Agent skill

issue-detection

Static analysis issue detection patterns and rules

View SKILL.md on GitHub Repository
Stars 163
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/issue-detection

SKILL.md

Issue Detection Methodology

Objective

Identify code issues across security, quality, performance, and maintainability dimensions.

Security Issues

Injection Vulnerabilities

SQL Injection

  • Pattern: String concatenation in SQL queries
  • Detection: Look for query strings built with + operator
  • Fix: Use parameterized queries

Command Injection

  • Pattern: User input passed to shell execution functions
  • Detection: Look for subprocess/exec calls with dynamic arguments
  • Fix: Use subprocess with shell=False, validate inputs

XSS

  • Pattern: Unescaped user input in HTML output
  • Detection: Template variables without escaping filters
  • Fix: HTML escape all user content

Authentication Issues

Hardcoded Credentials

  • Pattern: password/secret/key assignments with string literals
  • Detection: Regex for common credential variable names
  • Fix: Use environment variables

Weak Crypto

  • Pattern: MD5, SHA1 for passwords, ECB mode
  • Fix: Use bcrypt/argon2 for passwords, AES-GCM

Quality Issues

Complexity Violations

High Cyclomatic Complexity

  • Threshold: > 20
  • Impact: Hard to test, prone to bugs
  • Fix: Extract methods, reduce conditions

Deep Nesting

  • Threshold: > 5 levels
  • Impact: Hard to read and maintain
  • Fix: Early returns, guard clauses

Code Smells

Long Method

  • Threshold: > 50 lines
  • Fix: Extract smaller methods

Large Class

  • Threshold: > 500 lines or > 20 methods
  • Fix: Split into focused classes

Long Parameter List

  • Threshold: > 5 parameters
  • Fix: Use parameter object

Performance Issues

Algorithm Efficiency

N+1 Queries

  • Pattern: Loop containing database query
  • Detection: ORM calls inside for/while loops
  • Fix: Use eager loading/joins

Quadratic Algorithms

  • Pattern: Nested loops over same collection
  • Impact: O(n^2) scaling
  • Fix: Use sets, maps, or better algorithms

Resource Management

Unclosed Resources

  • Pattern: File/connection open without close or context manager
  • Fix: Use with statement

Memory Issues

  • Pattern: Growing collections without bounds
  • Fix: Use bounded caches, weak references

Maintainability Issues

Documentation Gaps

Missing Docstrings

  • Pattern: Public functions without documentation
  • Standard: All public APIs documented

Outdated Comments

  • Pattern: Comments contradicting code
  • Fix: Update or remove

Test Coverage

Untested Code

  • Pattern: No corresponding test file
  • Threshold: < 60% coverage is concern

Missing Edge Case Tests

  • Pattern: Only happy path tested
  • Fix: Add boundary and error tests

Issue Reporting Format

[SEVERITY] [CATEGORY] in [file:line]
Description: [what is wrong]
Impact: [why it matters]
Fix: [how to resolve]
Confidence: [High/Medium/Low]

Severity Classification

Severity Criteria
Critical Security vulnerability, data loss risk
High Performance blocker, major quality issue
Medium Code smell, minor security concern
Low Style issue, improvement suggestion

Didn't find tool you were looking for?

Be as detailed as possible for better results