static-bug-detector
Installation
SKILL.md
Static Bug Detector
Find bugs that are syntactically provable without running the code. This is the fast, shallow pass: it won't catch design bugs, but everything it catches is real (or should be — see FP suppression below).
Signal catalog
| Defect class | What to look for | False-positive trap |
|---|---|---|
| Null/undefined deref | Path where x could be null and is dereferenced |
Framework guarantees non-null (Spring @Autowired, DI) |
| Uninitialized read | Variable read before any assignment on some path | Language zero-initializes (Go, Java fields) |
| Dead store | Assignment never read before reassign/return/scope-end | Intentional — value used by debugger/reflection |
| Unreachable code | Statements after unconditional return/throw/break | Intentional dead-switch-default for exhaustiveness |
| Resource leak | open/acquire with no close/release on all exit paths |
Ownership transferred to caller (factory pattern) |
| Unchecked return | err/Result/error-returning API call ignored |
Intentionally best-effort (_ = file.Close()) |
| Always-true/false cond | Condition provably constant via value-range or type | Defensive belt-and-suspenders after earlier guard |
| Identical branches | if/else bodies are syntactically identical |
Copy-paste placeholder during dev — rarely intentional |
| Self-assignment / no-op | x = x, list.remove(x); list.add(x) with no side effect |
Rarely intentional; near-always a bug |
| Format string mismatch | printf/format arg count or type mismatch |
Almost never a false positive |
| Integer over/underflow | Arithmetic that provably exceeds type range | Intentional wraparound (hash, checksum) |