Run any Skill in Manus with one click

$pwd:

commit-security-scan

Name: Commit Security Scan
Author: codexstar69

// Scan code changes for security vulnerabilities using Bug Hunter-native artifacts and STRIDE context. Use whenever the user asks for PR security review, commit-diff scanning, staged-change security checks, branch-comparison security review, or pre-merge security analysis of changed code.

Run Skill in Manus

$ git log --oneline --stat

stars:398

forks:46

updated:March 12, 2026 at 05:07

SKILL.md

readonly

name	commit-security-scan
description	Scan code changes for security vulnerabilities using Bug Hunter-native artifacts and STRIDE context. Use whenever the user asks for PR security review, commit-diff scanning, staged-change security checks, branch-comparison security review, or pre-merge security analysis of changed code.

Commit Security Scan

This is a bundled local Bug Hunter companion skill. It is portable and self-contained: use .bug-hunter/* artifacts, never .factory/* paths.

Purpose

Review changed code for security issues only. This skill is optimized for:

PR review
staged diff review
branch diff review
commit / commit-range security scanning

Inputs

Resolve the scan scope from the user request:

PR review → use scripts/pr-scope.cjs
staged review → use git diff --cached --name-only
branch diff → use git diff --name-only <base>...<head>
commit range → use git diff --name-only <base>..<head>

Workflow

Ensure threat-model context exists.
- Preferred artifacts:
  - .bug-hunter/threat-model.md
  - .bug-hunter/security-config.json
- If missing, run the bundled threat-model-generation skill first.
Resolve the changed-file scope.
Read the full contents of the changed source files, not just the patch.
Focus on STRIDE-oriented issues in changed code:
- Spoofing: auth/session/token mistakes
- Tampering: SQLi, XSS, path traversal, command injection, mass assignment
- Repudiation: security-sensitive actions with no auditability
- Information Disclosure: IDOR, secret exposure, verbose errors
- DoS: unbounded input, missing limits, expensive regex/queries
- Elevation of Privilege: missing authorization, role bypass, privilege escalation
Reuse Bug Hunter-native security conventions:
- findings should be compatible with .bug-hunter/findings.json
- use STRIDE + CWE labels
- include confidence scores
If the user wants only a focused security diff review, stop after the findings report. If the user wants deeper validation, hand off to the bundled vulnerability-validation skill.

Output

Preferred outputs:

.bug-hunter/findings.json when integrating with the main Bug Hunter pipeline
.bug-hunter/report.md as a rendered companion if needed

Notes

This skill is intentionally diff-scoped; it does not replace full-repository audits.
Use it as the lightweight security fast-path before invoking the broader security-review flow.

related-skills.json

same repository

bug-hunter.md

from "codexstar69/bug-hunter"

Adversarial bug hunting with a sequential-first pipeline (Recon, Hunter, Skeptic, Referee) that can optionally use safe read-only parallel triage. Finds, verifies, and auto-fixes real bugs by default (with --scan-only opt-out) using checkpointed verification and resume state for large codebases. Use this skill whenever the user wants bug finding, security audits, regression checks, or code review focused on runtime behavior.

2026-05-01398

fixer.md

from "codexstar69/bug-hunter"

Surgical code fixer for Bug Hunter. Implements minimal, precise fixes for verified bugs. Uses doc-lookup (Context Hub + Context7) to verify correct API usage in patches. Respects fix strategy classifications (safe-autofix vs manual-review vs larger-refactor).

2026-05-01398

hunter.md

from "codexstar69/bug-hunter"

Deep behavioral code analysis agent for Bug Hunter. Performs multi-phase scanning to find logic errors, security vulnerabilities, race conditions, and runtime bugs. Uses doc-lookup (Context Hub + Context7) for framework verification. Reports structured JSON findings.

2026-05-01398

recon.md

from "codexstar69/bug-hunter"

Codebase reconnaissance agent for Bug Hunter. Maps architecture, identifies trust boundaries, classifies files by risk priority, and detects service boundaries. Does NOT find bugs — finds where bugs hide.

2026-05-01398

referee.md

from "codexstar69/bug-hunter"

Final arbiter for Bug Hunter. Receives Hunter findings and Skeptic challenges, independently re-reads code, and delivers authoritative verdicts with CVSS scoring and proof-of-concept generation for security findings.

2026-05-01398

skeptic.md

from "codexstar69/bug-hunter"

Adversarial code reviewer for Bug Hunter. Rigorously challenges each reported bug to determine if it's real or a false positive. Uses doc-lookup (Context Hub + Context7) to verify framework claims before disproval. The immune system that kills false positives.

2026-05-01398

package.json

"author": "codexstar69"

"repository": "codexstar69/bug-hunter"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	commit-security-scan
description	Scan code changes for security vulnerabilities using Bug Hunter-native artifacts and STRIDE context. Use whenever the user asks for PR security review, commit-diff scanning, staged-change security checks, branch-comparison security review, or pre-merge security analysis of changed code.

Commit Security Scan

This is a bundled local Bug Hunter companion skill. It is portable and self-contained: use .bug-hunter/* artifacts, never .factory/* paths.

Purpose

Review changed code for security issues only. This skill is optimized for:

PR review
staged diff review
branch diff review
commit / commit-range security scanning

Inputs

Resolve the scan scope from the user request:

PR review → use scripts/pr-scope.cjs
staged review → use git diff --cached --name-only
branch diff → use git diff --name-only <base>...<head>
commit range → use git diff --name-only <base>..<head>

Workflow

Ensure threat-model context exists.
- Preferred artifacts:
  - .bug-hunter/threat-model.md
  - .bug-hunter/security-config.json
- If missing, run the bundled threat-model-generation skill first.
Resolve the changed-file scope.
Read the full contents of the changed source files, not just the patch.
Focus on STRIDE-oriented issues in changed code:
- Spoofing: auth/session/token mistakes
- Tampering: SQLi, XSS, path traversal, command injection, mass assignment
- Repudiation: security-sensitive actions with no auditability
- Information Disclosure: IDOR, secret exposure, verbose errors
- DoS: unbounded input, missing limits, expensive regex/queries
- Elevation of Privilege: missing authorization, role bypass, privilege escalation
Reuse Bug Hunter-native security conventions:
- findings should be compatible with .bug-hunter/findings.json
- use STRIDE + CWE labels
- include confidence scores
If the user wants only a focused security diff review, stop after the findings report. If the user wants deeper validation, hand off to the bundled vulnerability-validation skill.

Output

Preferred outputs:

.bug-hunter/findings.json when integrating with the main Bug Hunter pipeline
.bug-hunter/report.md as a rendered companion if needed

Notes

This skill is intentionally diff-scoped; it does not replace full-repository audits.
Use it as the lightweight security fast-path before invoking the broader security-review flow.

commit-security-scan

Commit Security Scan

Purpose

Inputs

Workflow

Output

Notes

More from this repository

More from this repository

Commit Security Scan

Purpose

Inputs

Workflow

Output

Notes