An autonomous bug-hunting and unit-test-writing skill for AI coding agents. Supports Claude Code, OpenCode, Cursor, Codex, and Gemini CLI.
一个自动持续补单测、找 bug 的 AI 编程智能体 skill,支持 Claude Code、OpenCode、Cursor、Codex、Gemini CLI。核心循环:写单测 → 发现 bug → 记录 → 继续写下一个测试,永不停歇。只找 bug,不修复。
This skill focuses on one activity: finding bugs by writing tests.
- Write unit tests — Add new tests to increase coverage, expose untested edge cases, and discover hidden bugs
The agent writes tests autonomously, recording every bug it finds — without attempting to fix anything. Multiple agents can run in parallel, each covering a different module.
This project is inspired by karpathy/autoresearch - Andrej Karpathy's research on autonomous code improvement through systematic experimentation.
Install to any supported agent (Claude Code, Cursor, Codex, OpenCode, Gemini CLI, GitHub Copilot, and 40+ more) using the skills CLI:
npx skills add gpBlockchain/bug-huntBrowse on the skills directory: skills.sh
Choose the method for your coding agent below.
In Claude Code, register the marketplace first:
/plugin marketplace add gpBlockchain/bug-huntThen install the plugin:
/plugin install bug-hunt@bug-hunt-devClone into your project and the skill is auto-discovered via CLAUDE.md:
git clone https://github.com/gpBlockchain/bug-hunt.gitThen use the /bug-hunt slash command.
In Cursor Agent chat, install from marketplace:
/add-plugin bug-hunt
Or search for "bug-hunt" in the plugin marketplace.
Tell Codex:
Fetch and follow instructions from https://raw.githubusercontent.com/gpBlockchain/bug-hunt/refs/heads/main/.codex/INSTALL.md
Detailed docs: .codex/INSTALL.md
Add to your opencode.json:
{
"plugin": ["bug-hunt@git+https://github.com/gpBlockchain/bug-hunt.git"]
}Restart OpenCode. Detailed docs: .opencode/INSTALL.md
gemini extensions install https://github.com/gpBlockchain/bug-huntTo update:
gemini extensions update bug-huntStart a new session in your chosen platform and ask: "Tell me about bug-hunt" or invoke it directly. The agent should recognize the skill and offer to start a bug-hunting run.
Claude Code:
/plugin update bug-huntCodex:
cd ~/.codex/bug-hunt && git pullOpenCode: Restart OpenCode (auto-updates).
Gemini CLI:
gemini extensions update bug-hunt- Setup: Configure test commands, test framework, editable test scope, and safety timeouts. Runs code risk analysis to generate
risk-map.json, then automatically performs codebase reconnaissance (recon.md) to detect the tech stack, entry points, and trust boundaries. - Loop: The agent writes unit tests to find bugs — records every bug found and keeps going indefinitely. After each potential bug, a verification step (
verification.md) filters out flaky tests and false positives, assigning a confidence score to every confirmed finding. Security-oriented test types (injection,auth-bypass,idor, etc.) are prioritized for high-risk entry points identified during recon. - Analysis: View structured results, tests written, bugs found (with confidence scores), and coverage progress over time.
- Evaluation (optional): Run
/bug-hunt --evalto measure the skill's effectiveness against a controlled test fixture with planted bugs — reports detection rate, false positive rate, and efficiency.
| File | Purpose |
|---|---|
SKILL.md |
Skill definition and workflow routing (OpenCode) |
CLAUDE.md |
Skill definition and workflow routing (Claude Code) |
.claude/commands/bug-hunt.md |
/bug-hunt slash command (Claude Code) |
setup.md |
Interactive first-run configuration |
loop.md |
Autonomous test-writing loop |
analysis.md |
Result analysis and recommendations |
recon.md |
Codebase reconnaissance: tech stack, entry points, trust boundaries |
verification.md |
Bug verification and false-positive filtering |
eval.md |
Self-test evaluation and effectiveness benchmarking |
adaptive-strategy.md |
Self-learning test selection and fuzz testing strategy |
analysis-engine.md |
Code risk scoring (6 dimensions including Security) |
bug-hunt.toml |
Configuration (test commands, framework, scope) |
bug-hunt-context.md |
Agent's knowledge base |
recon-report.json |
Tech stack, entry points, trust boundaries (generated at setup) |
llms.txt |
Short LLM-facing project summary |
llms-full.txt |
Full LLM-facing reference |
Run the /bug-hunt slash command from the Claude Code prompt:
/bug-hunt
Or for analysis of a previous run:
/bug-hunt analysis
Invoke the bug-hunt skill when you want to autonomously write unit tests and find bugs — using tests, linters, static analysis, or code review. The skill only finds bugs; it never modifies source code.
Simply ask the agent to "run bug-hunt" or "find bugs in this codebase" — the skill is automatically discovered and activated.