Does this skill automatically modify my source code?

No, the find-bugs skill is designed to report findings only. It provides concrete fix suggestions and evidence, but leaves the implementation to the developer.

Is this skill suitable for production code audits?

Yes, it uses a systematic approach including attack surface mapping and a pre-conclusion audit to provide the high-quality insights required for production-level security reviews.

What types of vulnerabilities does the find-bugs skill detect?

The skill performs a comprehensive check for Injection (SQL, command, template), XSS, Authentication/Authorization flaws, CSRF, Race Conditions, and Information Disclosure issues.

How does it handle large diffs that might be truncated?

The skill includes a specific input gathering phase that reads individual changed files if the initial git diff is too large, ensuring no modified lines are missed.

Security & Bug Auditor

Name: Security & Bug Auditor
Author: JFEspanolito

byJFEspanolito

0•

安全与测试

Identifies security vulnerabilities, logic bugs, and code quality issues within git branch changes using a structured multi-phase audit process.

This skill automates a rigorous code review process by analyzing the full diff of a local branch against the master branch. It systematically maps attack surfaces—including user inputs, database queries, and authentication checks—before running a comprehensive security checklist covering Injection, XSS, CSRF, and more. By performing a pre-conclusion audit to verify findings against the surrounding context, it ensures high-fidelity reports that prioritize critical security flaws over minor stylistic issues, making it an essential tool for pre-merge reviews.

主要功能

01Automated attack surface mapping of inputs and external calls

02Structured 5-phase audit methodology for comprehensive coverage

030 GitHub stars

04Prioritized reporting focusing on security and logic over style

05Comprehensive security checklist covering OWASP-top vulnerabilities

06Context-aware verification to reduce false positives

使用场景

01Reviewing complex logic changes for race conditions and edge cases

02Performing a deep security self-audit before opening a Pull Request

03Auditing legacy code changes for potential injection or authorization flaws

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jfespanolito/jfespanolito.dev find-bugs

For use in Claude.ai and ChatGPT

Download Skill