Why the Gemini CLI Security Extension Impressed Me

This morning, I came across this post from the official Gemini CLI account.

Gemini CLI 🤝 OpenClaw🦞

Read below how Gemini CLI's Security extension helped identify and resolve a security vulnerability in OpenClaw.

Gemini CLI then helped put up a PR which has since been merged. ✅

Read the details below👇 https://t.co/LAiNv1OOyc
— Gemini CLI (@geminicli) February 1, 2026

The Gemini CLI Security extension discovered a vulnerability in a project called OpenClaw, created a fix PR, and got it merged. This was how I first learned about the existence of extensions.

Background: Using CLI Agent Tools with Defaults

I regularly use three CLI Agent tools: Claude Code, Codex, and Gemini CLI.

However, I’ve been using all of them “as-is.” While I do some light customization, I hadn’t added any extensions.

What Claude Code and Codex Have That Gemini CLI Doesn’t

Claude Code and Codex come with a /review command by default. It’s convenient for reviewing changes on the current branch, and I use it frequently.

However, Gemini CLI doesn’t have such a review command by default. As a result, I rarely used Gemini CLI for code review purposes.

After seeing this post, I looked into Gemini CLI extensions and discovered that excellent extensions are available to fill this gap.

Gemini CLI Extensions

Gemini CLI has an official extensions repository.

GitHub: gemini-cli-extensions

Let me introduce the Security extension I used this time.

Security Extension

GitHub: gemini-cli-extensions/security: Google’s Security extension for the Gemini CLI that finds vulnerabilities in your code changes and pull requests.

This extension detects security vulnerabilities in code changes.

Key Features

Feature	Description
AI-Powered Analysis	Intelligent security analysis leveraging Gemini’s capabilities
PR Support	Identifies issues early in the development process
Dependency Scanning	Integrates OSV-Scanner to detect known vulnerabilities
Extensible Design	Ready for future feature expansion

Detectable Vulnerabilities

Hardcoded secrets (API keys, passwords, etc.)
Weak cryptographic algorithms
XSS, SQL injection, command injection
Authentication-related issues
LLM safety issues

It achieves 90% precision and 93% recall on the OpenSSF CVE benchmark.

Installation

gemini extensions install https://github.com/gemini-cli-extensions/security

Usage

# Security analysis (uses git diff --merge-base origin/HEAD by default)
/security:analyze
 
# Dependency vulnerability scan
/security:scan-deps

My Impressions

When you run /security:analyze, it performs a security-focused review of changes on your current branch. Unlike simple code reviews, it checks from a security-specific perspective, which is great.

Hardcoded secrets and injection vulnerabilities are especially easy for humans to miss during reviews. Having AI assistance provides peace of mind.

/security:scan-deps scans dependencies using OSV-Scanner. It checks whether you’re using any packages with known vulnerabilities.

Conclusion

By installing the Gemini CLI “Security” extension, I can now perform security-focused code analysis. The high precision on the OpenSSF CVE benchmark also demonstrates its reliability.

If you’ve been using CLI Agent tools with their defaults, I encourage you to try out the extensions.

That’s all from the Gemba, where I discovered the excellence of the Gemini CLI Security extension through this real-world success story.