How do I install find-bugs?

Run `npx skills add https://github.com/davila7/claude-code-templates --skill find-bugs` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does find-bugs support?

find-bugs works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is find-bugs free to use?

Yes. find-bugs is free to install and use. It is available from the open explainx.ai skill registry published by davila7.

Where can I read ratings and reviews for find-bugs?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

skills/davila7/claude-code-templates/find-bugs

Productivity

find-bugs▌

davila7/claude-code-templates · updated Apr 8, 2026

$npx skills add https://github.com/davila7/claude-code-templates --skill find-bugs

0 commentsdiscussion

summary

Review changes on this branch for bugs, security vulnerabilities, and code quality issues.

skill.md

Find Bugs

Review changes on this branch for bugs, security vulnerabilities, and code quality issues.

Phase 1: Complete Input Gathering

Get the FULL diff: git diff master...HEAD
If output is truncated, read each changed file individually until you have seen every changed line
List all files modified in this branch before proceeding

Phase 2: Attack Surface Mapping

For each changed file, identify and list:

All user inputs (request params, headers, body, URL components)
All database queries
All authentication/authorization checks
All session/state operations
All external calls
All cryptographic operations

Phase 3: Security Checklist (check EVERY item for EVERY file)

Injection: SQL, command, template, header injection
XSS: All outputs in templates properly escaped?
Authentication: Auth checks on all protected operations?
Authorization/IDOR: Access control verified, not just auth?
CSRF: State-changing operations protected?
Race conditions: TOCTOU in any read-then-write patterns?
Session: Fixation, expiration, secure flags?
Cryptography: Secure random, proper algorithms, no secrets in logs?
Information disclosure: Error messages, logs, timing attacks?
DoS: Unbounded operations, missing rate limits, resource exhaustion?
Business logic: Edge cases, state machine violations, numeric overflow?

Phase 4: Verification

For each potential issue:

Check if it's already handled elsewhere in the changed code
Search for existing tests covering the scenario
Read surrounding context to verify the issue is real

Phase 5: Pre-Conclusion Audit

Before finalizing, you MUST:

List every file you reviewed and confirm you read it completely
List every checklist item and note whether you found issues or confirmed it's clean
List any areas you could NOT fully verify and why
Only then provide your final findings

Output Format

Prioritize: security vulnerabilities > bugs > code quality

Skip: stylistic/formatting issues

For each issue:

File:Line - Brief description
Severity: Critical/High/Medium/Low
Problem: What's wrong
Evidence: Why this is real (not already fixed, no existing test, etc.)
Fix: Concrete suggestion
References: OWASP, RFCs, or other standards if applicable

If you find nothing significant, say so - don't invent issues.

Do not make changes - just report findings. I'll decide what to address.

Discussion

Product Hunt–style comments (not star reviews)

No comments yet — start the thread.

general reviews

Ratings

4.7★★★★★30 reviews

★★★★★Pratham Ware· Dec 16, 2024
Useful defaults in find-bugs — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Aarav Huang· Dec 8, 2024
Keeps context tight: find-bugs is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Meera Patel· Nov 27, 2024
Registry listing for find-bugs matched our evaluation — installs cleanly and behaves as described in the markdown.
★★★★★Aarav Smith· Oct 18, 2024
find-bugs reduced setup friction for our internal harness; good balance of opinion and flexibility.
★★★★★Yash Thakker· Sep 21, 2024
find-bugs is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Amina White· Sep 21, 2024
Keeps context tight: find-bugs is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Nia Shah· Sep 9, 2024
find-bugs has been reliable in day-to-day use. Documentation quality is above average for community skills.
★★★★★Mia Malhotra· Sep 1, 2024
Useful defaults in find-bugs — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Henry Menon· Aug 28, 2024
Solid pick for teams standardizing on skills: find-bugs is focused, and the summary matches what you get after install.
★★★★★Olivia Kim· Aug 20, 2024
I recommend find-bugs for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.

showing 1-10 of 30

1 / 3

installs

0 this week

repository

davila7/claude-code-templates

github stars

★24.2K