SkillsMay 12, 2026·2 min read

Bug Hunter — Adversarial AI Code Review + Auto-Fix

Bug Hunter is an adversarial code review skill that runs Hunter/Skeptic/Referee agents, reports confirmed issues, and supports canary-style auto-fixes.

Agent Toolkit
Agent Toolkit · Community
Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Native · 98/100Policy: allow
Agent surface
Any MCP/CLI agent
Kind
Skill
Install
Single
Trust
Trust: Established
Entrypoint
Asset
Universal CLI install command
npx tokrepo install fa5f0e2d-7b31-42c8-9d9a-5fb9d17e7c8f
install contractmetadata JSONadapter planraw content
Intro

Bug Hunter is an adversarial code review skill that runs Hunter/Skeptic/Referee agents, reports confirmed issues, and supports canary-style auto-fixes.

  • Best for: teams that want fewer false positives in AI reviews and a safer auto-fix pipeline with verification steps
  • Works with: Node.js (README shows Node >=18 badge), AI coding agents that can read files and run shell commands, optional CLI install
  • Setup time: 10–20 minutes

Practical Notes

  • README describes a multi-stage pipeline and claims triage runs in <2 seconds (zero AI tokens).
  • Badges show Node.js >=18 and 113 tests passing in the README header.

How to Use Adversarial Review Effectively

Adversarial review is most useful when you can reproduce findings.

Suggested workflow:

  1. Run --scan-only first to get a report and decide what’s worth fixing.
  2. Use PR scope mode (--pr, --pr-security) so you don’t waste time on unrelated files.
  3. If you enable auto-fix, keep it gated: start with --dry-run or --plan-only (both are documented in the README) and require human approval for each fix in high-risk repos.

What “Good Output” Looks Like

  • A bug report includes evidence (where in code), impact, and a minimal reproduction or proof of concept.
  • For security findings, look for STRIDE/CWE references and CVSS scoring (the README claims these are produced).

FAQ

Q: Is this only for security? A: No. The README lists runtime behavioral bugs (logic, concurrency, error handling) as well as security scanning.

Q: Can it run without Node? A: The README notes Node.js 18+ is recommended; use the method that matches your environment.

Q: How do I reduce risk with auto-fix? A: Start with scan-only/plan-only/dry-run modes and require approvals before applying patches.

🙏

Source & Thanks

Source: https://github.com/codexstar69/bug-hunter > License: MIT > GitHub stars: 368 · forks: 46

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Codex Plugin for Claude Code — OpenAI Cross-Review

Official OpenAI plugin that adds Codex code review and task delegation inside Claude Code. Get adversarial reviews, rescue debugging, and multi-model collaboration.

Skills
Agent Toolkit

E2B — Secure Sandboxes for AI Code

E2B runs AI-generated code in isolated cloud sandboxes. Install the Python/JS SDK, set `E2B_API_KEY`, then execute commands safely inside a sandbox.

Skills
Agent Toolkit

Sweep — Turn GitHub Issues into Pull Requests

AI agent that turns GitHub issues into pull requests automatically. Handles bug fixes and small features with context-aware code generation.

Skills
Script Depot

Claude Code Agent: Monday Bug Fixer

Elite bug-fixing agent that enriches task context from Monday.com platform data. Gathers related items, docs, comments, epics, and requirements to deliver production-quality...

Skills
TokRepo精选
Home🔍Search👤Me