Code Analysis & Bug Hunting Skill
This skill provides systematic approaches for analyzing code, identifying issues, and proposing fixes.
Purpose
Use this skill when your task involves:
- •Finding bugs in existing code
- •Code quality review
- •Performance optimization suggestions
- •Security vulnerability detection
- •Refactoring recommendations
- •Best practices enforcement
Key Capabilities
1. Bug Detection
- •Logic errors (off-by-one, null checks, etc.)
- •Type mismatches and conversion issues
- •Resource leaks (file handles, connections)
- •Concurrency issues (race conditions, deadlocks)
- •Exception handling gaps
- •Edge case failures
2. Code Quality Issues
- •Code duplication
- •Overly complex functions
- •Poor naming conventions
- •Missing documentation
- •Inconsistent formatting
- •Dead code
3. Performance Problems
- •Inefficient algorithms (O(n²) where O(n) possible)
- •Unnecessary loops or operations
- •Memory leaks
- •Excessive I/O operations
- •Missing caching opportunities
- •Database query inefficiencies
4. Security Vulnerabilities
- •SQL injection risks
- •XSS vulnerabilities
- •Insecure authentication
- •Exposed secrets/credentials
- •Insufficient input validation
- •Path traversal risks
Bug Hunting Workflow
Phase 1: Code Understanding
1. Read all files to understand codebase structure 2. Identify entry points and main workflows 3. Map dependencies between components 4. Note external dependencies and APIs used
Phase 2: Issue Detection
1. Static analysis (read code carefully) 2. Look for common bug patterns 3. Check error handling coverage 4. Validate input/output handling 5. Review edge cases
Phase 3: Issue Documentation
For each issue found, document: - Location: file:line_number - Severity: Critical / High / Medium / Low - Category: Bug / Performance / Security / Quality - Description: What's wrong - Impact: What could go wrong - Recommendation: How to fix it - Code example: Before and after
Phase 4: Fix Implementation
1. Prioritize by severity 2. Implement fixes one at a time 3. Preserve existing functionality 4. Add comments explaining changes 5. Ensure backward compatibility (if needed)
Bug Report Template
## Bug Report ### Issue #N: [Brief Title] **Location**: `file_path:line_number` **Severity**: Critical | High | Medium | Low **Category**: Bug | Performance | Security | Quality **Description**: [Clear explanation of what's wrong] **Current Code**: ```python # Problematic code here
Issue: [Why this is a problem]
Impact:
- •[What could go wrong]
- •[Example failure scenario]
Recommended Fix:
# Fixed code here
Explanation: [Why this fix works]
## Common Bug Patterns
### 1. Null/None Check Missing
```python
# ❌ Bug
def process_user(user):
return user.name.upper() # Crashes if user is None
# ✅ Fix
def process_user(user):
if user is None:
return None
return user.name.upper()
2. Off-by-One Error
# ❌ Bug
for i in range(len(items) - 1): # Misses last item!
process(items[i])
# ✅ Fix
for i in range(len(items)):
process(items[i])
# Or better:
for item in items:
process(item)
3. Resource Leak
# ❌ Bug
def read_file(path):
f = open(path)
data = f.read()
return data # File never closed!
# ✅ Fix
def read_file(path):
with open(path) as f:
return f.read()
4. Mutable Default Argument
# ❌ Bug
def append_to(element, target=[]):
target.append(element)
return target # Shares same list across calls!
# ✅ Fix
def append_to(element, target=None):
if target is None:
target = []
target.append(element)
return target
5. Exception Swallowing
# ❌ Bug
try:
result = risky_operation()
except:
pass # Silent failure, no one knows what went wrong
# ✅ Fix
try:
result = risky_operation()
except ValueError as e:
logging.error(f"Failed to process: {e}")
raise
6. SQL Injection
# ❌ Bug
query = f"SELECT * FROM users WHERE name = '{user_input}'"
cursor.execute(query) # Vulnerable to injection!
# ✅ Fix
query = "SELECT * FROM users WHERE name = ?"
cursor.execute(query, (user_input,))
7. Inefficient Loop
# ❌ Performance Issue
result = []
for item in large_list:
if item not in result: # O(n²) complexity!
result.append(item)
# ✅ Fix
result = list(set(large_list)) # O(n)
# Or if order matters:
seen = set()
result = []
for item in large_list:
if item not in seen:
seen.add(item)
result.append(item)
Analysis Tools Available
When analyzing code, you have access to:
- •
Read- Read source files - •
Grep- Search for patterns across codebase - •
Glob- Find files by name/extension - •
Bash- Run linters (pylint, flake8, mypy)
Best Practices for Bug Fixing
1. Minimal Changes
- •Fix one bug at a time
- •Don't refactor while fixing bugs
- •Preserve existing behavior (unless that's the bug)
2. Clear Documentation
# Before: Bug - doesn't handle negative numbers
# After: Fixed - added validation for negative inputs
def calculate_square_root(num):
if num < 0:
raise ValueError("Cannot calculate square root of negative number")
return num ** 0.5
3. Add Defensive Checks
def divide(a, b):
"""Divide a by b with safety checks"""
if not isinstance(a, (int, float)) or not isinstance(b, (int, float)):
raise TypeError("Both arguments must be numbers")
if b == 0:
raise ValueError("Cannot divide by zero")
return a / b
4. Preserve Compatibility
# When fixing a public API, maintain backward compatibility
def old_function(param1):
"""Deprecated: Use new_function instead"""
warnings.warn("old_function is deprecated", DeprecationWarning)
return new_function(param1)
def new_function(param1, param2=None):
"""New implementation with additional features"""
# ... improved logic
Output Format
Bug Analysis Report
# Code Analysis Report ## Summary - Total files analyzed: X - Issues found: Y - Critical: N - High: N - Medium: N - Low: N ## Critical Issues [List critical bugs that need immediate attention] ## High Priority Issues [List high priority bugs] ## Medium Priority Issues [List medium priority issues] ## Low Priority Issues [List code quality suggestions] ## Recommended Actions 1. [Priority 1 fix] 2. [Priority 2 fix] ...
Fixed Code Structure
fixed_code/ ├── file1.py # Fixed version with comments ├── file2.py # Fixed version with comments └── CHANGES.md # Summary of all changes made
Interactive Workflow
When working with users:
- •Present Findings: Show bug report with severity
- •Wait for Approval: Ask user which bugs to fix
- •Implement Fixes: Apply approved fixes only
- •Document Changes: Create CHANGES.md explaining what was fixed
Example Task Breakdown
Task: "Find and fix bugs in this codebase"
Step 1: Analyze
- •Read all Python files
- •Identify potential issues
- •Categorize by severity
Step 2: Report
- •Generate bug report
- •Prioritize issues
- •Present to user
Step 3: Fix (after approval)
- •Implement fixes for approved issues
- •Test that fixes work
- •Document changes
Step 4: Verify
- •Review fixed code
- •Ensure no new bugs introduced
- •Provide summary
Testing Recommendations
After fixing bugs, suggest:
# Add tests for the bug fix
def test_divide_by_zero():
"""Ensure divide by zero raises ValueError"""
with pytest.raises(ValueError):
divide(10, 0)
def test_divide_negative_numbers():
"""Ensure negative numbers work correctly"""
assert divide(-10, 2) == -5.0
Security Checklist
When analyzing code for security:
- • All user inputs are validated
- • No SQL queries use string concatenation
- • Passwords/secrets are not hardcoded
- • File paths are validated (no traversal)
- • Authentication is required for sensitive operations
- • Error messages don't leak sensitive info
- • Dependencies are up to date (no known vulnerabilities)
Performance Checklist
When analyzing for performance:
- • No nested loops that could be optimized
- • Database queries use proper indexes
- • Caching is used where appropriate
- • Large files are read in chunks
- • Expensive operations are memoized
- • Unnecessary computations are avoided
Quality Checklist
When analyzing code quality:
- • Functions are < 50 lines
- • Clear, descriptive variable names
- • Comments explain "why", not "what"
- • No code duplication
- • Error messages are helpful
- • Type hints are present
- • Docstrings document public APIs
- • Docstrings document public APIs
🛠️ Available Analysis Tools
This skill comes with production-ready Python tools that you can use directly via Bash:
1. Static Analyzer
Comprehensive code analysis for bugs, security, and quality.
# Analyze entire codebase python .claude/skills/code-analysis/scripts/static_analyzer.py <directory> # Generate JSON report python .claude/skills/code-analysis/scripts/static_analyzer.py <directory> \ --format json --output analysis.json
Detects:
- •Security vulnerabilities (SQL injection, eval/exec, etc.)
- •Logic bugs (null checks, off-by-one errors)
- •Resource leaks (unclosed files)
- •Code quality issues (complexity, mutable defaults)
2. Performance Profiler
Identifies performance bottlenecks and algorithmic inefficiencies.
# Analyze performance python .claude/skills/code-analysis/scripts/performance_profiler.py <file.py> # With custom threshold python .claude/skills/code-analysis/scripts/performance_profiler.py <file.py> --threshold 3
Detects:
- •Nested loops (O(n²) complexity)
- •List membership tests in loops (use sets)
- •Inefficient string operations
- •Repeated global lookups
3. Security Scanner
Specialized OWASP Top 10 and CWE vulnerability scanner.
# Security scan python .claude/skills/code-analysis/scripts/security_scanner.py <directory> # Exit code 1 if critical vulnerabilities found python .claude/skills/code-analysis/scripts/security_scanner.py <directory> \ --output security_report.txt
Detects:
- •SQL injection (CWE-89)
- •Command injection (CWE-78)
- •Hardcoded credentials (CWE-798)
- •Weak cryptography (CWE-327)
- •Insecure deserialization (CWE-502)
📚 Reference Documentation
Comprehensive security guides available in the skill package:
OWASP Top 10 for Python
references/owasp_top10_python.md
- •Practical examples for each OWASP Top 10 category
- •Python-specific security patterns
- •Before/after code examples
- •Remediation strategies
CWE Quick Reference
references/cwe_quick_reference.md
- •Common Weakness Enumeration essentials
- •Python examples for each CWE
- •Severity levels and priority guidance
- •Testing strategies
Tools Usage Guide
- •Complete documentation for all analysis tools
- •CI/CD integration examples
- •Pre-commit hook samples
- •Customization guide
🎯 Recommended Workflow for Bug Hunting
Phase 1: Automated Scanning (5-10 minutes)
# Run all three tools
python .claude/skills/code-analysis/scripts/static_analyzer.py . --output static.txt
python .claude/skills/code-analysis/scripts/security_scanner.py . --output security.txt
# For large files, also profile performance
find . -name "*.py" -size +100k -exec \
python .claude/skills/code-analysis/scripts/performance_profiler.py {} \; \
> perf.txt
Phase 2: Manual Analysis (10-20 minutes)
- •Read tool outputs to understand detected issues
- •Prioritize by severity: Critical > High > Medium > Low
- •Verify findings: Some may be false positives
- •Group related issues: E.g., all SQL injections together
Phase 3: Report Generation (15-30 minutes)
Create comprehensive bug report:
- •Executive summary with counts
- •Detailed findings with file:line references
- •Code snippets (before/after)
- •Remediation recommendations
- •References to OWASP/CWE
Phase 4: Fix Implementation (Variable time)
Implement fixes:
- •One category at a time (e.g., all SQL injections)
- •Add comments explaining each fix
- •Don't introduce new bugs
- •Preserve original functionality
Phase 5: Verification (10-15 minutes)
Re-run tools to verify:
# Should show fewer issues python .claude/skills/code-analysis/scripts/security_scanner.py .
💡 Pro Tips
Combining Tools with Manual Analysis
# Example workflow in agent code
import subprocess
import json
# Run static analyzer
result = subprocess.run([
'python', '.claude/skills/code-analysis/scripts/static_analyzer.py',
target_dir, '--format', 'json'
], capture_output=True, text=True)
issues = json.loads(result.stdout)
# Filter critical issues
critical = [i for i in issues if i['severity'] == 'critical']
# Generate detailed report for each
for issue in critical:
# Read the problematic code
with open(issue['file']) as f:
lines = f.readlines()
context = lines[issue['line']-3:issue['line']+2]
# Add to bug report with context
report.add_issue(issue, context)
Custom Analysis Patterns
You can extend the tools by adding custom checkers. See references/TOOLS_USAGE.md for examples.
Integration with CI/CD
# GitHub Actions example
- name: Security Scan
run: |
python .claude/skills/code-analysis/scripts/security_scanner.py . \
--format json --output security.json
- name: Check Results
run: |
CRITICAL=$(jq '[.[] | select(.severity=="critical")] | length' security.json)
if [ "$CRITICAL" -gt 0 ]; then
echo "Found $CRITICAL critical issues"
exit 1
fi
🎓 Learning Resources
The reference documents contain extensive learning material:
- •Start with OWASP Top 10 - Learn the most common security risks
- •Study CWE examples - Understand specific vulnerability types
- •Practice with tools - Run them on sample code
- •Read tool source code - See how detection works
🚀 Real-World Usage
This skill package is production-ready and includes tools that:
✅ Have been tested on real codebases ✅ Produce actionable, detailed reports ✅ Support both human and machine-readable output ✅ Include comprehensive error handling ✅ Work with CI/CD pipelines ✅ Scale to large codebases
The tools themselves follow security best practices and can be used as reference implementations.
📖 Additional Resources
- •OWASP Top 10: https://owasp.org/www-project-top-ten/
- •CWE Top 25: https://cwe.mitre.org/top25/
- •Python Security: https://python.readthedocs.io/en/latest/library/security_warnings.html
- •Bandit (inspiration): https://github.com/PyCQA/bandit
- •OWASP Cheat Sheets: https://cheatsheetseries.owasp.org/
Remember: Security is a process, not a product. Use these tools regularly, keep learning about new vulnerability patterns, and always validate findings in context.