ubs
Ultimate Bug Scanner - Pre-commit static analysis for AI coding workflows. 18 detection categories, 8 languages, 4-layer analysis engine. The AI agent's quality gate.
Best use case
ubs is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. Ultimate Bug Scanner - Pre-commit static analysis for AI coding workflows. 18 detection categories, 8 languages, 4-layer analysis engine. The AI agent's quality gate.
Ultimate Bug Scanner - Pre-commit static analysis for AI coding workflows. 18 detection categories, 8 languages, 4-layer analysis engine. The AI agent's quality gate.
Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.
Practical example
Example input
Use the "ubs" skill to help with this workflow task. Context: Ultimate Bug Scanner - Pre-commit static analysis for AI coding workflows. 18 detection categories, 8 languages, 4-layer analysis engine. The AI agent's quality gate.
Example output
A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.
When to use this skill
- Use this skill when you want a reusable workflow rather than writing the same prompt again and again.
When not to use this skill
- Do not use this when you only need a one-off answer and do not need a reusable workflow.
- Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/ubs/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How ubs Compares
| Feature / Agent | ubs | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Ultimate Bug Scanner - Pre-commit static analysis for AI coding workflows. 18 detection categories, 8 languages, 4-layer analysis engine. The AI agent's quality gate.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# UBS - Ultimate Bug Scanner
Static analysis tool built for AI coding workflows. Catches bugs that AI agents commonly introduce: null safety, async/await issues, security holes, memory leaks. Scans JS/TS, Python, Go, Rust, Java, C++, Ruby, Swift in 3-5 seconds.
## Why This Exists
AI agents move fast. Bugs move faster. You're shipping features in minutes, but:
- Null pointer crashes slip through
- Missing `await` causes silent failures
- XSS vulnerabilities reach production
- Memory leaks accumulate
UBS is the quality gate: scan before commit, fix before merge.
## Golden Rule
```bash
ubs <changed-files> --fail-on-warning
```
**Exit 0 = safe to commit. Exit 1 = fix and re-run.**
## Essential Commands
### Quick Scans (Use These)
```bash
ubs file.ts file2.py # Specific files (< 1s)
ubs $(git diff --name-only --cached) # Staged files
ubs --staged # Same, cleaner syntax
ubs --diff # Working tree vs HEAD
```
### Full Project Scans
```bash
ubs . # Current directory
ubs /path/to/project # Specific path
ubs --only=js,python src/ # Language filter (faster)
```
### CI/CD Mode
```bash
ubs --ci --fail-on-warning . # Strict mode for CI
ubs --format=json . # Machine-readable
ubs --format=sarif . # GitHub code scanning
```
## Output Format
```
⚠️ Category (N errors)
file.ts:42:5 – Issue description
💡 Suggested fix
Exit code: 1
```
Parse: `file:line:col` → location | `💡` → how to fix | Exit 0/1 → pass/fail
## The 18 Detection Categories
### Critical (Always Fix)
| Category | What It Catches |
|----------|-----------------|
| **Null Safety** | Unguarded property access, missing null checks |
| **Security** | XSS, injection, prototype pollution, hardcoded secrets |
| **Async/Await** | Missing await, unhandled rejections, race conditions |
| **Memory Leaks** | Event listeners without cleanup, timer leaks |
| **Type Coercion** | `==` vs `===`, `parseInt` without radix, NaN comparison |
### Important (Production Risk)
| Category | What It Catches |
|----------|-----------------|
| **Division Safety** | Division without zero check |
| **Resource Lifecycle** | Unclosed files, connections, context managers |
| **Error Handling** | Empty catch blocks, swallowed errors |
| **Promise Chains** | `.then()` without `.catch()` |
| **Array Mutations** | Mutating during iteration |
### Code Quality (Contextual)
| Category | What It Catches |
|----------|-----------------|
| **Debug Code** | `console.log`, `debugger`, `print()` statements |
| **TODO Markers** | `TODO`, `FIXME`, `HACK` comments |
| **Type Safety** | TypeScript `any` usage |
| **Readability** | Complex ternaries, deep nesting |
## Language-Specific Detection
| Language | Key Patterns |
|----------|-------------|
| **JavaScript/TypeScript** | innerHTML XSS, eval(), missing await, React hooks deps |
| **Python** | eval(), open() without with, missing encoding=, None checks |
| **Go** | Nil pointer, goroutine leaks, defer symmetry, context cancel |
| **Rust** | `.unwrap()` panics, `unsafe` blocks, Option handling |
| **Java** | Resource leaks (try-with-resources), null checks, JDBC |
| **C/C++** | Buffer overflows, strcpy(), memory leaks, use-after-free |
| **Ruby** | eval(), send(), instance_variable_set |
| **Swift** | Force unwrap (!), ObjC bridging issues |
## Profiles
```bash
ubs --profile=strict . # Fail on warnings, enforce high standards
ubs --profile=loose . # Skip TODO/debug nits when prototyping
```
## Category Packs (Focused Scans)
```bash
ubs --category=resource-lifecycle . # Python/Go/Java resource hygiene
```
Narrows scan to relevant languages and suppresses unrelated categories.
## Comparison Mode (Regression Detection)
```bash
# Capture baseline
ubs --ci --report-json .ubs/baseline.json .
# Compare against baseline
ubs --ci --comparison .ubs/baseline.json --report-json .ubs/latest.json .
```
Useful for CI to detect regressions vs. main branch.
## Output Formats
| Format | Flag | Use Case |
|--------|------|----------|
| **text** | (default) | Human-readable terminal output |
| **json** | `--format=json` | Machine parsing, scripting |
| **jsonl** | `--format=jsonl` | Line-delimited, streaming |
| **sarif** | `--format=sarif` | GitHub code scanning |
| **html** | `--html-report=file.html` | PR attachments, dashboards |
## Inline Suppression
When a finding is intentional:
```javascript
eval(trustedCode); // ubs:ignore
// ubs:ignore-next-line
dangerousOperation();
```
## Exit Codes
| Code | Meaning |
|------|---------|
| `0` | No critical issues (safe to commit) |
| `1` | Critical issues or warnings (with `--fail-on-warning`) |
| `2` | Environment error (missing ast-grep, etc.) |
## Doctor Command
```bash
ubs doctor # Check environment
ubs doctor --fix # Auto-fix missing dependencies
```
Checks: curl/wget, ast-grep, ripgrep, jq, typos, Node.js + TypeScript.
## Agent Integration
UBS auto-configures hooks for coding agents during install:
| Agent | Hook Location |
|-------|---------------|
| **Claude Code** | `.claude/hooks/on-file-write.sh` |
| **Cursor** | `.cursor/rules` |
| **Codex CLI** | `.codex/rules/ubs.md` |
| **Gemini** | `.gemini/rules` |
| **Windsurf** | `.windsurf/rules` |
| **Cline** | `.cline/rules` |
### Claude Code Hook Pattern
```bash
#!/bin/bash
# .claude/hooks/on-file-write.sh
if [[ "$FILE_PATH" =~ \.(js|jsx|ts|tsx|py|go|rs|java|rb)$ ]]; then
echo "🔬 Quality check running..."
if ubs "${PROJECT_DIR}" --ci 2>&1 | head -30; then
echo "✅ No critical issues"
else
echo "⚠️ Issues detected - review above"
fi
fi
```
### Git Pre-Commit Hook
```bash
#!/bin/bash
# .git/hooks/pre-commit
echo "🔬 Running bug scanner..."
if ! ubs . --fail-on-warning 2>&1 | tail -30; then
echo "❌ Critical issues found. Fix or: git commit --no-verify"
exit 1
fi
echo "✅ Quality check passed"
```
## Performance
```
Small (5K lines): 0.8 seconds
Medium (50K lines): 3.2 seconds
Large (200K lines): 12 seconds
Huge (1M lines): 58 seconds
```
10,000+ lines per second. Use `--jobs=N` to control parallelism.
## Speed Tips
1. **Scope to changed files**: `ubs src/file.ts` (< 1s) vs `ubs .` (30s)
2. **Use --staged or --diff**: Only scan what you're committing
3. **Language filter**: `--only=js,python` skips irrelevant scanners
4. **Skip categories**: `--skip=11,14` to skip debug/TODO markers
## Fix Workflow
```
1. Read finding → category + fix suggestion
2. Navigate file:line:col → view context
3. Verify real issue (not false positive)
4. Fix root cause (not symptom)
5. Re-run ubs <file> → exit 0
6. Commit
```
## Bug Severity Guide
- **Critical** (always fix): Null safety, XSS/injection, async/await, memory leaks
- **Important** (production): Type narrowing, division-by-zero, resource leaks
- **Contextual** (judgment): TODO/FIXME, console logs
## Common Anti-Patterns
| Don't | Do |
|-------|-----|
| Ignore findings | Investigate each |
| Full scan per edit | Scope to changed files |
| Fix symptom (`if (x) { x.y }`) | Fix root cause (`x?.y`) |
| Suppress without understanding | Verify false positive first |
## Installation
```bash
# One-liner (recommended)
curl -fsSL "https://raw.githubusercontent.com/Dicklesworthstone/ultimate_bug_scanner/master/install.sh?$(date +%s)" | bash -s -- --easy-mode
# Manual
curl -fsSL https://raw.githubusercontent.com/Dicklesworthstone/ultimate_bug_scanner/master/ubs \
-o /usr/local/bin/ubs && chmod +x /usr/local/bin/ubs
```
## Custom AST Rules
```bash
mkdir -p ~/.config/ubs/rules
cat > ~/.config/ubs/rules/no-console.yml <<'EOF'
id: custom.no-console
language: javascript
rule:
pattern: console.log($$$)
severity: warning
message: "Remove console.log before production"
EOF
ubs . --rules=~/.config/ubs/rules
```
## Excluding Paths
```bash
ubs . --exclude=legacy,generated,vendor
```
Auto-ignored: `node_modules`, `.venv`, `dist`, `build`, `target`, editor caches.
## Session Logs
```bash
ubs sessions --entries 1 # View latest install session
```
## Integration with Flywheel
| Tool | Integration |
|------|-------------|
| **BV** | `--beads-jsonl=out.jsonl` exports findings for Beads |
| **CASS** | Search past sessions for similar bug patterns |
| **CM** | Extract rules from UBS findings |
| **Agent Mail** | Notify agents of scan results |
| **DCG** | UBS runs inside DCG protection |
## Troubleshooting
| Error | Fix |
|-------|-----|
| "Environment error" (exit 2) | `ubs doctor --fix` |
| "ast-grep not found" | `brew install ast-grep` or `cargo install ast-grep` |
| Too many false positives | Use `--skip=N` or `// ubs:ignore` |
| Slow scans | Scope to files: `ubs <file>` not `ubs .` |Related Skills
azure-quotas
Check/manage Azure quotas and usage across providers. For deployment planning, capacity validation, region selection. WHEN: "check quotas", "service limits", "current usage", "request quota increase", "quota exceeded", "validate capacity", "regional availability", "provisioning limits", "vCPU limit", "how many vCPUs available in my subscription".
raindrop-io
Manage Raindrop.io bookmarks with AI assistance. Save and organize bookmarks, search your collection, manage reading lists, and organize research materials. Use when working with bookmarks, web research, reading lists, or when user mentions Raindrop.io.
zlibrary-to-notebooklm
自动从 Z-Library 下载书籍并上传到 Google NotebookLM。支持 PDF/EPUB 格式,自动转换,一键创建知识库。
discover-skills
当你发现当前可用的技能都不够合适(或用户明确要求你寻找技能)时使用。本技能会基于任务目标和约束,给出一份精简的候选技能清单,帮助你选出最适配当前任务的技能。
web-performance-seo
Fix PageSpeed Insights/Lighthouse accessibility "!" errors caused by contrast audit failures (CSS filters, OKLCH/OKLAB, low opacity, gradient text, image backgrounds). Use for accessibility-driven SEO/performance debugging and remediation.
project-to-obsidian
将代码项目转换为 Obsidian 知识库。当用户提到 obsidian、项目文档、知识库、分析项目、转换项目 时激活。 【激活后必须执行】: 1. 先完整阅读本 SKILL.md 文件 2. 理解 AI 写入规则(默认到 00_Inbox/AI/、追加式、统一 Schema) 3. 执行 STEP 0: 使用 AskUserQuestion 询问用户确认 4. 用户确认后才开始 STEP 1 项目扫描 5. 严格按 STEP 0 → 1 → 2 → 3 → 4 顺序执行 【禁止行为】: - 禁止不读 SKILL.md 就开始分析项目 - 禁止跳过 STEP 0 用户确认 - 禁止直接在 30_Resources 创建(先到 00_Inbox/AI/) - 禁止自作主张决定输出位置
obsidian-helper
Obsidian 智能笔记助手。当用户提到 obsidian、日记、笔记、知识库、capture、review 时激活。 【激活后必须执行】: 1. 先完整阅读本 SKILL.md 文件 2. 理解 AI 写入三条硬规矩(00_Inbox/AI/、追加式、白名单字段) 3. 按 STEP 0 → STEP 1 → ... 顺序执行 4. 不要跳过任何步骤,不要自作主张 【禁止行为】: - 禁止不读 SKILL.md 就开始工作 - 禁止跳过用户确认步骤 - 禁止在非 00_Inbox/AI/ 位置创建新笔记(除非用户明确指定)
internationalizing-websites
Adds multi-language support to Next.js websites with proper SEO configuration including hreflang tags, localized sitemaps, and language-specific content. Use when adding new languages, setting up i18n, optimizing for international SEO, or when user mentions localization, translation, multi-language, or specific languages like Japanese, Korean, Chinese.
google-official-seo-guide
Official Google SEO guide covering search optimization, best practices, Search Console, crawling, indexing, and improving website search visibility based on official Google documentation
github-release-assistant
Generate bilingual GitHub release documentation (README.md + README.zh.md) from repo metadata and user input, and guide release prep with git add/commit/push. Use when the user asks to write or polish README files, create bilingual docs, prepare a GitHub release, or mentions release assistant/README generation.
doc-sync-tool
自动同步项目中的 Agents.md、claude.md 和 gemini.md 文件,保持内容一致性。支持自动监听和手动触发。
deploying-to-production
Automate creating a GitHub repository and deploying a web project to Vercel. Use when the user asks to deploy a website/app to production, publish a project, or set up GitHub + Vercel deployment.