Does it automatically apply fixes to my code?

No, the skill is designed to report findings and provide concrete fix suggestions. The developer reviews the report and decides which changes to implement.

Does it check for code style and formatting?

The skill specifically skips stylistic or formatting issues to focus on high-priority items like security vulnerabilities, logic bugs, and architectural flaws.

How does this skill identify security vulnerabilities?

It uses a structured five-phase process that includes mapping the attack surface, checking against a comprehensive security list (Injection, XSS, CSRF, etc.), and verifying findings against surrounding code context.

Can it handle large pull requests?

Yes, the skill includes logic to read changed files individually if the git diff output is truncated, ensuring no part of the branch goes unreviewed.

Code Security & Bug Finder

Name: Code Security & Bug Finder
Author: getsentry

bygetsentry

•

보안 및 테스팅

Audits local branch changes for security vulnerabilities, logic bugs, and quality issues using a rigorous multi-phase verification process.

소개

The Find Bugs skill empowers Claude to perform deep-dive security reviews and quality audits on your local development branches. By systematically mapping attack surfaces and walking through a comprehensive checklist of vulnerabilities—including injection, XSS, and broken access control—it identifies critical risks before they reach production. The skill follows a structured five-phase methodology that includes full diff analysis, verification against existing tests, and a pre-conclusion audit to ensure findings are accurate and actionable. It prioritizes high-impact security flaws over stylistic choices, providing concrete fix suggestions and references to standards like OWASP.

주요 기능

Comprehensive security checklist covering SQLi, XSS, CSRF, and IDOR vulnerabilities
Automated attack surface mapping for user inputs, DB queries, and auth checks
Systematic multi-phase verification to minimize false positives and verify context
Prioritized reporting focusing on security vulnerabilities and critical logic bugs
Pre-conclusion audit requirement to ensure 100% coverage of changed files
10 GitHub stars

사용 사례

Performing a final security audit on a feature branch before opening a pull request
Mapping the attack surface of new API endpoints and external service integrations
Identifying edge cases and business logic violations in complex code refactors

소개

주요 기능

Comprehensive security checklist covering SQLi, XSS, CSRF, and IDOR vulnerabilities
Automated attack surface mapping for user inputs, DB queries, and auth checks
Systematic multi-phase verification to minimize false positives and verify context
Prioritized reporting focusing on security vulnerabilities and critical logic bugs
Pre-conclusion audit requirement to ensure 100% coverage of changed files
10 GitHub stars

사용 사례

Performing a final security audit on a feature branch before opening a pull request
Mapping the attack surface of new API endpoints and external service integrations
Identifying edge cases and business logic violations in complex code refactors