Index live · v1.3.0 · MAY 26 2026
173+ skills indexed200+ MCP servers18+ platforms tracked
Systematic bug detection using static analysis patterns and code inspection.
Claude CodeCodexCursorMulti Platform
741stars
Updated 1 month ago
1contributor
Install This Skill
npx skills add getsentry/find-bugs# Download SKILL.md and place in your agent's skills folder
curl -o SKILL.md https://github.com/getsentry/skills/tree/main/skills/find-bugs/raw/main/SKILL.md/skill add getsentry/find-bugsSKILL.md
Find Bugs
Review changes on this branch for bugs, security vulnerabilities, and code quality issues.
Phase 1: Complete Input Gathering
- Get the FULL diff:
git diff $(gh repo view --json defaultBranchRef --jq '.defaultBranchRef.name')...HEAD - If output is truncated, read each changed file individually until you have seen every changed line
- List all files modified in this branch before proceeding
Phase 2: Attack Surface Mapping
For each changed file, identify and list:
- All user inputs (request params, headers, body, URL components)
- All database queries
- All authentication/authorization checks
- All session/state operations
- All external calls
- All cryptographic operations
Phase 3: Security Checklist (check EVERY item for EVERY file)
- Injection: SQL, command, template, header injection
- XSS: All outputs in templates properly escaped?
- Authentication: Auth checks on all protected operations?
- Authorization/IDOR: Access control verified, not just auth?
- CSRF: State-changing operations protected?
- Race conditions: TOCTOU in any read-then-write patterns?
- Session: Fixation, expiration, secure flags?
- Cryptography: Secure random, proper algorithms, no secrets in logs?
- Information disclosure: Error messages, logs, timing attacks?
- DoS: Unbounded operations, missing rate limits, resource exhaustion?
- Business logic: Edge cases, state machine violations, numeric overflow?
Phase 4: Verification
For each potential issue:
- Check if it's already handled elsewhere in the changed code
- Search for existing tests covering the scenario
- Read surrounding context to verify the issue is real
Phase 5: Pre-Conclusion Audit
Before finalizing, you MUST:
- List every file you reviewed and confirm you read it completely
- List every checklist item and note whether you found issues or confirmed it's clean
- List any areas you could NOT fully verify and why
- Only then provide your final findings
Output Format
Prioritize: security vulnerabilities > bugs > code quality
Skip: stylistic/formatting issues
For each issue:
- File:Line - Brief description
- Severity: Critical/High/Medium/Low
- Problem: What's wrong
- Evidence: Why this is real (not already fixed, no existing test, etc.)
- Fix: Concrete suggestion
- References: OWASP, RFCs, or other standards if applicable
If you find nothing significant, say so - don't invent issues.
Do not make changes - just report findings. I'll decide what to address.
Synced from getsentry/skills@490a181fetched May 24, 2026
Related Skills
Quick Stats
Source repo · this path Stars741
Forks39
Last commit2026-04-19
Contributors1
LicenseMIT
CategoryTesting
Author
S
Sentry
@getsentry
Tags
bugsdetectionsentrystatic-analysis