Claude Code Routines by Anthropic automate coding tasks such as security audits and code improvements by running scheduled prompts on connected codebases, creating and merging pull requests to enhance and secure applications without manual intervention. These cloud-based routines can be customized with skills like OWASP-based security scanning and integrated with tools like Gmail for notifications, enabling developers to maintain high code quality and security efficiently.
The video introduces Claude Code Routines, a new feature by Anthropic that automates coding tasks such as security audits and code improvements by running scheduled prompts on a connected codebase. The presenter demonstrates how these routines can be set up to scan a repository for vulnerabilities based on the OWASP top 10 security risks and automatically create pull requests to fix any issues found. This automation runs entirely in the cloud, allowing developers to continue working without manual intervention, and can be triggered by schedules, API calls, or events like GitHub merges.
The presenter walks through creating two routines from scratch using a simple to-do app as an example. The first routine, called “auto improver,” is designed to explore the codebase and suggest meaningful improvements, such as UI enhancements or new features. When run, Claude Code identified a missing edit feature in the to-do app and created a pull request to add this functionality. This demonstrates how routines can help continuously enhance an application by proposing and implementing changes that developers might not have considered.
The second routine focuses on security auditing. The presenter explains that the routine uses a custom “security scanner” skill based on the OWASP top 10 vulnerabilities to thoroughly analyze the codebase. This skill is integrated directly into the project repository, as skills used in regular chat interactions cannot be applied in routines. The security audit routine runs on a schedule, automatically detects issues like hardcoded API keys and broken access controls, and creates pull requests to fix these vulnerabilities, optionally merging them automatically to reduce risk exposure.
The video highlights the benefits of running these routines in the cloud, emphasizing that they continue to operate even if the developer’s machine is offline. The presenter also notes plan limitations on the number of daily routine runs but reassures that the available runs are sufficient for most use cases. Additionally, connectors like Gmail can be added to routines to enable notifications, such as sending emails when security issues are detected or changes are made, further enhancing workflow automation.
In conclusion, Claude Code Routines represent a powerful tool for developers to automate repetitive and critical tasks like security audits and code improvements. By integrating these routines into their projects, developers can maintain higher code quality and security with minimal manual effort. The presenter encourages viewers to try out these routines, especially the security audit skill, which is available for free, and invites them to join his community for further learning on agentic coding techniques.