// Scan code changes for security vulnerabilities using Bug Hunter-native artifacts and STRIDE context. Use whenever the user asks for PR security review, commit-diff scanning, staged-change security checks, branch-comparison security review, or pre-merge security analysis of changed code.
| name | commit-security-scan |
| description | Scan code changes for security vulnerabilities using Bug Hunter-native artifacts and STRIDE context. Use whenever the user asks for PR security review, commit-diff scanning, staged-change security checks, branch-comparison security review, or pre-merge security analysis of changed code. |
This is a bundled local Bug Hunter companion skill. It is portable and self-contained: use .bug-hunter/* artifacts, never .factory/* paths.
Review changed code for security issues only. This skill is optimized for:
Resolve the scan scope from the user request:
scripts/pr-scope.cjsgit diff --cached --name-onlygit diff --name-only <base>...<head>git diff --name-only <base>..<head>Ensure threat-model context exists.
.bug-hunter/threat-model.md.bug-hunter/security-config.jsonthreat-model-generation skill first.Resolve the changed-file scope.
Read the full contents of the changed source files, not just the patch.
Focus on STRIDE-oriented issues in changed code:
Reuse Bug Hunter-native security conventions:
.bug-hunter/findings.jsonIf the user wants only a focused security diff review, stop after the findings report.
If the user wants deeper validation, hand off to the bundled vulnerability-validation skill.
Preferred outputs:
.bug-hunter/findings.json when integrating with the main Bug Hunter pipeline.bug-hunter/report.md as a rendered companion if neededsecurity-review flow.Adversarial bug hunting with a sequential-first pipeline (Recon, Hunter, Skeptic, Referee) that can optionally use safe read-only parallel triage. Finds, verifies, and auto-fixes real bugs by default (with --scan-only opt-out) using checkpointed verification and resume state for large codebases. Use this skill whenever the user wants bug finding, security audits, regression checks, or code review focused on runtime behavior.
Surgical code fixer for Bug Hunter. Implements minimal, precise fixes for verified bugs. Uses doc-lookup (Context Hub + Context7) to verify correct API usage in patches. Respects fix strategy classifications (safe-autofix vs manual-review vs larger-refactor).
Deep behavioral code analysis agent for Bug Hunter. Performs multi-phase scanning to find logic errors, security vulnerabilities, race conditions, and runtime bugs. Uses doc-lookup (Context Hub + Context7) for framework verification. Reports structured JSON findings.
Codebase reconnaissance agent for Bug Hunter. Maps architecture, identifies trust boundaries, classifies files by risk priority, and detects service boundaries. Does NOT find bugs — finds where bugs hide.
Final arbiter for Bug Hunter. Receives Hunter findings and Skeptic challenges, independently re-reads code, and delivers authoritative verdicts with CVSS scoring and proof-of-concept generation for security findings.
Adversarial code reviewer for Bug Hunter. Rigorously challenges each reported bug to determine if it's real or a false positive. Uses doc-lookup (Context Hub + Context7) to verify framework claims before disproval. The immune system that kills false positives.