Security scanning and vulnerability detection. Use when: authentication, authorization, payment processing, user data. Skip when: read-only operations, internal tooling.
Author a workflow — either an MCP workflow template (persisted, lifecycle) or a native .claude/workflows/*.js orchestration script (agent/parallel/pipeline fan-out)
Run a workflow — drive an MCP workflow lifecycle (execute/pause/resume/cancel) or invoke + resume a native .claude/workflows/*.js orchestration via the Workflow tool
Side-by-side comparison of ruflo vs HAL vs other GAIA harnesses — capability gaps, design decisions, and improvement roadmap
Diagnose why a GAIA question failed — extract trace, classify failure mode, and propose a fix
Walk through a complete GAIA benchmark→submit flow — from key resolution through HAL-compatible package generation
Scaffold a new Claude Code plugin with proper directory structure, plugin.json, skills, commands, and agents
| name | security-audit |
| description | Security scanning and vulnerability detection. Use when: authentication, authorization, payment processing, user data. Skip when: read-only operations, internal tooling. |
Security scanning and vulnerability detection.
Run comprehensive security analysis
npx @claude-flow/cli security scan --depth full
Check for input validation issues
npx @claude-flow/cli security scan --check input-validation