Ian Murphy

Use when receiving code review feedback, before implementing suggestions, especially if feedback seems unclear or technically questionable - requires technical rigor and verification, not performative agreement or blind implementation

Mine review artifacts for recurring patterns and write project learnings.

Deep security and performance scan with structured reporting.

Detect secrets in code with a pre-commit scanning tool that requires no external dependencies.

Conduct comprehensive supply chain security audits using real CLI vulnerability scanners.

Validate codebase against code-level compliance signals for regulatory frameworks (FedRAMP, FIPS, OWASP, SOC 2). Scoped to source code analysis only — not a compliance certification.

Use when about to claim work is complete, before committing or creating PRs - requires fresh verification evidence before any completion claim. Triggers on phrases like "done", "finished", "ready to commit", "all tests pass", "looks good", "should work", "I think that's it".

Execute an approved plan using unattended implementation and validation with worktree isolation.

Synchronize CLAUDE.md and README with recent code changes.

Integrate threat modeling into your security-sensitive feature planning.

Conduct deep semantic security reviews of code changes with advanced analysis techniques.

Create technical blueprints for new features efficiently.

Comprehensive development toolkit for Claude Code, featuring skills, agents, and templates.