find-bugs

仓库: davila7/claude-code-templates
安装量: 245
排名: #3564

安装

npx skills add https://github.com/getsentry/skills --skill find-bugs
Find Bugs
Review changes on this branch for bugs, security vulnerabilities, and code quality issues.
Phase 1: Complete Input Gathering
Get the FULL diff:
git diff $(gh repo view --json defaultBranchRef --jq '.defaultBranchRef.name')...HEAD
If output is truncated, read each changed file individually until you have seen every changed line
List all files modified in this branch before proceeding
Phase 2: Attack Surface Mapping
For each changed file, identify and list:
All user inputs (request params, headers, body, URL components)
All database queries
All authentication/authorization checks
All session/state operations
All external calls
All cryptographic operations
Phase 3: Security Checklist (check EVERY item for EVERY file)
Injection
SQL, command, template, header injection
XSS
All outputs in templates properly escaped?
Authentication
Auth checks on all protected operations?
Authorization/IDOR
Access control verified, not just auth?
CSRF
State-changing operations protected?
Race conditions
TOCTOU in any read-then-write patterns?
Session
Fixation, expiration, secure flags?
Cryptography
Secure random, proper algorithms, no secrets in logs?
Information disclosure
Error messages, logs, timing attacks?
DoS
Unbounded operations, missing rate limits, resource exhaustion?
Business logic
Edge cases, state machine violations, numeric overflow?
Phase 4: Verification
For each potential issue:
Check if it's already handled elsewhere in the changed code
Search for existing tests covering the scenario
Read surrounding context to verify the issue is real
Phase 5: Pre-Conclusion Audit
Before finalizing, you MUST:
List every file you reviewed and confirm you read it completely
List every checklist item and note whether you found issues or confirmed it's clean
List any areas you could NOT fully verify and why
Only then provide your final findings
Output Format
Prioritize
security vulnerabilities > bugs > code quality
Skip
stylistic/formatting issues
For each issue:
File:Line
- Brief description
Severity
Critical/High/Medium/Low
Problem
What's wrong
Evidence
Why this is real (not already fixed, no existing test, etc.)
Fix
Concrete suggestion
References
OWASP, RFCs, or other standards if applicable If you find nothing significant, say so - don't invent issues. Do not make changes - just report findings. I'll decide what to address.
返回排行榜