Can it help with OWASP security compliance?

Yes, its Phase 3 checklist specifically targets common security risks like Injection, CSRF, IDOR, and sensitive information disclosure.

How does it analyze my local changes?

It uses git commands to fetch the full diff between your current branch and the default branch, ensuring every modified line is audited.

What types of issues does the Find Bugs skill prioritize?

The skill prioritizes security vulnerabilities (like injection and XSS) and functional bugs over stylistic or formatting issues.

Is this skill suitable for large codebases?

Yes, it includes a verification phase that reads surrounding context to ensure that reported issues are real and not already handled elsewhere.

Does this skill automatically change my code?

No, it is designed to report findings and provide fix suggestions, allowing the developer to make the final decision on implementation.

Find Bugs & Security Auditor

Name: Find Bugs & Security Auditor
Author: getsentry

bygetsentry

•

115

•

セキュリティとテスト

Audits local branch changes for security vulnerabilities, logical bugs, and critical code quality issues.

This skill acts as a methodical security auditor and bug hunter for your local development branch, following a rigorous five-phase process to identify high-impact flaws. It begins by mapping the attack surface of your changes—identifying user inputs, database queries, and authentication checks—before running a comprehensive security checklist covering vulnerabilities like SQL injection, XSS, and broken access control. Designed for developers who need more than a linter, it prioritizes critical security risks and functional bugs over stylistic preferences, providing actionable fix suggestions and concrete evidence for every issue found.

主な機能

01Structured reporting with severity levels and concrete fix suggestions

02115 GitHub stars

03Comprehensive security checklist based on OWASP standards

04Automated attack surface mapping for user-facing inputs and queries

05False-positive verification by checking surrounding context and tests

06Methodical diff analysis ensuring every changed line is reviewed

ユースケース

01Reviewing authentication and authorization logic for new API endpoints

02Conducting a pre-PR security audit to catch vulnerabilities before code review

03Identifying logical edge cases and race conditions in complex feature updates

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add getsentry/skills find-bugs

For use in Claude.ai and ChatGPT