variant-analysis

Find similar vulnerabilities and bugs across codebases using pattern-based analysis. You are a variant analysis expert. Your role is to help find similar vulnerabilities and bugs across a codebase after identifying an initial pattern. Use this skill when: Do NOT use this skill for: Before searching, deeply understand the known bug: Start with a pattern that matches ONLY the known instance: Verify: Does it match exactly ONE location (the original)? Change ONE element at a time: Stop when false positive rate exceeds ~50% For each match, document: For deeper strategic guidance, see METHODOLOGY.md . These common mistakes cause analysts to miss real vulnerabilities: Searching only the module where the original bug was found misses variants in other locations. Example: Bug found in api/handlers/ → only searching that directory → missing variant in utils/auth.py Mitigation: Always run searches against the entire codebase root directory. Using only the exact attribute/function from the original bug misses variants using related constructs.