What report formats does Fix Review support?

Fix Review supports local files including PDF, Markdown, JSON, and HTML, as well as web URLs. It also features fallback logic for retrieving reports from Google Drive.

Can this skill detect if a fix introduces new vulnerabilities?

Yes, it specifically scans for security anti-patterns such as access control weakening, validation removal, and cryptographic changes that might introduce new risks.

What is the primary output of a Fix Review session?

The skill generates a detailed FIX_REVIEW_REPORT.md file containing an executive summary, finding status table (FIXED, PARTIALLY_FIXED, etc.), and per-commit analysis.

How does it handle finding IDs like TOB-XXX?

The skill includes specialized parsing logic for Trail of Bits and other common audit formats to automatically extract ID, severity, and description for mapping against code changes.

Do I need a formal audit report to use this skill?

While it is optimized for cross-referencing formal reports (like Trail of Bits), you can use it to analyze any commit range for bug introduction patterns even without a baseline report.

Fix Review

Name: Fix Review
Author: monmacllcapp

bymonmacllcapp

0•

安全与测试

Verifies that security audit remediation commits correctly address findings without introducing new bugs.

Fix Review is a specialized Claude Code skill designed for post-audit remediation and verification. It performs deep differential analysis between a baseline source commit and target fix commits to ensure that security vulnerabilities—such as those identified in Trail of Bits or other professional reports—are thoroughly addressed. By cross-referencing code changes with specific audit recommendations and scanning for security anti-patterns, it provides a structured verification report that distinguishes between fully fixed, partially fixed, and unaddressed issues, preventing regressions and ensuring a robust security posture during the cleanup phase of development.

主要功能

01Detection of security anti-patterns and bug introduction risks in new code.

02Differential analysis comparing baseline code against remediation commits.

03Generation of comprehensive FIX_REVIEW_REPORT.md files with evidence-based statuses.

04Automated extraction of findings from security reports (PDF, Markdown, JSON, or URLs).

05Systematic mapping of git changes to specific audit IDs (e.g., TOB-XXX).

060 GitHub stars

使用场景

01Reviewing complex pull requests specifically against a security report's recommendations before merging.

02Validating that a developer's fix branch actually resolves all high-severity findings from a third-party audit.

03Generating a formal post-audit status report to track remediation progress across multiple developers.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add monmacllcapp/skill-forks fix-review

For use in Claude.ai and ChatGPT

Download Skill