Does it suggest fixes for the issues it finds?

Yes, for every identified issue, the skill provides a severity level, evidence of the problem, a concrete suggestion for how to fix it, and relevant references like OWASP or RFCs.

Does this skill handle code formatting or linting?

No, this skill is designed to skip stylistic and formatting issues to focus specifically on security vulnerabilities, bugs, and high-impact code quality problems.

How do I trigger the audit?

You can activate it by asking Claude to 'find bugs', 'review changes', or perform a 'security review' on your current git branch.

What types of vulnerabilities can it detect?

It specifically checks for injection (SQL, command, template), XSS, broken authentication, IDOR, CSRF, race conditions, and business logic flaws.

How does the Find Bugs skill analyze my code?

It uses a structured five-phase approach: gathering the full git diff, mapping the attack surface, running a security checklist, verifying findings against existing code, and performing a final audit.

Find Bugs & Security Auditor

Name: Find Bugs & Security Auditor
Author: mpuig

bympuig

安全与测试

Audits local branch changes for security vulnerabilities, logic bugs, and code quality issues using a structured five-phase review process.

关于

This skill transforms Claude into a specialized security and quality auditor for your development workflow. It systematically maps your application's attack surface—identifying user inputs, database queries, and cryptographic operations—before running a comprehensive security checklist covering injection, XSS, auth/authz, and business logic flaws. By performing a rigorous pre-conclusion audit to ensure full file coverage, it provides high-confidence reports that prioritize critical security risks over stylistic trivialities, offering concrete fix suggestions for every discovery.

主要功能

Structured reporting with severity levels and concrete fix suggestions
0 GitHub stars
Comprehensive OWASP-aligned security checklist for common vulnerabilities
Automated attack surface mapping for user inputs and external calls
Systematic git diff analysis to ensure every changed line is reviewed
Pre-conclusion audit phase to verify complete file and checklist coverage

使用场景

Performing a pre-merge security audit on a feature branch
Identifying security implications of new API endpoints or database changes
Conducting a deep-dive code review for logic bugs and race conditions

关于

主要功能

Structured reporting with severity levels and concrete fix suggestions
0 GitHub stars
Comprehensive OWASP-aligned security checklist for common vulnerabilities
Automated attack surface mapping for user inputs and external calls
Systematic git diff analysis to ensure every changed line is reviewed
Pre-conclusion audit phase to verify complete file and checklist coverage

使用场景

Performing a pre-merge security audit on a feature branch
Identifying security implications of new API endpoints or database changes
Conducting a deep-dive code review for logic bugs and race conditions