find-bugs — community find-bugs, Template_FrontEnd_NextJS_JF, community, ide skills, Claude Code, Cursor, Windsurf

v1.0.0
GitHub

About this Skill

Perfect for Code Review Agents needing advanced bug detection and security vulnerability analysis in TypeScript projects. My version template for website in next with typescript.

JFEspanolito JFEspanolito
[0]
[0]
Updated: 3/5/2026

Agent Capability Analysis

The find-bugs skill by JFEspanolito is an open-source community AI agent skill for Claude Code and other IDE workflows, helping agents execute tasks with better context, repeatability, and domain-specific guidance.

Ideal Agent Persona

Perfect for Code Review Agents needing advanced bug detection and security vulnerability analysis in TypeScript projects.

Core Value

Empowers agents to review code changes for bugs, security vulnerabilities, and code quality issues using git diff and attack surface mapping, analyzing user inputs and request params for potential security threats.

Capabilities Granted for find-bugs

Automating code reviews for TypeScript projects
Identifying security vulnerabilities in git commits
Debugging code quality issues in modified files

! Prerequisites & Limits

  • Requires git repository access
  • Limited to analyzing changes in a single branch
  • May require manual review of truncated git diff output
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

find-bugs

Install find-bugs, an AI agent skill for AI agent workflows and automation. Works with Claude Code, Cursor, and Windsurf with one-command setup.

SKILL.md
Readonly

Find Bugs

Review changes on this branch for bugs, security vulnerabilities, and code quality issues.

Phase 1: Complete Input Gathering

  1. Get the FULL diff: git diff master...HEAD
  2. If output is truncated, read each changed file individually until you have seen every changed line
  3. List all files modified in this branch before proceeding

Phase 2: Attack Surface Mapping

For each changed file, identify and list:

  • All user inputs (request params, headers, body, URL components)
  • All database queries
  • All authentication/authorization checks
  • All session/state operations
  • All external calls
  • All cryptographic operations

Phase 3: Security Checklist (check EVERY item for EVERY file)

  • Injection: SQL, command, template, header injection
  • XSS: All outputs in templates properly escaped?
  • Authentication: Auth checks on all protected operations?
  • Authorization/IDOR: Access control verified, not just auth?
  • CSRF: State-changing operations protected?
  • Race conditions: TOCTOU in any read-then-write patterns?
  • Session: Fixation, expiration, secure flags?
  • Cryptography: Secure random, proper algorithms, no secrets in logs?
  • Information disclosure: Error messages, logs, timing attacks?
  • DoS: Unbounded operations, missing rate limits, resource exhaustion?
  • Business logic: Edge cases, state machine violations, numeric overflow?

Phase 4: Verification

For each potential issue:

  • Check if it's already handled elsewhere in the changed code
  • Search for existing tests covering the scenario
  • Read surrounding context to verify the issue is real

Phase 5: Pre-Conclusion Audit

Before finalizing, you MUST:

  1. List every file you reviewed and confirm you read it completely
  2. List every checklist item and note whether you found issues or confirmed it's clean
  3. List any areas you could NOT fully verify and why
  4. Only then provide your final findings

Output Format

Prioritize: security vulnerabilities > bugs > code quality

Skip: stylistic/formatting issues

For each issue:

  • File:Line - Brief description
  • Severity: Critical/High/Medium/Low
  • Problem: What's wrong
  • Evidence: Why this is real (not already fixed, no existing test, etc.)
  • Fix: Concrete suggestion
  • References: OWASP, RFCs, or other standards if applicable

If you find nothing significant, say so - don't invent issues.

Do not make changes - just report findings. I'll decide what to address.

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is find-bugs?

Perfect for Code Review Agents needing advanced bug detection and security vulnerability analysis in TypeScript projects. My version template for website in next with typescript.

How do I install find-bugs?

Run the command: npx killer-skills add JFEspanolito/Template_FrontEnd_NextJS_JF/find-bugs. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for find-bugs?

Key use cases include: Automating code reviews for TypeScript projects, Identifying security vulnerabilities in git commits, Debugging code quality issues in modified files.

Which IDEs are compatible with find-bugs?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for find-bugs?

Requires git repository access. Limited to analyzing changes in a single branch. May require manual review of truncated git diff output.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add JFEspanolito/Template_FrontEnd_NextJS_JF/find-bugs. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use find-bugs immediately in the current project.

Related Skills

Looking for an alternative to find-bugs or another community skill for your workflow? Explore these related open-source skills.

View All

widget-generator

Logo of f
f

f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.

149.6k
0
AI

flags

Logo of vercel
vercel

flags is a Next.js feature management skill that enables developers to efficiently add or modify framework feature flags, streamlining React application development.

138.4k
0
Browser

zustand

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI

data-fetching

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI