Bug Review
Turn messy bug reports into structured defect docs with exact file:line references and severity tiers before you fix or triage.
Install
npx skills add https://github.com/athola/claude-night-market --skill bug-reviewWhat is this skill?
- Requires file path, line number, function scope, and a 3–5 line code snippet for every defect
- Four-level severity matrix (Critical/High/Medium/Low) with impact and response-time guidance
- Root-cause taxonomy: logic errors, API misuse, concurrency, and resource leaks
- Progressive-loading parent workflow (pensive:bug-review) with imbue:proof-of-work dependency
- Rust/Go-oriented examples (ownership, channels) for backend and systems code
Adoption & trust: 1 installs on skills.sh; 304 GitHub stars; 3/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).
Recommended Skills
Improve Codebase Architecturemattpocock/skills
Zoom Outmattpocock/skills
Caveman Reviewjuliusbrussee/caveman
Requesting Code Reviewobra/superpowers
Receiving Code Reviewobra/superpowers
Request Refactor Planmattpocock/skills
Journey fit
Primary fit
Canonical shelf is Ship because the skill is built for formal defect documentation and severity classification—the gate before fixes merge or ship. Review is where systematic defect identification, root-cause buckets, and Critical–Low response times belong in the solo-builder journey.
Common Questions / FAQ
Is Bug Review safe to install?
skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.
SKILL.md
READMESKILL.md - Bug Review
# Defect Documentation Systematic defect identification with precise file references and severity classification. ## File/Line References Every defect must include: - **File path**: Absolute or relative from project root - **Line number**: Exact location of issue - **Function/method**: Containing scope - **Code snippet**: 3-5 lines of context Example: ``` src/parser/tokenizer.rs:142 in `parse_string()` ``` ## Severity Classification | Level | Description | Impact | Response Time | |-------|-------------|--------|---------------| | **Critical** | Crash, data loss, security vulnerability | Service down, data corruption | Immediate | | **High** | Major functionality broken | Core features unusable | This sprint | | **Medium** | Degraded experience, workaround exists | Reduced performance/UX | Next sprint | | **Low** | Minor issues, edge cases | Rare scenarios affected | Backlog | ## Root Cause Categories ### Logic Errors - Incorrect conditions (off-by-one, wrong operator) - Null/None handling gaps - Missing validation - Boundary condition failures ### API Misuse - Wrong parameter types/order - Deprecated method usage - Incorrect error handling - Lifetime/ownership violations (Rust) ### Concurrency Issues - Race conditions - Deadlocks - Data races - Improper synchronization - Channel misuse (Go) ### Resource Leaks - Memory leaks - File handle leaks - Connection pool exhaustion - Lock not released ### Validation Gaps - Missing input validation - Insufficient boundary checks - Type coercion errors - Injection vulnerabilities ## Static Analyzer Commands Run language-specific linters: **Rust** ```bash cargo clippy --all-targets --all-features ``` **Python** ```bash ruff check . mypy src/ ``` **Go** ```bash golangci-lint run staticcheck ./... ``` **JavaScript/TypeScript** ```bash eslint . tsc --noEmit ``` **Java** ```bash ./gradlew check spotbugs ``` ## Documentation Format ```markdown ### [D1] file.rs:142 - Null pointer dereference - **Severity**: Critical - **Root Cause**: Logic error - missing null check - **Impact**: Crash on malformed input - **Evidence**: Line 142 dereferences `config.value` without validation - **Context**: ```rust let value = config.value.unwrap(); // PANIC if None ``` ``` ## Cross-References When relevant, link to: - CVE databases for security issues - Language RFCs or proposals - Standard library documentation - Known issue trackers --- parent_skill: pensive:bug-review category: remediation estimated_tokens: 450 progressive_loading: true --- # Fix Preparation Create minimal, idiomatic patches with detailed test coverage. ## Minimal Patch Patterns Apply smallest change that fixes the issue: **Guard Clause** (prevent invalid state) ```rust // Before: crash on None let value = config.value.unwrap(); // After: guard clause let Some(value) = config.value else { return Err(Error::MissingConfig); }; ``` **Validation** (check inputs) ```python # Before: no validation def process(count: int): return items[:count] # After: boundary check def process(count: int): if count < 0 or count > len(items): raise ValueError(f"Invalid count: {count}") return items[:count] ``` **Resource Cleanup** (prevent leaks) ```go // Before: file handle leak file, err := os.Open(path) data, _ := io.ReadAll(file) // After: defer cleanup file, err := os.Open(path) if err != nil { return err } defer file.Close() data, err := io.ReadAll(file) ``` ## Idiomatic Fixes by Language ### Rust - Use `?` operator for error propagation - Prefer pattern matching over `unwrap()` - Use `Option::ok_or()` for conversions - Apply ownership transfer instead of cloning ```rust // Idiomatic error handling fn load_config() -> Result<Config, Error> { let path = env::var("CONFIG_PATH") .map_err(|_| Error::MissingEnv)?; let contents = fs::