escapeboy/fix-bug
03-custom-skills/examples/fix-bug/SKILL.md
Three-phase autonomous bug fix — investigate all occurrences, fix with full coverage, validate with regression test. Prevents partial fixes (the
$ install --global
skillsauthnpx skillsauth add escapeboy/ai-prompts fix-bugInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 11, 2026, 3:54 AM154.0s1 file scanned
SKILL.md
- name:
- fix-bug
- description:
- Three-phase autonomous bug fix — investigate all occurrences, fix with full coverage, validate with regression test. Prevents partial fixes (the #1 friction source: fixing one broken route but missing the second, renaming a property but not the view variable, etc).
fix-bug
Three-phase bug fix that finds ALL occurrences, fixes atomically, and validates with a regression test.
Phase 1 — Comprehensive Investigation
Before touching any code:
- Reproduce the issue and capture the exact error message / stack trace
- Identify the primary symbol involved (function name, route, variable, class, column)
- Grep the entire codebase for every reference to that symbol:
- Controllers, services, models
- View templates (Blade / JSX / ERB / Twig — server-rendered views are the most-missed spot)
- Tests (feature + unit)
- Route definitions (all route files, not just the obvious one)
- Config files
- JS/CSS files if relevant
- Document: full list of files that reference the broken symbol
- Check for the same bug pattern in similar locations (e.g. if one route is broken, check all routes of the same type)
Do not proceed until you have the complete reference map.
Phase 2 — Fix with Full Coverage
Apply changes atomically across every file found in Phase 1:
- For renamed variables/properties: update the definition + every view, controller, test, and config
- For broken routes: check all route files, all route-helper calls, all redirects and links
- For removed/changed model attributes: update mass-assignment lists (
$fillableor equivalent), factories, seeders, and all tests that reference those attributes - For middleware changes: check route groups, kernel/middleware registration, and all test middleware overrides
After applying all changes, grep again to confirm zero remaining old references.
Phase 3 — Validate
- Run the full test suite (
php artisan test --parallel,npm test,pytest— project equivalent) - If tests fail:
- Determine: is the test wrong, or is the fix incomplete?
- Never change test assertions to make them pass trivially
- Fix the underlying issue
- Write a regression test that:
- Reproduces the original bug (assert it was broken)
- Confirms the fix works
- Lives in the appropriate test directory
- Final grep: confirm zero references to the old broken pattern
Output
Report back:
- Root cause (1-2 sentences)
- Files changed (list)
- Regression test location
- Test suite result (pass/fail count)
The bug to fix: $ARGUMENTS
Related Skills
escapeboy/onepassword-integrate
development
VerifiedTrustedCommunity
Audit or install maximum-depth 1Password integration in the current project — fetches fresh 1Password developer docs first, detects existing integration, and either reviews/improves it or greenfield-installs (Service Account secret resolution + site-compat autocomplete/well-known). Stack-aware (Laravel, Node/Next, Python, Ruby/Rails, Go). Use when the user says "integrate 1Password", "make this site 1Password-friendly", "audit our 1P integration", or invokes /onepassword-integrate.
78SKILL.mdUpdated Jun 11, 2026
escapeboy/image-optimize
development
VerifiedTrustedCommunity
Optimize PNG and JPEG images locally using pngquant and mozjpeg/jpegtran — TinyPNG-level compression without API keys.
78SKILL.mdUpdated Jun 11, 2026
escapeboy/git-sync-branches
development
VerifiedTrustedCommunity
Merges all feature branches into develop, syncs master/main with develop, commits any uncommitted changes, and deletes all feature branches (local and remote). Handles git submodules automatically. Use when you want to clean up branches and leave only develop and master/main in sync.
78SKILL.mdUpdated Jun 11, 2026
escapeboy/compliance-audit
development
VerifiedTrustedCommunity
This skill should be used when performing legal and regulatory compliance audits on software projects. It covers GDPR, CCPA/CPRA, ePrivacy Directive, HIPAA, PCI DSS, SOC 2, and WCAG 2.2 accessibility. The skill generates a full compliance package: audit report with severity ratings, automatic code fixes, legal document templates (Privacy Policy, Cookie Policy, DPA, DPIA), and data flow diagrams. This skill should be triggered when the user asks to check compliance, audit privacy, generate legal documents, review data handling, or ensure regulatory readiness for any project type (web, mobile, API, desktop).
78SKILL.mdUpdated Jun 11, 2026