Skill

finding-dedup

Deduplicates security findings by indexing, comparing pairs for duplicates or similarities, presenting tables with recommendations, and executing user-confirmed deletions or merges.

Bash

security

code-quality

npx claudepluginhub joranhonig/grimoire

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Identify and resolve duplicate or overlapping security findings.

SKILL.md

Similar Skills

finding-review

Reviews existing security findings against best practices for title clarity, description completeness, recommendation objectivity, severity accuracy, and reference validity. Validates structure with bash script.

grimoire

multi-reviewer-patterns

32.9k

Coordinates parallel code reviews across dimensions like security, performance, architecture, testing, and accessibility with finding deduplication, severity calibration, and consolidated reports.

1 file

agent-teams

detect-pack

Consolidates outputs from dev, design, writing, product, and UX detect skills into unified scored index, risk heatmap, and unknowns backlog for audit combination.

2 files7 tools

jaan-to

Stats

Stars60

Forks6

Last CommitMar 19, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Finding Dedup

Identify and resolve duplicate or overlapping security findings.

Prerequisites

Before starting, read skills/finding/SKILL.md to understand finding structure and conventions. That skill defines the format and standards that this workflow relies on for comparison.

Workflow

When this skill is activated, create a todo list from the following steps. Mark each task in_progress before starting it and completed when done.

- [ ] 0. Load finding knowledge (read skills/finding/SKILL.md)
- [ ] 1. Index and compare findings
- [ ] 2. Present duplicates and confirm actions
- [ ] 3. Execute and report

0. Load Finding Knowledge

Read skills/finding/SKILL.md to internalize finding structure and conventions. This is required before proceeding — the base skill defines the format you will compare against.

1. Index and Compare Findings

Run the indexing script to get the full finding set:

bash skills/finding/scripts/index-findings.sh

If fewer than 2 findings exist, report that there is nothing to deduplicate and stop.

For each pair of findings, compare title, type, context (affected files), and description. Classify each pair as:

Duplicate — same root cause, same affected component, same impact. One can be deleted without losing information.
Similar — overlapping root cause or component but different scope or impact. Cannot delete without information loss. May benefit from cross-referencing or merging.
Distinct — no meaningful overlap. No action needed.

If the finding set is large (>10 findings), group by type first and only compare within groups. Use subagents for parallel comparison if needed.

See skills/finding/examples/dedup-scenario.md for a worked example showing duplicate vs similar classification and the resolution workflow.

2. Present Duplicates and Confirm Actions

Present results:

Table of duplicate pairs with recommendation (which to keep, which to delete)
Table of similar pairs with recommendation (merge, cross-reference, or leave as-is)
List of distinct findings — no action needed

For each duplicate pair: "Delete <file>? [y/n]" For each similar pair: "Merge into <file>? [y/n/skip]"

Never delete or merge without explicit user confirmation.

3. Execute and Report

Perform confirmed deletions and merges. When merging:

Keep the more complete finding as the base
Incorporate unique content from the other finding
Present the merged result for user approval before deleting the source

Re-run the index to show the updated finding set:

bash skills/finding/scripts/index-findings.sh

Suggest /finding-review on any merged findings to verify quality.