claudeindex
Plugin

rad-code-review

The specialist lanes and memory that the built-in /code-review doesn't have. Invokes the built-in engine for general bug-finding (quick/standard/deep map to its effort levels), then adds what it lacks: a mechanical hallucinated-imports validator (lockfile-verified across Python/JS/TS/Rust/Go, with a vendored denylist of documented malicious typosquat names and did-you-mean suggestions, offline always); an AI-slop lane refreshed for agentic-era failures (test capitulation, deleted-guard regressions, weak-assertion tests, hardcoded expected outputs, scope-creep refactors, XSS/log-injection sink focus — every pattern sourced and labeled mechanical-vs-judgment); framework IDOR heuristics (Next.js server actions incl. the middleware-is-not-a-boundary anti-pattern, Express/Fastify, Django, Rails, Go); a Supabase/Firebase BaaS-RLS lane with a reachability gate and do-NOT-flag list; and deterministic findings memory — findings-index.py computes fingerprints and assigns stable CR-NNN IDs across runs, so reports show new/recurring/resolved mechanically, never from model memory. --security-deep runs a 4-phase launch-readiness pass (trust boundaries → data-exposure surface → authorization model → secrets) under a no-false-assurance contract: it never emits a "safe to launch" verdict, reports verified-vs-could-not-verify, and recommends a human pen-test. --verify-model runs the lane pass on a different model tier for a cross-tier second opinion. Fix application touches the working tree only — this plugin never commits. Scope is diff/branch/PR only; whole-repo wants /code-review ultra. Deep accessibility belongs to rad-a11y; over-engineering hunts to ponytail-review.

Installation

1

Add the marketplace

/plugin marketplace add RadOrigin-LLC/RAD-Claude-Skills
2

Install plugins

/plugin

Run these commands in Claude Code to add this plugin to your environment. The marketplace must be added before you can install its plugins.