{"slug":"find-sec-bugs-find-sec-bugs","name":"Find Sec Bugs","description":"The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)","tagline":"The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)","category":"development","tags":["static-analysis","code-quality","bytecode","code-analysis","cwe","findbugs","hacktoberfest","java","owasp","security"],"author":{"name":"find-sec-bugs","verified":true,"url":"https://github.com/find-sec-bugs"},"attribution":{"status":"community_indexed","statusLabel":"Community indexed","shortLabel":"COMMUNITY INDEXED","sourceLabel":"GitHub star discovery","sourceDetail":"find-sec-bugs/find-sec-bugs","creatorName":"find-sec-bugs","creatorUrl":"https://github.com/find-sec-bugs","sourceUrl":"https://github.com/find-sec-bugs/find-sec-bugs","indexedBy":"OpenAgentSkill community index","claimUrl":"https://www.openagentskill.com/skills/find-sec-bugs-find-sec-bugs#claim-this-skill","claimCta":"Claim this skill","trustNote":"This listing was indexed from public sources and is not marked official until a maintainer claim is approved.","publicNote":"Attribution links to the public repository or creator profile. Creators can claim the listing to update ownership signals."},"stats":{"stars":2427,"forks":481,"downloads":0,"rating":0,"review_count":0,"quality_score":62.4},"quality":{"score":99,"tier":"excellent","label":"Excellent","summary":"High-confidence pick with strong adoption and healthy maintenance signals.","signals":[{"label":"GitHub stars","value":"2.4K","tone":"positive"},{"label":"Freshness","value":"3mo ago","tone":"positive"},{"label":"Install ready","value":"Yes","tone":"positive"},{"label":"License","value":"LGPL-3.0","tone":"neutral"}],"warnings":[]},"trust":{"version":"trust-score-v3","score":94,"tier":"production","label":"Production candidate","summary":"Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability.","recommendedAction":"Shortlist for production use, then run a normal repository and dependency review.","dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":86,"weight":0.13,"status":"pass","detail":"2.4K GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":83,"weight":0.08,"status":"pass","detail":"2.4K stars, 481 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":88,"weight":0.14,"status":"pass","detail":"3mo since push"},{"id":"license","label":"License clarity","score":86,"weight":0.09,"status":"pass","detail":"LGPL-3.0"},{"id":"documentation","label":"README/SKILL.md completeness","score":90,"weight":0.14,"status":"pass","detail":"Metadata includes enough usage and workflow context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":90,"weight":0.12,"status":"pass","detail":"no major dependency risk hints in public metadata"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add find-sec-bugs/find-sec-bugs"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":100,"weight":0.07,"status":"pass","detail":"no high-risk permission surface in public metadata"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/find-sec-bugs/find-sec-bugs"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"}],"checks":[{"status":"pass","label":"GitHub adoption","detail":"2.4K GitHub stars"},{"status":"pass","label":"Stars/forks activity","detail":"2.4K stars, 481 forks; issue activity unavailable in current metadata"},{"status":"pass","label":"Recent maintenance","detail":"3mo since push"},{"status":"pass","label":"License clarity","detail":"LGPL-3.0"},{"status":"pass","label":"README/SKILL.md completeness","detail":"Metadata includes enough usage and workflow context"},{"status":"pass","label":"Dependency/runtime risk","detail":"no major dependency risk hints in public metadata"},{"status":"pass","label":"Install availability","detail":"npx skills add find-sec-bugs/find-sec-bugs"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"pass","label":"Permission surface","detail":"no high-risk permission surface in public metadata"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/find-sec-bugs/find-sec-bugs"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"pass","label":"Ownership","detail":"Listing manually verified"},{"status":"info","label":"OpenAgentSkill usage","detail":"No local usage activity yet"}],"strengths":["Manually verified listing","AI review approved","Install path is available","Repository evidence is available","Recently maintained repository","Meaningful GitHub adoption signal","Install command has no obvious high-risk pattern"],"warnings":[],"evidence":{"stars":"2.4K GitHub stars","repoActivity":"2.4K stars, 481 forks","lastPushed":"3mo since push","license":"LGPL-3.0","repository":"https://github.com/find-sec-bugs/find-sec-bugs","install":"npx skills add find-sec-bugs/find-sec-bugs","installSafety":"standard package or runtime install path","permissionSurface":"no high-risk permission surface in public metadata","documentation":"Strong README/SKILL.md context"},"installReadiness":{"ready":true,"command":"npx skills add find-sec-bugs/find-sec-bugs","policy":"agent_install_candidate","label":"Agent install candidate","notes":["Install path is available","Repository evidence is available","License is declared","3mo since push"]},"agentCompatibility":["Java","Static Analysis","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"low","label":"Low metadata risk","notes":["No major trust warnings detected from available metadata"]}},"safety":{"score":90,"level":"safe_to_install","label":"Safe to install with normal review","safety_tier":{"tier":"verified","label":"Verified","badge":"VERIFIED","summary":"Strong metadata, audit, install, and review signals. Suitable for agent shortlists after normal workspace review.","recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","auto_install_policy":"allow","reasons":["Verified listing","Safe-to-try audit","90/100 agent safety score"]},"auto_install_allowed":true,"human_review_required":false,"blocked":false,"audit_risk":"safe_to_try","permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"}],"policy_warnings":[],"constraints_applied":{"max_risk":"medium","needs_install_command":true,"min_stars":0}},"safety_gate":{"tier":"verified","label":"Verified","badge":"VERIFIED","auto_install_policy":"allow","auto_install_allowed":true,"human_review_required":false,"blocked":false,"recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","reasons":["Verified listing","Safe-to-try audit","90/100 agent safety score"]},"supply_profile":{"track":{"slug":"coding","label":"Coding and developer agents","shortLabel":"Coding","description":"Code review, repo analysis, testing, CI, GitHub, DevOps, and developer workflow skills."},"scenario":{"label":"Coding agents","description":"I need a coding agent that can understand a repository, edit code, and review pull requests.","useCases":[{"slug":"coding-agents","title":"Coding agents"},{"slug":"sports-analytics","title":"Sports analytics"},{"slug":"github-automation","title":"GitHub automation"}]},"applicableAgents":["Claude Code","CLI","Codex","Cursor","Java"],"install":{"ready":true,"command":"npx skills add find-sec-bugs/find-sec-bugs","primaryTarget":"CLI","targetCount":4},"githubQuality":{"stars":2427,"starsLabel":"2.4K","forks":481,"license":"LGPL-3.0","qualityScore":99,"trustScore":94,"auditScore":94},"maintenance":{"status":"active","label":"3mo since push","daysSincePush":83,"lastPushedAt":"2026-03-26T05:29:48+00:00"},"risk":{"level":"safe_to_try","label":"Safe to try","requiresReview":false,"notes":["No major risk signals from available metadata"]},"coverageTags":["Coding","Coding agents","development","static-analysis","code-quality","bytecode","code-analysis","cwe"]},"audit":{"audit_score":94,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":[]},"decision":{"readiness_score":100,"readiness_label":"Production-ready","headline":"Primary pick for Coding agents","role":"Primary pick","primary_fit":"Coding agents","best_for":["Coding agents workflows","Claude Code teams","teams that value GitHub adoption signals"],"risks":["No OpenAgentSkill engagement data yet"],"next_steps":["Install it in a sandbox agent and run one Coding agents task end to end.","Compare output quality, latency, and failure behavior against at least one alternative.","Promote it into production only after reviewing repository permissions, license, and maintenance signals."]},"platforms":["Java","Static Analysis","Claude Code"],"use_cases":[{"slug":"coding-agents","title":"Coding agents","url":"https://www.openagentskill.com/use-cases/coding-agents"},{"slug":"sports-analytics","title":"Sports analytics","url":"https://www.openagentskill.com/use-cases/sports-analytics"},{"slug":"github-automation","title":"GitHub automation","url":"https://www.openagentskill.com/use-cases/github-automation"},{"slug":"security-compliance","title":"Security and compliance","url":"https://www.openagentskill.com/use-cases/security-compliance"}],"install":"npx skills add find-sec-bugs/find-sec-bugs","install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add find-sec-bugs/find-sec-bugs","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"Find Sec Bugs\" agent skill from https://github.com/find-sec-bugs/find-sec-bugs. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"Find Sec Bugs\" as a Claude Code skill from https://github.com/find-sec-bugs/find-sec-bugs. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"Find Sec Bugs\" from https://github.com/find-sec-bugs/find-sec-bugs into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"repository":"https://github.com/find-sec-bugs/find-sec-bugs","github_repo":"find-sec-bugs/find-sec-bugs","version":"1.0.0","license":"LGPL-3.0","updated_at":"2026-06-15T03:01:25.580782+00:00","canonical_key":"find-sec-bugs/find-sec-bugs","recommendation_reasons":["Useful GitHub adoption: 2,427 stars","Install handoff is available","Repository freshness signal is available"],"urls":{"web":"https://www.openagentskill.com/skills/find-sec-bugs-find-sec-bugs","api":"https://www.openagentskill.com/api/agent/skills/find-sec-bugs-find-sec-bugs","install_api":"https://www.openagentskill.com/api/skills/find-sec-bugs-find-sec-bugs/install","audit":"https://www.openagentskill.com/skills/find-sec-bugs-find-sec-bugs/audit","repository":"https://github.com/find-sec-bugs/find-sec-bugs"},"meta":{"endpoint":"/api/registry/manifest/{slug}","canonical_agent_endpoint":"/api/agent/skills/find-sec-bugs-find-sec-bugs","agent_friendly":true,"api_version":"1.0","generated_at":"2026-06-17T10:43:35.391Z"}}