find-bugs — community find-bugs, jfespanolito.dev, community, ide skills, Claude Code, Cursor, Windsurf

v1.0.0
GitHub

关于此技能

Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.

JFEspanolito JFEspanolito
[0]
[0]
更新于: 3/13/2026

Killer-Skills Review

Decision support comes first. Repository text comes second.

Reference-Only Page Review Score: 1/11

This page remains useful for operators, but Killer-Skills treats it as reference material instead of a primary organic landing page.

Review Score
1/11
Quality Score
44
Canonical Locale
en
Detected Body Locale
en

Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.

核心价值

Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.

适用 Agent 类型

Suitable for operator workflows that need explicit guardrails before installation and execution.

赋予的主要能力 · find-bugs

! 使用限制与门槛

Why this page is reference-only

  • - Current locale does not satisfy the locale-governance contract.
  • - The page lacks a strong recommendation layer.
  • - The page lacks concrete use-case guidance.
  • - The page lacks explicit limitations or caution signals.
  • - The underlying skill quality score is below the review floor.

Source Boundary

The section below is supporting source material from the upstream repository. Use the Killer-Skills review above as the primary decision layer.

实验室 Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

常见问题与安装步骤

以下问题与步骤与页面结构化数据保持一致,便于搜索引擎理解页面内容。

? FAQ

find-bugs 是什么?

Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.

如何安装 find-bugs?

运行命令:npx killer-skills add JFEspanolito/jfespanolito.dev/find-bugs。支持 Cursor、Windsurf、VS Code、Claude Code 等 19+ IDE/Agent。

find-bugs 支持哪些 IDE 或 Agent?

该技能兼容 Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer。可使用 Killer-Skills CLI 一条命令通用安装。

安装步骤

  1. 1. 打开终端

    在你的项目目录中打开终端或命令行。

  2. 2. 执行安装命令

    运行:npx killer-skills add JFEspanolito/jfespanolito.dev/find-bugs。CLI 会自动识别 IDE 或 AI Agent 并完成配置。

  3. 3. 开始使用技能

    find-bugs 已启用,可立即在当前项目中调用。

! 参考页模式

此页面仍可作为安装与查阅参考,但 Killer-Skills 不再把它视为主要可索引落地页。请优先阅读上方评审结论,再决定是否继续查看上游仓库说明。

Imported Repository Instructions

The section below is supporting source material from the upstream repository. Use the Killer-Skills review above as the primary decision layer.

Supporting Evidence

find-bugs

安装 find-bugs,这是一款面向AI agent workflows and automation的 AI Agent Skill。支持 Claude Code、Cursor、Windsurf,一键安装。

SKILL.md
Readonly
Imported Repository Instructions
The section below is supporting source material from the upstream repository. Use the Killer-Skills review above as the primary decision layer.
Supporting Evidence

Find Bugs

Review changes on this branch for bugs, security vulnerabilities, and code quality issues.

Phase 1: Complete Input Gathering

  1. Get the FULL diff: git diff master...HEAD
  2. If output is truncated, read each changed file individually until you have seen every changed line
  3. List all files modified in this branch before proceeding

Phase 2: Attack Surface Mapping

For each changed file, identify and list:

  • All user inputs (request params, headers, body, URL components)
  • All database queries
  • All authentication/authorization checks
  • All session/state operations
  • All external calls
  • All cryptographic operations

Phase 3: Security Checklist (check EVERY item for EVERY file)

  • Injection: SQL, command, template, header injection
  • XSS: All outputs in templates properly escaped?
  • Authentication: Auth checks on all protected operations?
  • Authorization/IDOR: Access control verified, not just auth?
  • CSRF: State-changing operations protected?
  • Race conditions: TOCTOU in any read-then-write patterns?
  • Session: Fixation, expiration, secure flags?
  • Cryptography: Secure random, proper algorithms, no secrets in logs?
  • Information disclosure: Error messages, logs, timing attacks?
  • DoS: Unbounded operations, missing rate limits, resource exhaustion?
  • Business logic: Edge cases, state machine violations, numeric overflow?

Phase 4: Verification

For each potential issue:

  • Check if it's already handled elsewhere in the changed code
  • Search for existing tests covering the scenario
  • Read surrounding context to verify the issue is real

Phase 5: Pre-Conclusion Audit

Before finalizing, you MUST:

  1. List every file you reviewed and confirm you read it completely
  2. List every checklist item and note whether you found issues or confirmed it's clean
  3. List any areas you could NOT fully verify and why
  4. Only then provide your final findings

Output Format

Prioritize: security vulnerabilities > bugs > code quality

Skip: stylistic/formatting issues

For each issue:

  • File:Line - Brief description
  • Severity: Critical/High/Medium/Low
  • Problem: What's wrong
  • Evidence: Why this is real (not already fixed, no existing test, etc.)
  • Fix: Concrete suggestion
  • References: OWASP, RFCs, or other standards if applicable

If you find nothing significant, say so - don't invent issues.

Do not make changes - just report findings. I'll decide what to address.

相关技能

寻找 find-bugs 的替代方案 (Alternative) 或可搭配使用的同类 community Skill?探索以下相关开源技能。

查看全部

openclaw-release-maintainer

Logo of openclaw
openclaw

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

333.8k
0
AI

widget-generator

Logo of f
f

为prompts.chat的信息反馈系统生成可定制的插件小部件

149.6k
0
AI

flags

Logo of vercel
vercel

React 框架

138.4k
0
浏览器

pr-review

Logo of pytorch
pytorch

Python中具有强大GPU加速的张量和动态神经网络

98.6k
0
开发者工具