verify
Security scanning with UBS (Ultimate Bug Scanner). Use before commits, when scanning for bugs, when the user mentions "ubs", "bugs", "scan", "verify", or "security".
$ 설치
git clone https://github.com/Mburdo/knowledge_and_vibes /tmp/knowledge_and_vibes && cp -r /tmp/knowledge_and_vibes/.claude/skills/verify ~/.claude/skills/knowledge_and_vibes// tip: Run this command in your terminal to install the skill
name: verify description: Security scanning with UBS (Ultimate Bug Scanner). Use before commits, when scanning for bugs, when the user mentions "ubs", "bugs", "scan", "verify", or "security".
Verify — Security Scanning
Scans for 1000+ bug patterns across multiple languages. Direct execution.
Design rationale: This skill executes directly as a simple command sequence. UBS handles the analysis internally. No subagents needed.
When This Applies
| Signal | Action |
|---|---|
| Before committing | ubs --staged |
| Scanning changes | ubs --diff |
| Scanning specific file | ubs path/to/file |
| User says "/verify" | Run security scan |
| Closing a bead | ubs --staged (mandatory) |
Mandatory Gate
UBS is a mandatory gate before every commit. This is not optional.
Research shows ~40% of LLM-generated code contains security vulnerabilities. The ubs --staged command must pass before any commit.
Pre-Commit (Required)
Run before every commit:
ubs --staged # Scan staged changes
ubs --staged --fail-on-warning # Strict mode (exit 1 on any issue)
Fix all issues before committing. Rerun until clean.
Scanning Options
# Scan current directory
ubs .
# Scan specific file
ubs path/to/file.ts
# Scan working tree changes vs HEAD
ubs --diff
# Verbose with code examples
ubs -v .
Profiles
# Strict (fail on warnings) - for production code
ubs --profile=strict .
# Loose (skip nits) - for prototyping
ubs --profile=loose .
Language Filters
# Single language
ubs --only=python .
# Multiple languages
ubs --only=typescript,javascript .
Supported languages:
- javascript, typescript
- python
- c, c++
- rust, go
- java, ruby
Output Formats
ubs . --format=json # JSON
ubs . --format=jsonl # Line-delimited JSON
ubs . --format=sarif # GitHub Code Scanning
CI Integration
ubs --ci # CI mode
ubs --comparison baseline.json . # Regression detection
Suppressing False Positives
Add to the line:
// ubs:ignore
const result = eval(userInput); // ubs:ignore
Use sparingly. Over-suppression defeats the purpose.
Health Check
ubs doctor
ubs doctor --fix
Workflow Integration
The standard pre-commit workflow (via /advance):
# 1. Run tests
pytest # or npm test, etc.
# 2. Scan staged changes (MANDATORY)
ubs --staged
# 3. Fix any issues found
# 4. Re-run until clean (counts toward 3-iteration cap)
ubs --staged
# 5. Commit
git add -A && git commit
Issue Handling
| Issue Level | Action |
|---|---|
| Critical | Fix immediately, blocks commit |
| High | Fix before commit |
| Medium | Fix or document justification |
| Low | Fix if easy, otherwise note |
Fixing UBS issues counts toward your 3-iteration cap. If you've hit 3 iterations and still have issues, stop and escalate.
Quick Reference
ubs --staged # Pre-commit scan (required)
ubs --staged --fail-on-warning # Strict pre-commit
ubs --diff # Working tree changes
ubs path/to/file # Specific file
ubs --profile=strict . # Production mode
ubs doctor --fix # Health check
Anti-Patterns
| Don't | Why | Do Instead |
|---|---|---|
Skip ubs --staged | Bugs slip into commits | Always run before commit |
| Ignore warnings | May be real issues | Review each warning |
Over-suppress with // ubs:ignore | Defeats the purpose | Use sparingly |
| Run unlimited fix iterations | Security degrades | Max 3 iterations |
See Also
/advance— Bead workflow (includes verify gate)/release— Pre-ship checklist (includes full verification)
Repository
