Cette page est affichée en anglais. Une traduction française est en cours.
SkillsMay 12, 2026·2 min de lecture

Bug Hunter — Adversarial AI Code Review + Auto-Fix

Bug Hunter is an adversarial code review skill that runs Hunter/Skeptic/Referee agents, reports confirmed issues, and supports canary-style auto-fixes.

Prêt pour agents

Installation agent prête

Cet actif peut être installé après choix du runtime, vérification du plan et exécution de la commande adaptée.

Native · 98/100Policy : autoriser
Surface agent
Tout agent MCP/CLI
Type
Skill
Installation
Single
Confiance
Confiance : Established
Point d'entrée
Asset
Commande d'installation directe
npx -y tokrepo@latest install fa5f0e2d-7b31-42c8-9d9a-5fb9d17e7c8f --target codex

À exécuter après confirmation du plan en dry-run.

Introduction

Bug Hunter is an adversarial code review skill that runs Hunter/Skeptic/Referee agents, reports confirmed issues, and supports canary-style auto-fixes.

  • Best for: teams that want fewer false positives in AI reviews and a safer auto-fix pipeline with verification steps
  • Works with: Node.js (README shows Node >=18 badge), AI coding agents that can read files and run shell commands, optional CLI install
  • Setup time: 10–20 minutes

Practical Notes

  • README describes a multi-stage pipeline and claims triage runs in <2 seconds (zero AI tokens).
  • Badges show Node.js >=18 and 113 tests passing in the README header.

How to Use Adversarial Review Effectively

Adversarial review is most useful when you can reproduce findings.

Suggested workflow:

  1. Run --scan-only first to get a report and decide what’s worth fixing.
  2. Use PR scope mode (--pr, --pr-security) so you don’t waste time on unrelated files.
  3. If you enable auto-fix, keep it gated: start with --dry-run or --plan-only (both are documented in the README) and require human approval for each fix in high-risk repos.

What “Good Output” Looks Like

  • A bug report includes evidence (where in code), impact, and a minimal reproduction or proof of concept.
  • For security findings, look for STRIDE/CWE references and CVSS scoring (the README claims these are produced).

FAQ

Q: Is this only for security? A: No. The README lists runtime behavioral bugs (logic, concurrency, error handling) as well as security scanning.

Q: Can it run without Node? A: The README notes Node.js 18+ is recommended; use the method that matches your environment.

Q: How do I reduce risk with auto-fix? A: Start with scan-only/plan-only/dry-run modes and require approvals before applying patches.

🙏

Source et remerciements

Source: https://github.com/codexstar69/bug-hunter > License: MIT > GitHub stars: 368 · forks: 46

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires