Security Team's Custom Slash Commands
What You'll Learn
How Anthropic's Security Engineering team uses custom slash commands extensively to streamline workflows and speed up repeated security-related tasks.
Prerequisites
- Claude Code CLI installed
- Understanding of your team's common security tasks
- Access to modify Claude Code configuration
Steps
Step 1: Identify Repetitive Security Tasks
List your most common security-related commands:
- Terraform security reviews
- Infrastructure debugging
- Documentation synthesis
- Runbook generation
- Security test generation
Step 2: Create Security-Focused Slash Commands
Add these to your Claude Code configuration:
# In your .claude/config or project-specific configuration
Step 3: Implement Common Security Commands
Terraform Security Review
/terraform-review
# Expands to:
Review this Terraform configuration for:
- Security group rules that are too permissive
- Unencrypted resources
- Missing backup configurations
- IAM policies that violate least privilege
- Resources without proper tagging
Generate a security findings report
Infrastructure Debugging
/infra-debug
# Expands to:
Debug this infrastructure issue:
1. Analyze error logs and identify root cause
2. Check for common misconfigurations
3. Verify security group and network settings
4. Examine IAM permissions
5. Provide step-by-step resolution
Security Runbook Generation
/sec-runbook [incident-type]
# Expands to:
Create a security runbook for [incident-type]:
- Initial response steps
- Containment procedures
- Investigation checklist
- Remediation actions
- Post-incident review template
Format as structured markdown
Step 4: Create Test Generation Commands
/sec-test
# Expands to:
Generate comprehensive security tests:
- Input validation tests
- Authentication bypass attempts
- Authorization boundary tests
- Injection vulnerability tests
- Rate limiting tests
Include both positive and negative test cases
Example Usage
The Security team's workflow for reviewing a new service:
# Quick security review of a new API
claude /terraform-review api-infrastructure/
# Generate tests for the authentication system
claude /sec-test auth-service/
# Create incident response runbook
claude /sec-runbook data-breach
# Debug production issue securely
claude /infra-debug "Users getting 403 errors on API"
Advanced Commands
Context-Aware Documentation
/sec-doc-synthesis
# Synthesizes security documentation from:
- Existing runbooks
- Incident reports
- Configuration files
- Team knowledge base
Let Claude Talk First Pattern
As the Security team discovered: "Tell Claude to 'format as you go' for autonomous work"
/autonomous-review
# Triggers:
First, I'll explain my review approach, then execute:
1. Identify security domains to check
2. Scan for each domain's vulnerabilities
3. Prioritize findings by severity
4. Generate remediation steps
5. Create implementation timeline
Tips & Variations
- Chain Commands: Combine multiple slash commands for complex workflows
- Team-Specific: Customize commands for your organization's security policies
- Version Control: Keep slash commands in your team's shared repository
- Regular Updates: Review and update commands based on new threats
Why This Works
The Security team found this approach valuable because:
- Reduces cognitive load during incidents
- Ensures consistent security reviews
- Speeds up repetitive tasks significantly
- Creates standardized outputs for compliance
- Helps junior team members follow best practices