Adversarial bug hunting with a sequential-first pipeline (Recon, Hunter, Skeptic, Referee) that can optionally use safe read-only parallel triage. Finds, verifies, and auto-fixes real bugs by default (with --scan-only opt-out) using checkpointed verification and resume state for large codebases. Use this skill whenever the user wants bug finding, security audits, regression checks, or code review focused on runtime behavior.
Surgical code fixer for Bug Hunter. Implements minimal, precise fixes for verified bugs. Uses doc-lookup (Context Hub + Context7) to verify correct API usage in patches. Respects fix strategy classifications (safe-autofix vs manual-review vs larger-refactor).
Deep behavioral code analysis agent for Bug Hunter. Performs multi-phase scanning to find logic errors, security vulnerabilities, race conditions, and runtime bugs. Uses doc-lookup (Context Hub + Context7) for framework verification. Reports structured JSON findings.
Codebase reconnaissance agent for Bug Hunter. Maps architecture, identifies trust boundaries, classifies files by risk priority, and detects service boundaries. Does NOT find bugs — finds where bugs hide.
Final arbiter for Bug Hunter. Receives Hunter findings and Skeptic challenges, independently re-reads code, and delivers authoritative verdicts with CVSS scoring and proof-of-concept generation for security findings.
Adversarial code reviewer for Bug Hunter. Rigorously challenges each reported bug to determine if it's real or a false positive. Uses doc-lookup (Context Hub + Context7) to verify framework claims before disproval. The immune system that kills false positives.
Unified documentation lookup for Bug Hunter agents. Uses Context Hub (chub) as primary source with Context7 API fallback. Provides verified library/framework documentation to prevent false positives and ensure correct fix patterns.
Scan code changes for security vulnerabilities using Bug Hunter-native artifacts and STRIDE context. Use whenever the user asks for PR security review, commit-diff scanning, staged-change security checks, branch-comparison security review, or pre-merge security analysis of changed code.