Skip to main content
Back to the field guide

A field guide to the /warden-recon skill

AI Security Reconnaissance for an Inherited Codebase

Inherited a codebase. /warden-recon inventories secrets, IAM, auth, encryption, dependencies, audit logging, and compliance gaps with a risk-ranked posture report.

Warden · Security7 min readFebruary 6, 2026

Inheriting a codebase from another team includes inheriting its security posture. The team that built it is no longer reachable to explain the auth choices, the secrets management, or the compliance assumptions. The new team needs a fast inventory: what secrets exist and where they live, what IAM policies are attached to what services, what auth methods each service uses, what is encrypted at rest and in transit, what dependencies have known CVEs, what audit logging is in place, and what compliance gaps the inherited system carries.

The /warden-recon skill produces the inventory in one pass. It reads the codebase and the cloud account (if credentials are configured) and outputs a security posture report with the seven inventories plus a risk ranking so the new team knows what to address first.

What the recon covers

Seven inventories. Secrets management approach: where secrets live and how they rotate. IAM: roles, policies, and effective permissions. Auth methods: per-service authn/authz pattern. Encryption: at rest (KMS, EBS, S3, RDS) and in transit (TLS coverage). Dependencies: vulnerability scan with verified reachability. Audit logging: coverage of authn events, IAM changes, sensitive data access. Compliance: gaps against the team's stated regime (SOC 2, HIPAA, PCI).

How /warden-recon works

The skill walks each category, reads the corresponding configuration and code, and produces the inventory. The risk ranking weights findings by impact and likelihood. The output is the artifact the new team uses to prioritize the first month of security work.

Tonone's /warden-recon skill produces a security posture report for an inherited codebase across seven inventories with risk ranking.

WardenSecurity

/warden-recon

Security reconnaissance: inventories secrets management approach, IAM policies and their effective permissions, authentication methods per service, encryption at rest and in transit status, dependency vulnerability scan results, audit logging coverage, and known compliance gaps. Produces a security posture report with risk ranking.

When taking over a system and need to understand i

Related skills

WardenSecurity

/warden-audit

Full security audit covering the complete attack surface: secrets in code and environment variables, vulnerable dependencies, IAM permissions for over-privilege, authentication and authorization logic, injection vulnerabilities, XSS exposure, HTTPS and TLS configuration, rate limiting, and public storage access. Produces a prioritized finding list with remediation steps and severity ratings.

Before a production launch with external users. Be
WardenSecurity

/warden-harden

Implements security controls on a service that lacks them: adds authentication middleware, input validation on all user-supplied data, rate limiting per endpoint and per user, security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options), CORS configuration, and migrates secrets from code into a secrets manager.

When a service is being exposed to the public inte
ApexPlanning

/apex-takeover

Takes ownership of an inherited or unfamiliar codebase by orchestrating parallel reconnaissance across all 14 specialists simultaneously. Produces a full system map, risk assessment, quick wins list, and recommended roadmap. This is the starting point when joining a project mid-stream.

When inheriting a codebase from another team, when

Install

/warden-recon ships with the Warden agent in Tonone for Claude Code.

1. Add to marketplace

$ claude plugin marketplace add tonone-ai/tonone

2. Install Warden

$ claude plugin install warden@tonone-ai

Frequently asked questions

What does /warden-recon do?
It produces a security posture report inventorying secrets, IAM, auth, encryption, dependencies, audit logging, and compliance gaps with risk ranking.
How do I install /warden-recon?
Install Tonone for Claude Code via tonone.ai/get-started.

Pairs well with

Warden

Security review and hardening, before attackers do it for you.

Apex

The lead who decides what to build, who builds it, and how deep to go.

Forge

Cloud infrastructure, done right the first time. No console clicks.

Machine-readable version →Raw JSON →Install Warden