Use PROACTIVELY when auditing code quality, running security scans, assessing technical debt, reviewing code for production readiness, setting up CI quality gates, or tracking DORA metrics. Analyzes codebases against OWASP Top 10, SOLID principles, Testing Trophy, and 2024-25 SDLC standards. Supports incremental audits for large codebases. Not for runtime profiling or real-time monitoring.
View on GitHubplugins/codebase-auditor/skills/codebase-auditor/SKILL.md
February 4, 2026
Select agents to install to:
npx add-skill https://github.com/cskiro/claudex/blob/main/plugins/codebase-auditor/skills/codebase-auditor/SKILL.md -a claude-code --skill codebase-auditorInstallation paths:
.claude/skills/codebase-auditor/# Codebase Auditor Comprehensive codebase audits using modern software engineering standards with actionable remediation plans. ## When to Use - Audit codebase for quality, security, maintainability - Assess technical debt and estimate remediation - Prepare production readiness report - Evaluate legacy codebase for modernization - Set up quality gates for CI/CD pipelines - Configure incremental audits for large codebases (>100k LOC) - Track audit history and trends over time ## Trigger Phrases - "Audit this codebase" / "Run a code audit" - "Security scan" / "Check for vulnerabilities" - "Assess technical debt" / "How much tech debt?" - "Production readiness review" - "Set up quality gates" - "DORA metrics" / "Deployment health" ## Audit Phases ### Phase 1: Initial Assessment - Project discovery (tech stack, frameworks, tools) - Quick health check (LOC, docs, git practices) - Red flag detection (secrets, massive files) ### Phase 2: Deep Analysis Load on demand based on Phase 1 findings. ### Phase 3: Report Generation Comprehensive report with scores and priorities. ### Phase 4: Remediation Planning Prioritized action plan with effort estimates. ## Analysis Categories | Category | Key Checks | |----------|------------| | Code Quality | Complexity, duplication, code smells | | Testing | Coverage (80% min), trophy distribution, quality | | Security | OWASP Top 10, dependencies, secrets | | Architecture | SOLID, patterns, modularity | | Performance | Build time, bundle size, runtime | | Documentation | JSDoc, README, ADRs | | DevOps | CI/CD maturity, DORA metrics | | Accessibility | WCAG 2.1 AA compliance | ## Technical Debt Rating (SQALE) | Grade | Remediation Effort | |-------|-------------------| | A | <= 5% of dev time | | B | 6-10% | | C | 11-20% | | D | 21-50% | | E | > 50% | ## Usage Examples ``` # Basic audit Audit this codebase using the codebase-auditor skill. # Security focused Run a security-focused audit on this codebase. # Quick health che