Open Skills Logo
Open Skills

find-bugs

Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.

Author

@sickn33

Category

Development Tools

Install

Hot:10

Download and extract to your skills directory

Copy command and send to OpenClaw for auto-install:

Download and install this skill https://openskills.cc/api/download?slug=sickn33-skills-find-bugs&locale=en&source=copy

Find Bugs - Intelligent Code Change Review & Security Vulnerability Detection

Skill Overview


Find Bugs is an intelligent code review tool designed specifically for Git branch changes. It can automatically detect security vulnerabilities, code defects, and quality issues, helping developers identify potential risks before code is merged.

Use Cases

  • Pull Request Review: Automatically check code changes before submitting a PR to find security vulnerabilities and bugs, improving review efficiency

  • Security Audits: Perform systematic security checks on code changes, covering common risks such as SQL injection, XSS, and authentication/authorization

  • Local Branch Self-Check: During development, review all changes in the current branch to find and fix issues before committing

    • Core Features

  • Five-Stage Security Review: Systematically review code according to a complete attack-surface mapping, security-checklist, and verification workflow to ensure no critical risks are missed

  • Multi-Dimensional Issue Detection: Covers 11 major security categories (injection attacks, XSS, authentication/authorization, CSRF, race conditions, session security, encryption, information leakage, DoS, business logic, etc.)

  • Priority-Based Output: Output issues by priority—security vulnerabilities > bugs > code quality. Each issue includes the file location, severity, description, evidence, and remediation recommendations

    • FAQ

    What types of security vulnerabilities can Find Bugs detect?


    Find Bugs is based on OWASP security standards and can detect, including but not limited to: SQL injection, command injection, template injection, XSS (cross-site scripting), authentication bypass, broken authorization/IDOR, CSRF attacks, race conditions (TOCTOU), session fixation, improper encryption algorithms, sensitive information leakage, DoS attack surfaces, business logic vulnerabilities, and other 11 major categories of security issues.

    How do I use Find Bugs to review local branch changes?


    Find Bugs automatically retrieves the full diff of the current branch versus the default branch (using git diff), then performs systematic analysis on each changed file. The review process includes: collecting complete change information, mapping the attack surface (user input, database queries, external calls, etc.), checking each item in the security checklist, validating the authenticity of reported issues, and generating a structured report. The entire process requires no manual configuration and automatically identifies the Git repository state.

    Can Find Bugs replace manual code review?


    No. Find Bugs focuses on security vulnerabilities and obvious code defects, and can significantly improve review efficiency, but it cannot replace human judgment about business logic, architectural design, code style, and similar aspects. It is recommended to use Find Bugs as an auxiliary tool alongside manual code review. Human review can more flexibly understand business context, while Find Bugs helps ensure common security checks are not overlooked.