Back to Skills

codebase-auditor

verified

Use PROACTIVELY when auditing code quality, running security scans, assessing technical debt, reviewing code for production readiness, setting up CI quality gates, or tracking DORA metrics. Analyzes codebases against OWASP Top 10, SOLID principles, Testing Trophy, and 2024-25 SDLC standards. Supports incremental audits for large codebases. Not for runtime profiling or real-time monitoring.

View on GitHub

Marketplace

claudex

cskiro/claudex

Plugin

codebase-auditor

Repository

cskiro/claudex
1stars

plugins/codebase-auditor/skills/codebase-auditor/SKILL.md

Last Verified

January 25, 2026

Install Skill

Select agents to install to:

Scope:
npx add-skill https://github.com/cskiro/claudex/blob/main/plugins/codebase-auditor/skills/codebase-auditor/SKILL.md -a claude-code --skill codebase-auditor

Installation paths:

Claude
.claude/skills/codebase-auditor/
Powered by add-skill CLI

Instructions

# Codebase Auditor

Comprehensive codebase audits using modern software engineering standards with actionable remediation plans.

## When to Use

- Audit codebase for quality, security, maintainability
- Assess technical debt and estimate remediation
- Prepare production readiness report
- Evaluate legacy codebase for modernization
- Set up quality gates for CI/CD pipelines
- Configure incremental audits for large codebases (>100k LOC)
- Track audit history and trends over time

## Trigger Phrases

- "Audit this codebase" / "Run a code audit"
- "Security scan" / "Check for vulnerabilities"
- "Assess technical debt" / "How much tech debt?"
- "Production readiness review"
- "Set up quality gates"
- "DORA metrics" / "Deployment health"

## Audit Phases

### Phase 1: Initial Assessment
- Project discovery (tech stack, frameworks, tools)
- Quick health check (LOC, docs, git practices)
- Red flag detection (secrets, massive files)

### Phase 2: Deep Analysis
Load on demand based on Phase 1 findings.

### Phase 3: Report Generation
Comprehensive report with scores and priorities.

### Phase 4: Remediation Planning
Prioritized action plan with effort estimates.

## Analysis Categories

| Category | Key Checks |
|----------|------------|
| Code Quality | Complexity, duplication, code smells |
| Testing | Coverage (80% min), trophy distribution, quality |
| Security | OWASP Top 10, dependencies, secrets |
| Architecture | SOLID, patterns, modularity |
| Performance | Build time, bundle size, runtime |
| Documentation | JSDoc, README, ADRs |
| DevOps | CI/CD maturity, DORA metrics |
| Accessibility | WCAG 2.1 AA compliance |

## Technical Debt Rating (SQALE)

| Grade | Remediation Effort |
|-------|-------------------|
| A | <= 5% of dev time |
| B | 6-10% |
| C | 11-20% |
| D | 21-50% |
| E | > 50% |

## Usage Examples

```
# Basic audit
Audit this codebase using the codebase-auditor skill.

# Security focused
Run a security-focused audit on this codebase.

# Quick health che

Validation Details

Front Matter
Required Fields
Valid Name Format
Valid Description
Has Sections
Allowed Tools
Instruction Length:
3693 chars