Does it require an active internet connection to scan?

The skill analyzes your local git diffs and files within the Claude Code environment to identify issues, though it may use the GitHub CLI to determine the default branch for diffing.

Can it automatically fix the bugs it finds?

To ensure developer control, the skill is designed to report and suggest concrete fixes rather than making direct changes. You can then review the evidence and apply the suggested fix.

How does this skill differ from a standard linter?

Unlike linters that focus on syntax and style, this skill performs deep semantic analysis of logic, data flow, and security vulnerabilities like IDOR, race conditions, and injection flaws.

What security standards does it use for auditing?

The skill follows a comprehensive checklist including SQLi, XSS, CSRF, TOCTOU race conditions, and information disclosure based on OWASP and RFC standards.

Bug Finder & Security Auditor

Name: Bug Finder & Security Auditor
Author: monmacllcapp

bymonmacllcapp

0•

Security & Testing

Audits local code changes for security vulnerabilities, logic bugs, and quality issues using a rigorous multi-phase inspection process.

This skill transforms Claude into a specialized security researcher and code auditor for your development workflow. It systematically analyzes local branch changes by mapping attack surfaces, running comprehensive security checklists—covering OWASP top risks like Injection, XSS, and IDOR—and verifying findings against existing codebase context. Designed for high-integrity pre-merge reviews, it prioritizes critical security flaws and functional bugs over stylistic preferences, providing actionable fix suggestions and references to industry standards to ensure production-grade code safety.

Key Features

010 GitHub stars

02Prioritized reporting focusing on critical security and logic flaws

03Multi-phase verification workflow to reduce false positives

04Actionable fix suggestions with references to RFCs and industry standards

05Comprehensive Security Checklist covering OWASP Top 10 vulnerabilities

06Automated Attack Surface Mapping of inputs, queries, and auth checks

Use Cases

01Reviewing a feature branch for vulnerabilities before opening a Pull Request

02Auditing business logic and race conditions in complex state-changing operations

03Identifying potential SQL injection or XSS flaws in new endpoint implementations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add monmacllcapp/skill-forks find-bugs

For use in Claude.ai and ChatGPT

Download Skill