About this skill
The 'fix-review' skill empowers an AI agent to conduct automated, rigorous reviews of code commits specifically aimed at resolving security audit findings or other identified software issues. It meticulously verifies that all original findings are accurately and completely remediated, while concurrently scanning the changes for any unintended regressions, newly introduced bugs, or new security vulnerabilities. This skill leverages the agent's capabilities to maintain high standards of code quality and security, serving as a powerful augmentation to traditional human code review processes within development and CI/CD workflows. It's designed to ensure that remediation efforts are thorough, effective, and do not inadvertently compromise the codebase further.
Best use case
Ensuring that code changes (fix commits) intended to resolve identified issues, especially from security audits or bug reports, are comprehensive, correctly implemented, and do not introduce new problems or regressions.
Verify fix commits address audit findings without new bugs
A clear, detailed assessment indicating whether the fix commits have successfully addressed all specified audit findings. The outcome will highlight any findings that remain unresolved, identify any new bugs or security vulnerabilities introduced by the changes, and provide actionable recommendations for further remediation or adjustments to the code.
Practical example
Example input
```json
{
"commit_hash": "abcdef1234567890abcdef1234567890abcdef",
"audit_findings": [
{
"id": "SQI-001",
"description": "SQL Injection vulnerability in user authentication function.",
"file": "src/auth.py",
"line": 50,
"severity": "Critical"
},
{
"id": "XSS-002",
"description": "Cross-Site Scripting (XSS) in comment display.",
"file": "public/js/comments.js",
"line": 120,
"severity": "High"
}
],
"code_diff": "(full Git diff of the fix commit for context)"
}
```Example output
```json
{
"status": "review_completed",
"summary": "Fix commits reviewed for audit findings.",
"findings_addressed": [
{
"id": "SQI-001",
"status": "resolved",
"notes": "SQL injection vulnerability successfully patched using prepared statements. Verified by static analysis and test cases."
}
],
"findings_partially_addressed": [],
"findings_unaddressed": [
{
"id": "XSS-002",
"status": "unresolved",
"notes": "The fix implemented only escapes output for one specific field, leaving other potential XSS vectors in 'comments.js' unaddressed. Further sanitization is required."
}
],
"new_issues_found": [
{
"type": "new_bug",
"description": "Introduced a NullPointerException in 'src/logging.py' at line 75 due to incorrect handling of an empty username parameter in the authentication flow.",
"severity": "Medium"
}
],
"recommendations": [
"Complete the XSS fix for finding XSS-002 by ensuring all user-generated content is properly sanitized before display.",
"Address the NullPointerException in 'src/logging.py' by adding a null check or default value for the username parameter."
]
}
```When to use this skill
- Reviewing commits that specifically address security audit findings.
- Verifying that code fixes do not introduce new vulnerabilities or regressions.
- Ensuring code changes properly and completely resolve identified issues.
- Validating that remediation efforts for bugs or security flaws are correct and effective.
When not to use this skill
- For initial architectural design reviews or feature development where creative human input and high-level strategic thinking are paramount.
- When audit findings are highly ambiguous, subjective, or require deep contextual human understanding beyond the AI's current capabilities.
- As a sole replacement for critical human oversight in high-stakes security contexts, but rather as a complementary tool.
- For reviewing entirely new features or codebases without specific pre-existing audit findings or issues to address.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/fix-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How fix-review Compares
| Feature / Agent | fix-review | Standard Approach |
|---|---|---|
| Platform Support | Claude | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | easy | N/A |
Frequently Asked Questions
What does this skill do?
Verify fix commits address audit findings without new bugs
Which AI agents support this skill?
This skill is designed for Claude.
How difficult is it to install?
The installation complexity is rated as easy. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Fix Review ## Overview Verify that fix commits properly address audit findings without introducing new bugs or security vulnerabilities. ## When to Use This Skill Use this skill when you need to verify fix commits address audit findings without new bugs. Use this skill when: - Reviewing commits that address security audit findings - Verifying that fixes don't introduce new vulnerabilities - Ensuring code changes properly resolve identified issues - Validating that remediation efforts are complete and correct ## Instructions This skill helps verify that fix commits properly address audit findings: 1. **Review Fix Commits**: Analyze commits that claim to fix audit findings 2. **Verify Resolution**: Ensure the original issue is properly addressed 3. **Check for Regressions**: Verify no new bugs or vulnerabilities are introduced 4. **Validate Completeness**: Ensure all aspects of the finding are resolved ## Review Process When reviewing fix commits: 1. Compare the fix against the original audit finding 2. Verify the fix addresses the root cause, not just symptoms 3. Check for potential side effects or new issues 4. Validate that tests cover the fixed scenario 5. Ensure no similar vulnerabilities exist elsewhere ## Best Practices - Review fixes in context of the full codebase - Verify test coverage for the fixed issue - Check for similar patterns that might need fixing - Ensure fixes follow security best practices - Document the resolution approach ## Resources For more information, see the [source repository](https://github.com/trailofbits/skills/tree/main/plugins/fix-review).
Related Skills
metasploit-framework
⚠️ AUTHORIZED USE ONLY > This skill is for educational purposes or authorized security assessments only. > You must have explicit, written permission from the system owner before using this tool. > Misuse of this tool is illegal and strictly prohibited.
ffuf-web-fuzzing
Expert guidance for ffuf web fuzzing during penetration testing, including authenticated fuzzing with raw requests, auto-calibration, and result analysis
lightning-architecture-review
Review Bitcoin Lightning Network protocol designs, compare channel factory approaches, and analyze Layer 2 scaling tradeoffs. Covers trust models, on-chain footprint, consensus requirements, HTLC/PTLC compatibility, liveness, and watchtower support.
gha-security-review
Find exploitable vulnerabilities in GitHub Actions workflows. Every finding MUST include a concrete exploitation scenario — if you can't build the attack, don't report it.
gh-review-requests
Fetch unread GitHub notifications for open PRs where review is requested from a specified team or opened by a team member. Use when asked to "find PRs I need to review", "show my review requests", "what needs my review", "fetch GitHub review requests", or "check team review queue".
error-debugging-multi-agent-review
Use when working with error debugging multi agent review
django-perf-review
Django performance code review. Use when asked to "review Django performance", "find N+1 queries", "optimize Django", "check queryset performance", "database performance", "Django ORM issues", or audit Django code for performance problems.
django-access-review
django-access-review
differential-review
Security-focused code review for PRs, commits, and diffs.
comprehensive-review-pr-enhance
Generate structured PR descriptions from diffs, add review checklists, risk assessments, and test coverage summaries. Use when the user says "write a PR description", "improve this PR", "summarize my changes", "PR review", "pull request", or asks to document a diff for reviewers.
codex-review
Professional code review with auto CHANGELOG generation, integrated with Codex AI. Use when you want professional code review before commits, you need automatic CHANGELOG generation, or reviewing large-scale refactoring.
code-reviewer
Elite code review expert specializing in modern AI-powered code