security scans before committing.

Perform manual PR review.

Apply deeper audits on high‑risk modules.

This positions the plugin as an early guardrail rather than a complete security solution.

Conclusion

AI‑driven coding can introduce vulnerabilities at scale; moving safety reminders closer to the code‑generation moment is essential. Security Guidance does not promise to automatically eliminate all bugs, but it provides a practical early checkpoint that can stop many low‑level security pitfalls before they propagate.