Claude Code Launches `security-guidance`: A Free Plugin That Reviews Its Own Code for Vulnerabilities

Claude Code Launches the security-guidance Plugin for All Users

Anthropic released the security-guidance plugin for Claude Code into general availability on May 26, 2026, removing the previous Enterprise-only restriction and making it free on every Claude plan. The plugin represents a significant advancement in the way Claude Code handles security: rather than relying on developers to catch vulnerabilities after the fact, security-guidance gives Claude the ability to review its own edits in real time and fix what it finds in the same session.

How It Works: Three Layers of Review

The plugin operates at three distinct points in Claude's workflow, each designed to catch different classes of problems at the appropriate depth.

Per-Edit Pattern Scan

Whenever Claude writes to a file, the plugin runs a fast, deterministic regex scan with no model call and zero usage cost. This layer catches well-known dangerous patterns immediately: eval(), new Function(), os.system(), child_process.exec(), Python pickle deserialization, DOM injection vectors like dangerouslySetInnerHTML and .innerHTML =, document.write, and edits to .github/workflows/ files that can grant repository-level permissions. If a warning fires, it is appended to Claude's context so the next step can address it. Each pattern fires once per file per session to avoid flooding the conversation.

End-of-Turn Diff Review

After each conversational turn — every time Claude finishes responding — the plugin computes a git diff of all changes made during that turn and sends it to a separate Claude instance that has no knowledge of the original implementation. This independent reviewer looks for issues that pattern matching cannot catch: authorization bypasses, insecure direct object references, injection, server-side request forgery, and weak cryptography. The review runs in the background so Claude's reply is not delayed. If findings surface, Claude is re-prompted and addresses them as a follow-up step, visible directly in the session.

Commit-Time Agentic Review

When Claude runs git commit or git push through its Bash tool, the plugin launches a deeper agentic review that reads surrounding code — callers, sanitizers, and related files — before deciding whether a finding is real. This context-aware approach keeps false-positive rates low on patterns that appear dangerous in isolation but are safe within a specific codebase. The commit review is capped at 20 per rolling hour.

Review Independence

A deliberate design choice underpins all three layers: the same Claude instance that wrote the code is never asked to grade itself. The pattern scan is deterministic with no model involvement. The end-of-turn and commit reviews run as entirely separate Claude calls, starting from a fresh context with a security-focused prompt and no investment in the original approach.

None of the layers block writes or commits outright. Findings are surfaced as instructions to the writing Claude, which addresses them through normal tool use. This makes the plugin a layer in defense-in-depth rather than a hard gate.

Installation and Prerequisites

The plugin requires Claude Code CLI version 2.1.144 or later and Python 3.8+ on the system PATH. Install it from the official Anthropic marketplace in any active Claude Code session:

/plugin install security-guidance@claude-plugins-official
/reload-plugins

To enable the plugin across an entire team or organization, add it to the project's .claude/settings.json under enabledPlugins. Administrators can enable it organization-wide through managed settings.

Extending the Plugin

Two extension points let teams layer in project-specific rules without modifying the built-in checks. A .claude/claude-security-guidance.md file lets developers describe their threat model in plain language — for example, specifying that all routes under /admin must call require_role("admin"), or that customer_id must never appear in INFO-level logs. A .claude/security-patterns.yaml file lets teams add regex or substring rules to the per-edit pattern scan, such as detecting hardcoded API key prefixes or unfiltered multi-tenant queries.

Measured Impact

Internal deployments that tested earlier versions of the plugin reported a 30–40% reduction in security comments on pull requests, validating the shift-left approach of catching issues while code is still being written. The plugin's availability on all plans means independent developers, small teams, and enterprises alike can now benefit from AI-assisted security review as a standard part of the Claude Code workflow.