April 21, 2026 · 4 min read
Anthropic released claude-code-security-review — a GitHub Action that uses Claude to scan PRs for security vulnerabilities. It catches SQL injection, XSS, hardcoded secrets, and other OWASP Top 10 issues before code merges.
That's Layer 1: pre-merge defense. But what about the commands Claude Code runs right now, in your terminal, at 3am during an autonomous session?
That's where Layer 2: runtime hooks come in.
| Aspect | Security Review (Layer 1) | cc-guard Hooks (Layer 2) |
|---|---|---|
| When | At PR time | At execution time (real-time) |
| What it catches | Code vulnerabilities (SQLi, XSS, secrets in code) | Dangerous commands (rm -rf, force-push, credential deletion) |
| What it misses | Runtime actions, file deletion, git operations | Static code vulnerabilities, logic flaws |
| Speed | Minutes (full PR scan) | Milliseconds (pattern match) |
| Scope | Code changes only | All terminal commands + file writes |
| Token cost | Uses Claude API per review | Zero (bash scripts, no API calls) |
The security review Action is excellent at finding code-level vulnerabilities. But 90 documented incidents show that most Claude Code disasters aren't code vulnerabilities — they're operational actions:
rm -rf ~/projects — 50GB permanently deleted (#49129)git push --force origin main — untested code deployed at 3amgit add .env — API keys committed to public repo (#6527)No PR review catches these — they happen in the terminal, between PRs, during autonomous sessions.
Layer 1 — Add the official Action to your repo:
# .github/workflows/security-review.yml
name: Security Review
on: [pull_request]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: anthropics/claude-code-security-review@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
Layer 2 — Install runtime hooks (30 seconds):
npx @gaebalai/cc-guard
That's it. Layer 1 reviews your PRs. Layer 2 blocks dangerous commands in real-time. They don't conflict — they complement.
A Stanford/MIT study found 14.3% of AI-generated code contains security vulnerabilities. Layer 1 catches those before merge. But the remaining 85.7% of "safe" code can still be deployed via git push --force to production at 3am — and Layer 2 is the only thing that stops it.
Neither layer alone is enough. Together, they provide defense-in-depth: one guards the code, the other guards the execution.
Get Both Layers
Layer 1: anthropics/claude-code-security-review (official)
Layer 2: npx @gaebalai/cc-guardTest your Layer 2 — paste your settings.json, see what survives 10 real attacks