How do I install find-bugs?

Run `npx skills add https://github.com/getsentry/skills --skill find-bugs` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does find-bugs support?

find-bugs works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is find-bugs free to use?

Yes. find-bugs is free to install and use. It is available from the open explainx.ai skill registry published by getsentry.

Where can I read ratings and reviews for find-bugs?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

skills/getsentry/skills/find-bugs

Productivity

find-bugs▌

getsentry/skills · updated Apr 8, 2026

$npx skills add https://github.com/getsentry/skills --skill find-bugs

summary

Comprehensive code review identifying bugs, security vulnerabilities, and quality issues in branch changes.

›Executes a structured five-phase review process: gathering the complete diff, mapping attack surfaces, running a detailed security checklist, verifying findings, and auditing coverage before conclusions
›Security checklist covers 11 critical areas including injection, XSS, authentication, authorization, CSRF, race conditions, session management, cryptography, information disclosure

skill.md

Find Bugs

Review changes on this branch for bugs, security vulnerabilities, and code quality issues.

Phase 1: Complete Input Gathering

Get the FULL diff: git diff $(gh repo view --json defaultBranchRef --jq '.defaultBranchRef.name')...HEAD
If output is truncated, read each changed file individually until you have seen every changed line
List all files modified in this branch before proceeding

Phase 2: Attack Surface Mapping

For each changed file, identify and list:

All user inputs (request params, headers, body, URL components)
All database queries
All authentication/authorization checks
All session/state operations
All external calls
All cryptographic operations

Phase 3: Security Checklist (check EVERY item for EVERY file)

Injection: SQL, command, template, header injection
XSS: All outputs in templates properly escaped?
Authentication: Auth checks on all protected operations?
Authorization/IDOR: Access control verified, not just auth?
CSRF: State-changing operations protected?
Race conditions: TOCTOU in any read-then-write patterns?
Session: Fixation, expiration, secure flags?
Cryptography: Secure random, proper algorithms, no secrets in logs?
Information disclosure: Error messages, logs, timing attacks?
DoS: Unbounded operations, missing rate limits, resource exhaustion?
Business logic: Edge cases, state machine violations, numeric overflow?

Phase 4: Verification

For each potential issue:

Check if it's already handled elsewhere in the changed code
Search for existing tests covering the scenario
Read surrounding context to verify the issue is real

Phase 5: Pre-Conclusion Audit

Before finalizing, you MUST:

List every file you reviewed and confirm you read it completely
List every checklist item and note whether you found issues or confirmed it's clean
List any areas you could NOT fully verify and why
Only then provide your final findings

Output Format

Prioritize: security vulnerabilities > bugs > code quality

Skip: stylistic/formatting issues

For each issue:

File:Line - Brief description
Severity: Critical/High/Medium/Low
Problem: What's wrong
Evidence: Why this is real (not already fixed, no existing test, etc.)
Fix: Concrete suggestion
References: OWASP, RFCs, or other standards if applicable

If you find nothing significant, say so - don't invent issues.

Do not make changes - just report findings. I'll decide what to address.

general reviews

Ratings

4.7★★★★★48 reviews

★★★★★Chinedu Gonzalez· Dec 28, 2024
find-bugs is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★James Sanchez· Dec 28, 2024
Keeps context tight: find-bugs is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Chaitanya Patil· Dec 20, 2024
Solid pick for teams standardizing on skills: find-bugs is focused, and the summary matches what you get after install.
★★★★★Emma Menon· Dec 12, 2024
find-bugs reduced setup friction for our internal harness; good balance of opinion and flexibility.
★★★★★Olivia Verma· Dec 4, 2024
I recommend find-bugs for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
★★★★★Jin Taylor· Nov 23, 2024
Keeps context tight: find-bugs is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Isabella Yang· Nov 19, 2024
Useful defaults in find-bugs — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Jin Thomas· Nov 19, 2024
I recommend find-bugs for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
★★★★★Piyush G· Nov 11, 2024
We added find-bugs from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
★★★★★James Gonzalez· Oct 14, 2024
find-bugs is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

showing 1-10 of 48

1 / 5

installs

0 this week

repository

getsentry/skills

github stars

★504