Does this skill check for stylistic or formatting issues?

No, this skill is specifically configured to skip stylistic and formatting issues to focus entirely on functional bugs and security vulnerabilities.

How does it handle very large code changes?

The skill includes an input gathering phase that reads changed files individually if the git diff output is truncated, ensuring no line of code is missed.

Does it automatically modify my code?

No, this skill is designed to report findings only. It provides concrete fix suggestions, but leaves the implementation decisions to the developer.

How are the results prioritized?

Findings are reported based on severity, prioritizing security vulnerabilities first, followed by functional bugs, and finally general code quality issues.

What specific security vulnerabilities can it find?

It checks for a wide range of issues including SQL injection, XSS, CSRF, IDOR, race conditions, broken authentication, and information disclosure.

Security & Bug Auditor

Name: Security & Bug Auditor
Author: fabioeducacross

byfabioeducacross

0•

安全与测试

Analyzes local branch changes to identify security vulnerabilities, logic bugs, and code quality issues through a structured five-phase auditing process.

This skill transforms Claude into a rigorous code reviewer by implementing a systematic five-phase security and quality audit on your local git branches. It maps attack surfaces, executes a comprehensive security checklist—covering critical vulnerabilities like SQL injection, XSS, and CSRF—and performs a pre-conclusion verification to ensure findings are contextually accurate. By prioritizing high-impact security threats and functional bugs over stylistic formatting, it provides developers with a high-signal audit that identifies risks before they reach production.

主要功能

01Severity-ranked reporting (Critical to Low) with concrete fix suggestions

02Comprehensive security checklist based on industry standards like OWASP

03Detailed attack surface mapping for user inputs, queries, and auth checks

04Context-aware verification to minimize false positives and hallucinations

05Structured five-phase auditing workflow from gathering to verification

060 GitHub stars

使用场景

01Pre-merge security reviews of feature branches

02Auditing legacy code for potential injection or authorization vulnerabilities

03Automated identification of logic edge cases and race conditions

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fabioeducacross/designsystem-vuexy find-bugs

For use in Claude.ai and ChatGPT

Download Skill