How does the find-bugs skill identify security risks?

It uses a structured five-phase process that includes gathering the full git diff, mapping the attack surface of user inputs, and running a comprehensive checklist against OWASP standards.

Does this skill automatically change my code?

No, it is designed to report findings and suggest fixes. It will not modify your files, allowing you to review the evidence and decide which changes to implement.

What types of vulnerabilities can it detect?

The skill checks for a wide range of issues including SQL/Command injection, Cross-Site Scripting (XSS), broken authentication, IDOR, CSRF, and race conditions.

Does it check for code style and formatting?

No, the skill explicitly skips stylistic and formatting issues to prioritize critical security vulnerabilities, functional bugs, and architectural code quality.

What happens if a git diff is too large for the AI to read?

The skill includes a verification phase where it reads individual files if the initial output is truncated, ensuring every changed line is thoroughly reviewed.

Bug Finder & Security Auditor

Name: Bug Finder & Security Auditor
Author: JFEspanolito

byJFEspanolito

0•

Seguridad y Pruebas

Identifies security vulnerabilities, logical bugs, and code quality issues within local Git branch changes.

Bug Finder & Security Auditor is a specialized skill for Claude Code designed to perform deep-dive reviews of local code changes before they are merged. It utilizes a systematic five-phase approach—covering input gathering, attack surface mapping, security checklists, verification, and a final audit—to uncover critical risks like injection vulnerabilities, authentication flaws, and business logic errors. By focusing on security and functionality rather than mere style, it provides developers with actionable insights and concrete fix suggestions to ensure high-quality, secure production code during the development lifecycle.

Características Principales

01Severity-based issue prioritization (Critical to Low)

02Systematic 5-phase security audit workflow

030 GitHub stars

04Comprehensive checklist for XSS, SQLi, CSRF, and IDOR

05Automated mapping of user inputs and attack surfaces

06Detailed reporting with evidence and concrete fix suggestions

Casos de Uso

01Auditing local branches for security vulnerabilities before PR submission

02Verifying authentication and authorization implementation in new features

03Conducting deep-dive bug hunts on complex logic changes

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jfespanolito/template_frontend_nextjs_jf find-bugs

For use in Claude.ai and ChatGPT

Características Principales

01Severity-based issue prioritization (Critical to Low)

02Systematic 5-phase security audit workflow

030 GitHub stars

04Comprehensive checklist for XSS, SQLi, CSRF, and IDOR

05Automated mapping of user inputs and attack surfaces

06Detailed reporting with evidence and concrete fix suggestions

Casos de Uso

01Auditing local branches for security vulnerabilities before PR submission

02Verifying authentication and authorization implementation in new features

03Conducting deep-dive bug hunts on complex logic changes

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jfespanolito/template_frontend_nextjs_jf find-bugs

For use in Claude.ai and ChatGPT