Docs/Integrations/DryRun Skill

DryRun Skill

Automate security vulnerability remediation using AI coding tools with the DryRun Security skill.

What Is the DryRun Skill

An AI skill is a set of instructions that tells your AI coding tool how to behave in a specific context. The DryRun Security skill instructs your AI coding tool to check PR comments after each push or commit, pull in finding details from DryRun Security, and fix the identified vulnerabilities in your codebase.

The skill works with all supported AI coding tools: Claude Code, Codex, Cursor, Windsurf, and VS Code.

What the Skill Does

When the skill is active, your AI coding tool:

  1. Monitors PR comments for DryRun Security finding notifications
  2. Pulls the full finding details from DryRun Security, including the vulnerability type, location, and context
  3. Analyzes the finding in the context of your codebase
  4. Generates and applies a fix

Operating Modes

  • Automatic mode: The skill instructs the AI coding tool to find DryRun Security finding details and apply fixes automatically, without waiting for developer input. Best for teams that want zero-friction remediation.
  • Human-in-the-loop mode: The skill can be configured to pause before applying a fix and require developer approval. Best for teams that want visibility and control over every change before it is committed.

The operating mode is controlled by how the skill is configured in your project. Both modes use the same installation process.

Installation

Install the skill for your tool using the command below. Run the command from your project root.

Cursor

Run in your project root:

curl -o .cursorrules https://raw.githubusercontent.com/DryRunSecurity/external-plugin-marketplace/main/standalone/.cursorrules

Codex

Run in your project root:

curl -o AGENTS.md https://raw.githubusercontent.com/DryRunSecurity/external-plugin-marketplace/main/standalone/RULES.md

Claude Code

Run these two commands inside Claude Code:

/plugin marketplace add DryRunSecurity/external-plugin-marketplace
/plugin install dryrun-remediation@dryrunsecurity

Windsurf

Run in your project root:

curl -o .windsurfrules https://raw.githubusercontent.com/DryRunSecurity/external-plugin-marketplace/main/standalone/.windsurfrules

VS Code

Run in your project root:

mkdir -p .github && curl -o .github/copilot-instructions.md https://raw.githubusercontent.com/DryRunSecurity/external-plugin-marketplace/main/standalone/copilot-instructions.md