73
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill getsentry/warden --skill find-bugs- SKILL.md2.8 KB
Overview
This skill reviews changes on the current Git branch to find bugs, security vulnerabilities, and code-quality regressions. It targets TypeScript projects and produces prioritized, actionable findings without making code changes. The workflow ensures complete coverage of diffs, attack-surface mapping, and per-file verification before delivering final results.
How this skill works
The skill reads the full branch diff and inspects each changed file line-by-line. For every file it maps user inputs, DB queries, auth checks, external calls, and crypto usage, then runs a comprehensive security and correctness checklist. For each potential issue it verifies context, searches for tests or mitigations, and produces prioritized findings with concrete fixes and references.
When to use it
- Before merging a feature or hotfix branch into the mainline
- When you need a security-focused code review of recent changes
- To audit authentication, authorization, and input handling in new code
- When asked to triage bugs introduced on the current branch
- Prior to release or deployment for a last-minute safety check
Best practices
- Always provide the full diff; inspect each changed file until no truncation remains
- Include relevant runtime context (env vars, DB schema snippets, auth flows) when available
- Prioritize security and correctness issues over stylistic feedback
- Confirm each finding by reading surrounding lines and searching for tests or mitigations
- Document any areas that could not be fully verified (missing files, secrets, or env-specific code)
Example use cases
- Reviewing a TypeScript feature branch that touches authentication and DB access
- Auditing recent commits that add third-party API calls or new dependencies
- Verifying fixes for reported bugs to ensure no related security regressions
- Performing a pre-release security sweep focused on injection, auth, and crypto
- Triaging a pull request that changes session handling or token management
FAQ
No. The skill only inspects changes and reports findings with concrete fix suggestions; it does not change files.
How exhaustive is the security checklist?
The checklist covers common and critical categories (injection, XSS, auth, CSRF, race conditions, crypto, DoS, information disclosure, and business logic). Each item is checked for every changed file.