Does this skill automatically fix the bugs it finds?

No, the find-bugs skill is designed to identify and report issues with evidence and suggested fixes, leaving the final implementation decision to the developer.

What types of security vulnerabilities does it check for?

It checks for a wide range of issues including SQL injection, XSS, authentication bypass, IDOR, race conditions, insecure cryptography, and information disclosure.

How does it prioritize findings?

The skill prioritizes security vulnerabilities first, followed by functional bugs, and finally code quality issues, while intentionally skipping stylistic or formatting nitpicks.

Can it handle large diffs or many changed files?

Yes, it is programmed to read files individually if a diff is truncated, ensuring that every changed line is reviewed regardless of the branch size.

Find Bugs & Security Auditor

Name: Find Bugs & Security Auditor
Author: ngxtm

byngxtm

•

セキュリティとテスト

Performs rigorous security audits and bug detection on local code changes using a structured multi-phase review process.

The find-bugs skill is a specialized capability for Claude Code designed to identify security vulnerabilities, logical errors, and code quality issues within local git branches. It follows a disciplined methodology that includes mapping the attack surface, executing a comprehensive security checklist covering OWASP-style threats like injection and XSS, and verifying findings against existing tests. By scrutinizing every line of modified code, it provides developers with prioritized reports containing severity levels, evidence, and concrete remediation steps to ensure production-grade code safety.

主な機能

01Phased audit workflow including input gathering, verification, and final audit

02Detailed remediation guidance with references to OWASP and RFC standards

03Automated attack surface mapping for user inputs, DB queries, and external calls

042 GitHub stars

05Comprehensive security checklist covering Injection, XSS, Auth, and Race Conditions

06Prioritized reporting focusing on security vulnerabilities and critical bugs

ユースケース

01Finding hidden logic bugs and state machine violations in complex code diffs

02Reviewing local branch changes for critical security vulnerabilities before a pull request

03Auditing sensitive authentication or cryptographic logic for potential edge cases

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ngxtm/devkit find-bugs

For use in Claude.ai and ChatGPT

Download Skill