Does it automatically apply fixes to my code?

No, the skill is designed to report findings and provide concrete fix suggestions. The developer reviews the report and decides which changes to implement.

Does it check for code style and formatting?

The skill specifically skips stylistic or formatting issues to focus on high-priority items like security vulnerabilities, logic bugs, and architectural flaws.

How does this skill identify security vulnerabilities?

It uses a structured five-phase process that includes mapping the attack surface, checking against a comprehensive security list (Injection, XSS, CSRF, etc.), and verifying findings against surrounding code context.

Can it handle large pull requests?

Yes, the skill includes logic to read changed files individually if the git diff output is truncated, ensuring no part of the branch goes unreviewed.

Code Security & Bug Finder

Name: Code Security & Bug Finder
Author: getsentry

bygetsentry

•

Security & Testing

Audits local branch changes for security vulnerabilities, logic bugs, and quality issues using a rigorous multi-phase verification process.

The Find Bugs skill empowers Claude to perform deep-dive security reviews and quality audits on your local development branches. By systematically mapping attack surfaces and walking through a comprehensive checklist of vulnerabilities—including injection, XSS, and broken access control—it identifies critical risks before they reach production. The skill follows a structured five-phase methodology that includes full diff analysis, verification against existing tests, and a pre-conclusion audit to ensure findings are accurate and actionable. It prioritizes high-impact security flaws over stylistic choices, providing concrete fix suggestions and references to standards like OWASP.

Key Features

01Comprehensive security checklist covering SQLi, XSS, CSRF, and IDOR vulnerabilities

02Automated attack surface mapping for user inputs, DB queries, and auth checks

03Systematic multi-phase verification to minimize false positives and verify context

04Prioritized reporting focusing on security vulnerabilities and critical logic bugs

05Pre-conclusion audit requirement to ensure 100% coverage of changed files

0610 GitHub stars

Use Cases

01Performing a final security audit on a feature branch before opening a pull request

02Mapping the attack surface of new API endpoints and external service integrations

03Identifying edge cases and business logic violations in complex code refactors

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add getsentry/sentry-skills find-bugs

For use in Claude.ai and ChatGPT

Download Skill