CodeSlick Security Memory: Your AI Agent Now Knows Your Codebase's Dark History
The AI writes the code. But does it know this codebase has had 14 SQL injection vulnerabilities in the last 90 days? Until now, no. It starts from scratch every time.
New MCP Tool: get_repo_security_context
Call it before writing code in any repository with CodeSlick scan history. Returns risk level, trend, severity breakdown, and recurring vulnerability patterns.
The Problem No One Was Talking About
AI coding agents — Claude Code, Cursor, GitHub Copilot — are getting remarkably good at writing code. They know the language spec, the framework idioms, the common patterns.
What they don't know is you.
Specifically: they don't know that your team has introduced SQL injection in the same database layer three sprints in a row. They don't know that your API authentication logic has had four hardcoded secrets in six months. They don't know this codebase trends worsening in security posture, not improving.
Every session starts fresh. Every PR gets reviewed as if it's the first one. That's a blind spot — and it's costing teams real time and real vulnerabilities.
Introducing CodeSlick Security Memory
CodeSlick now builds a persistent security memory for every repository it scans.
Every time CodeSlick analyzes a pull request, it records what it found: severity breakdown, vulnerability types, scan timestamp. Over time, that data becomes a risk profile — a living picture of where this codebase struggles, what patterns recur, and whether things are getting better or worse.
That profile is now delivered to AI agents before they write a single line of code.
What It Looks Like in Practice
You open a new file in Claude Code and type:
Before Claude writes anything, it calls get_repo_security_context. Here's what it gets back:
# Security Context for acme/backend-api
**Risk Level:** critical | **Trend:** ↗️ Worsening
**Scan History:** 47 total scans · 12 in last 30 days · avg 6.3 vulns/scan
## Vulnerability Counts (Last 30 Days)
- 🔴 Critical: 3
- 🟠 High: 8
- 🟡 Medium: 22
- 🔵 Low: 14
## Recurring Vulnerabilities — Pay Extra Attention To:
- **SQL Injection** — 14 occurrences in last 90 days (critical severity)
- **Hardcoded Secrets** — 9 occurrences in last 90 days (high severity)
- **Missing Auth Middleware** — 6 occurrences in last 90 days (high severity)
When writing code for this repository, actively avoid the patterns above.
⚠️ Warning: This repository's vulnerability count has been increasing.
Apply extra scrutiny to all new code.Now Claude writes the authentication endpoint knowing:
- This codebase has a SQL injection problem — avoid raw query interpolation
- Hardcoded secrets are a recurring issue — no inline credentials
- Auth middleware has been missed before — check it explicitly
The agent isn't just smart. It's contextually aware of your team's failure modes.
What It Looks Like on a Pull Request
The same security memory surfaces in every GitHub PR comment. A collapsible risk context section shows the full picture alongside this PR's specific findings:
📊 Repo Risk Profile — critical (click to expand)
Risk Level: critical | Trend: ↗️ Worsening
Scan History: 47 scans · 12 in last 30 days · avg 6.3 vulns/scan
Vulnerability Counts (Last 30 Days)
| 🔴 Critical | 3 |
| 🟠 High | 8 |
| 🟡 Medium | 22 |
| 🔵 Low | 14 |
Recurring Vulnerabilities
| Type | Occurrences (90d) | Severity |
|---|---|---|
| SQL Injection | 14 | critical |
| Hardcoded Secrets | 9 | high |
| Missing Auth Middleware | 6 | high |
Your reviewer now sees this PR's issues in the context of a pattern — not as isolated findings. A single SQL injection in a PR is a bug. The 15th SQL injection in 90 days is a systemic problem that needs a different kind of response.
How the Risk Profile Is Computed
Under the hood, CodeSlick aggregates every scan record for a repository and computes two signals:
Risk Level
Based on the last 30 days of scans, the risk level maps to the most severe class of findings:
| Level | Condition |
|---|---|
| critical | Any critical-severity finding in last 30 days |
| high | More than 5 high-severity findings (and no critical) |
| medium | More than 5 medium-severity findings (and no high/critical) |
| low | At least one finding, nothing in the above tiers |
| clean | Zero findings in last 30 days |
Trend
Compares the average vulnerabilities per scan in the last 30 days against the prior 30 days:
function computeTrend({ recentScans, recentAvg, priorAvg }) {
if (recentScans < 2) return 'insufficient_data';
if (priorAvg === 0) return 'stable';
const change = (recentAvg - priorAvg) / priorAvg;
if (change < -0.20) return 'improving'; // 20%+ fewer vulns
if (change > 0.20) return 'worsening'; // 20%+ more vulns
return 'stable';
}20%+ fewer vulns vs. prior 30 days
Change within ±20%
20%+ more vulns vs. prior 30 days — triggers warning
Top Vulnerability Types
CodeSlick queries the last 90 days of findings, groups by vulnerability type, and surfaces the top recurring patterns — ordered by frequency. These become the “pay extra attention to” list handed to the AI agent.
Why This Matters: The Compounding Effect
Security vulnerabilities in codebases are not random. They cluster.
Teams that introduce SQL injection once tend to introduce it again, because the underlying pattern — the mental model, the helper function, the ORM misuse — hasn't changed. The same is true for hardcoded secrets, missing input validation, and broken access control.
Static analysis tools find individual instances. They don't see the pattern.
What CodeSlick Security Memory adds is pattern visibility — delivered at the exact moment it can prevent the next occurrence: before the AI writes the code, and before the human reviewer approves it.
The difference between a security tool that reacts and one that learns.
A tool that reacts finds the SQL injection you just wrote. A tool that learns tells your AI not to write it in the first place — because it's happened 14 times in this repo already.
What You Need to Use It
For the MCP tool (Claude Code / Cursor):
- Install the MCP server:npm install -g codeslick-mcp-server
- Add to your MCP config:{"mcpServers": {"codeslick": {"command": "codeslick-mcp","env": { "CODESLICK_API_KEY": "your-cli-token" }}}}
- Run CodeSlick on a pull request first — the memory only works after the first scan.
For PR comments:
Already enabled for all GitHub App users. The risk context section appears automatically in PR comments once a repository has scan history.
What's Next
Security Memory is the foundation for a broader vision: CodeSlick as a security fabric that spans your entire development workflow — editor, PR, CI, and agent.
The next layer: proactive alerts. When a repository's trend moves from stable to worsening across consecutive scans, CodeSlick will flag it before a human has to notice.
The AI shouldn't just write code. It should write code that knows where it's going wrong.
Get Started
The get_repo_security_context tool ships in codeslick-mcp-server@1.4.0. The PR comment integration is live for all GitHub App users.