Get the FREE Ultimate OpenClaw Setup Guide →

code-auditing

npx machina-cli add skill jeffrigby/somepulp-agents/code-auditing --openclaw
Files (1)
SKILL.md
4.5 KB

Code Auditing Skill

Comprehensive methodology for systematic code quality audits.

When to Use

  • Comprehensive code quality audits
  • Security vulnerability assessments
  • Technical debt identification
  • Pre-release code reviews
  • Best practices verification
  • Library and dependency audits

Audit Phases

Phase 0: Pre-Analysis Setup

  1. Check for project configuration files (package.json, tsconfig.json, etc.)
  2. Identify tech stack and main libraries
  3. Check for linting/formatting configs
  4. Run existing linting/testing commands as baseline
  5. Load documentation for identified core libraries

Phase 1: Discovery

  1. Find all code files by type
  2. Create tracking list for each file
  3. Group files by module/feature for contextual analysis

Phase 2: File-by-File Analysis

For each file, analyze for:

  • Dead code (unused functions, variables, imports)
  • Code smells and anti-patterns
  • Custom implementations that could use established libraries
  • Security vulnerabilities
  • Performance issues
  • Outdated patterns or deprecated APIs
  • Missing error handling
  • Overly complex functions
  • Duplicate code

Phase 3: Best Practices Verification

For every library and framework:

  1. Retrieve official documentation
  2. Compare implementation against official patterns
  3. Identify deviations from recommendations
  4. Note outdated usage patterns
  5. Flag discouraged anti-patterns

Phase 4: Pattern Detection

Look for recurring issues:

  • Common anti-patterns across files
  • Duplicated logic that could be abstracted
  • Inconsistent coding styles
  • Missing error handling patterns

Phase 5: Library Recommendations

For custom implementations:

  1. Check if current libraries provide the functionality
  2. Search for mature ecosystem packages
  3. Verify library health (commits, issues, activity)
  4. Check compatibility with project setup

Phase 6: Comprehensive Report

Generate detailed report with:

  • Executive summary
  • Critical issues requiring immediate attention
  • File-by-file findings
  • Prioritized action plan
  • Effort estimates
  • Library recommendations

Issue Priority Levels

  • Critical - Security vulnerabilities, broken functionality
  • High Priority - Performance bottlenecks, unmaintainable code
  • Medium Priority - Code quality, best practices deviations
  • Low Priority - Style, minor improvements
  • Quick Wins - Less than 30 minutes to fix

Analysis Categories

Security

  • Hardcoded secrets
  • SQL injection risks
  • XSS vulnerabilities
  • Missing input validation
  • Exposed sensitive data

Performance

  • Inefficient algorithms
  • Blocking operations
  • Memory leaks
  • Missing caching opportunities
  • N+1 query patterns

TypeScript/Type Safety

  • Missing type annotations
  • Use of any type
  • Custom types duplicating official types
  • Missing @types packages

Async/Promise Issues

  • Missing await keywords
  • Unhandled promise rejections
  • Callback hell

Dead Code

  • Unused imports and exports
  • Unused functions, classes, and methods
  • Unused variables and types
  • Unreachable code blocks
  • Unused files (not imported anywhere)
  • Unused dependencies

Tools:

  • JavaScript/TypeScript: npx knip --reporter json
  • Python: deadcode . --dry

Important: Always verify tool findings before reporting. Check for:

  • Dynamic imports (import(variable))
  • Framework patterns (React components, decorators)
  • Re-exports for public API
  • Entry points (CLI scripts, serverless handlers)

Resources

See the reference documents for complete methodologies:

  • references/audit-methodology.md - Full 6-phase audit process with detailed checklists
  • references/dead-code-methodology.md - Dead code detection tools, verification, and cleanup workflows

Quick Reference

Before Starting

  • Read project configuration files
  • Identify tech stack and libraries
  • Run existing linters as baseline
  • Create file tracking list

During Audit

  • Mark files as in-progress
  • Analyze each category systematically
  • Note specific line numbers
  • Document before/after examples
  • Mark files as completed

After Audit

  • Categorize all findings by priority
  • Generate comprehensive report
  • Save report to project root
  • Provide brief console summary

Source

git clone https://github.com/jeffrigby/somepulp-agents/blob/main/plugins/codebase-health/skills/code-auditing/SKILL.mdView on GitHub

Overview

Code Auditing Skill provides a comprehensive, phased methodology to assess code quality, security, and adherence to best practices. It guides you from setup through discovery, analysis, and a comprehensive report, covering dead code, anti-patterns, and library health. The process helps identify technical debt and actionable improvements before release.

How This Skill Works

The skill follows six phases (Pre-Analysis Setup through Comprehensive Report) to methodically scan files, group them by module, and surface issues across security, performance, TypeScript/type safety, async/promise handling, and dead code. It relies on official documentation checks and established tooling, such as JavaScript/TypeScript: npx knip --reporter json and Python: deadcode . --dry, with a requirement to verify findings before reporting.

When to Use It

  • Audit code for quality, security, and best practices
  • Identify technical debt and optimization opportunities
  • Perform security vulnerability assessments
  • Identify dead code, unused imports, and duplicates
  • Review libraries and dependencies for health and compatibility

Quick Start

  1. Step 1: Run Phase 0—map project files, tech stack, and configs
  2. Step 2: Execute Phase 1–5 analysis across files and libraries
  3. Step 3: Generate Phase 6 comprehensive report with prioritized plan

Best Practices

  • Start with Phase 0 to map project configuration, tech stack, and lint/format configs
  • Run baseline linting and test commands to establish a reference
  • Group files by module/feature to enable contextual analysis
  • Cross-check findings against official docs and patterns to avoid false positives
  • Deliver a prioritized action plan with effort estimates and remediation steps

Example Use Cases

  • Audit a React SPA to remove dead code and deprecated APIs
  • Security review of an Express API uncovering input validation gaps
  • Technical debt assessment in a legacy monolith with duplicated logic
  • Library and dependency health check across a microservices repo
  • Pre-release code review for a feature with new library integrations

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers ↗