Does this skill modify my source code automatically?

No, the Find Bugs skill is designed to report findings and suggest concrete fixes. It will not change your files, allowing you to decide which issues to address.

What types of security vulnerabilities can it detect?

It checks for a wide range of issues including SQL injection, XSS, CSRF, insecure cryptography, broken authentication, and information disclosure.

How does it handle very large code changes?

The skill includes an input gathering phase that reads files individually if the initial git diff is too large, ensuring a complete review of every changed line.

Does it support specific programming languages?

The skill works across most programming languages by analyzing your source code and logic patterns through Claude's advanced reasoning capabilities.

Can I use this for non-security related bug hunting?

Yes, while security is prioritized, the skill also identifies logical errors, race conditions, business logic violations, and general code quality issues.

Bug & Security Auditor

Name: Bug & Security Auditor
Author: JFEspanolito

byJFEspanolito

0•

安全与测试

Performs systematic security audits and bug detection on local code changes using a structured multi-phase review process.

This skill empowers Claude to execute a rigorous, five-phase code review designed to catch security vulnerabilities, logical bugs, and quality issues within local branch changes. By automating attack surface mapping and applying a comprehensive security checklist—covering injection, XSS, authentication, and race conditions—it ensures that every line of code is scrutinized before being merged. It is an essential utility for developers seeking to maintain high security standards and reduce technical debt through automated, actionable feedback on their code diffs.

主要功能

010 GitHub stars

02Automated attack surface mapping of user inputs, DB queries, and auth checks.

03Comprehensive git diff analysis to ensure no changed line is missed.

04Detailed fix suggestions with references to industry standards and RFCs.

05Strict security checklist covering OWASP-style vulnerabilities like Injection and XSS.

06Prioritized reporting based on severity from Critical to Low.

使用场景

01Deep-dive bug hunting in complex state-changing logic or database operations.

02Pre-PR security audits to catch vulnerabilities before they reach the main branch.

03Quality assurance reviews for template integrations and third-party code modifications.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jfespanolito/template_frontend_astro_jf find-bugs

For use in Claude.ai and ChatGPT

主要功能

010 GitHub stars

02Automated attack surface mapping of user inputs, DB queries, and auth checks.

03Comprehensive git diff analysis to ensure no changed line is missed.

04Detailed fix suggestions with references to industry standards and RFCs.

05Strict security checklist covering OWASP-style vulnerabilities like Injection and XSS.

06Prioritized reporting based on severity from Critical to Low.

使用场景

01Deep-dive bug hunting in complex state-changing logic or database operations.

02Pre-PR security audits to catch vulnerabilities before they reach the main branch.

03Quality assurance reviews for template integrations and third-party code modifications.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jfespanolito/template_frontend_astro_jf find-bugs

For use in Claude.ai and ChatGPT