Audit your Supabase project for the row-level-security mistakes that quietly expose data: tables without RLS, policies that resolve to true, leaked service-role keys, missing auth.uid() checks, open storage buckets, overbroad grants, and migration drift. A local, read-only scan plus a full review checklist, each finding with severity, evidence, and a fix. No database changes without confirmation.
One-line summary description Stop your agent from claiming "done" before it's proven. A verification gate that classifies each change by risk (payment, auth, database, user-facing), picks the tests that actually cover it, demands evidence, maps regression risk, and outputs an honest pass/fail report. Turns "looks good to me" into "here's what I ran, and here's what's still unverified."
An adversarial reviewer for AI-written code changes. It pressure-tests a pull request or diff for untested branches, silent behavior changes, missing edge cases, over-confident code that only looks right, and weak tests, then returns a PASS / REVISE / BLOCK verdict before the change merges.
Vet dependency changes for supply-chain risk before you install, commit, or release. Scans package and lockfile diffs for install-time lifecycle scripts, non-registry sources, suspicious download commands, typosquatting, and floating versions, across npm, pnpm, yarn, pip, uv, and poetry. Flags what to review with evidence. No install required.
Reviewer left comments and your PR is stuck? Find the #1 blocking comment and get a finished reply — acknowledge, the fix, what to test — written to move the reviewer to approve.
Catch the dangerous migration before it locks or wrecks your production database. Scans SQL migration files for destructive and risky operations: DROP and TRUNCATE, drops without IF EXISTS, lossy column-type changes, NOT NULL added without a default, DELETE or UPDATE with no WHERE, non-concurrent index builds, dropped constraints, renames, and data backfills mixed into schema changes. Each finding is ranked by severity with a safer rewrite. Postgres, MySQL, and SQLite.
Turns Claude into a senior WordPress launch reviewer that audits a site, theme, or plugin against the entire pre-launch standard across 7 weighted domains and returns one objective go/no-go decision with a scored blocker list.
1
wordpresscode-reviewweb-security+13
Dockerfile & Container Build Sanity Gate — Catch Root Users, Bloat, Leaked Secrets & Fragile Layers Before You Build
An adversarial reviewer for Dockerfiles and container builds. It flags root users, image bloat, unpinned or cache-busting layers, leaked secrets, and missing hardening, then returns a PASS / FIX / BLOCK verdict — before you build or push the image.
1
dockercontainersdevops+2
Dependency & Supply Chain Risk Gate — Catch Vulnerable, Outdated & Typosquatted Packages Before They Ship
Audit your project's dependencies for supply-chain risk before they ship. Detects the ecosystem, runs the right vulnerability scanners against live advisory data, and adds the checks tooling misses — outdated or abandoned packages, typosquatted or suspicious names, risky install scripts, and license conflicts — then returns a prioritized fix list and a PASS / REVIEW / BLOCK verdict. It's npm audit with triage and judgment on top.
Review a database schema, queries, or migration for the mistakes that get expensive in production — bad table design, missing or wrong indexes, slow and N+1 queries, SQL injection, and migrations that lock or break prod. Engine-aware (PostgreSQL, MySQL, SQLite, SQL Server), it runs an ordered review and returns a PASS/REVIEW/BLOCK verdict with prioritized fixes. Schema mistakes are the most expensive kind — this catches them before they ship.
A senior WordPress security auditor that reasons about WP-API taint flow — not regex hits — to find the 8 real plugin/theme vulnerability classes a generic scanner misses, and returns scored findings with ready-to-merge before→after patches.
1
wordpresssecurityaudit+10
Medical & Pharma AI Compliance Gate — Pass MLR, Evidence, COI & AI Use Checks Before Your Content Ships
Audit AI-assisted medical and pharma content for compliance-readiness before it enters formal MLR review or journal submission. It checks claim substantiation and on-label scope, reference integrity (the acute AI risk: fabricated or misrepresented citations), fair balance and safety, AI-use disclosure, ICMJE authorship and GPP, COI and funding, data integrity and patient privacy, and adverse-event flags — then returns a PASS / REVISE / BLOCK verdict with the must-fix list. A readiness pre-check built for the regulated reality of medical communications — not a replacement for formal review.