What does code-auditor analyze?

It analyzes architecture & design, code quality, security, performance, testing, and maintainability, delivering actionable findings with file:line references.

How long does a quick audit take?

Quick audits typically take 15-30 minutes for high-level findings; Standard and Deep audits vary by repo size (30-60 minutes for standard, 60+ for deep).

Can I tailor audits to focus on specific areas?

Yes. You can run focused audits such as security-only, performance-only, testing-only, or a quick architecture review as needed.

code-auditor

npx machina-cli add skill mhattingpete/claude-skills-marketplace/code-auditor --openclaw

Files (1)

SKILL.md

3.5 KB

Code Auditor

Comprehensive codebase analysis covering architecture, code quality, security, performance, testing, and maintainability.

When to Use

"audit the code"
"analyze code quality"
"check for issues"
"review the codebase"
"find technical debt"
"security audit"
"performance review"

What It Analyzes

1. Architecture & Design

Overall structure and organization
Design patterns in use
Module boundaries and separation of concerns
Dependency management
Architectural decisions and trade-offs

2. Code Quality

Complexity hotspots (cyclomatic complexity)
Code duplication (DRY violations)
Naming conventions and consistency
Documentation coverage
Code smells and anti-patterns

3. Security

Common vulnerabilities (OWASP Top 10)
Input validation and sanitization
Authentication and authorization
Secrets management
Dependency vulnerabilities

4. Performance

Algorithmic complexity issues
Database query optimization
Memory usage patterns
Caching opportunities
Resource leaks

5. Testing

Test coverage assessment
Test quality and effectiveness
Missing test scenarios
Testing patterns and practices
Integration vs unit test balance

6. Maintainability

Technical debt assessment
Coupling and cohesion
Ease of future changes
Onboarding friendliness
Documentation quality

Approach

Explore using Explore agent (thorough mode)
Identify patterns with Grep and Glob
Read critical files for detailed analysis
Run static analysis tools if available
Synthesize findings into actionable report

Thoroughness Levels

Quick (15-30 min): High-level, critical issues only
Standard (30-60 min): Comprehensive across all dimensions
Deep (60+ min): Exhaustive with detailed examples

Output Format

# Code Audit Report

## Executive Summary
- Overall health score
- Critical issues count
- Top 3 priorities

## Findings by Category

### Architecture & Design
#### 🔴 High Priority
- [Finding with file:line reference]
  - Impact: [description]
  - Recommendation: [action]

#### 🟡 Medium Priority
...

### [Other categories]

## Prioritized Action Plan
1. Quick wins (< 1 day)
2. Medium-term improvements (1-5 days)
3. Long-term initiatives (> 5 days)

## Metrics
- Files analyzed: X
- Lines of code: Y
- Test coverage: Z%
- Complexity hotspots: N

Tools Used

Task (Explore agent): Thorough codebase exploration
Grep: Pattern matching for issues
Glob: Find files by type/pattern
Read: Detailed file analysis
Bash: Run linters, coverage tools

Success Criteria

Comprehensive coverage of all six dimensions
Specific file:line references for all findings
Severity/priority ratings (Critical/High/Medium/Low)
Actionable recommendations (not just observations)
Estimated effort for fixes
Both quick wins and long-term improvements

Integration

feature-planning: Plan technical debt reduction
test-fixing: Address test gaps identified
project-bootstrapper: Set up quality tooling

Configuration

Can focus on specific areas:

Security-only audit
Performance-only audit
Testing-only assessment
Quick architecture review

Source

git clone https://github.com/mhattingpete/claude-skills-marketplace/blob/main/productivity-skills-plugin/skills/code-auditor/SKILL.md

View on GitHub

Overview

Code Auditor performs a thorough review of a codebase across architecture, code quality, security, performance, testing, and maintainability. It helps you audit quality, surface technical debt, uncover security gaps, assess test coverage, and get a clear codebase health report.

How This Skill Works

The process starts with exploring the repository using a thorough Explore agent, then identifying patterns with Grep and Glob. Critical files are read for detailed analysis, static analysis tools are run when available, and findings are synthesized into an actionable report that covers architecture, quality, security, performance, testing, and maintainability with file:line references.

When to Use It

Audit the codebase for overall health and architectural boundaries
Identify technical debt and maintainability risks
Uncover security issues by reviewing inputs, auth, and dependencies
Assess test coverage and quality across units and integration tests
Performance review to spot bottlenecks and optimization opportunities

Quick Start

Step 1: Define scope (Quick/Standard/Deep) and pick focus areas
Step 2: Run Explore + Glob/Grep to scan critical files and patterns
Step 3: Generate the Code Audit Report and start remediation with the prioritized plan

Best Practices

Define scope with quick/standard/deep levels before starting
Anchor findings with precise file:line references for traceability
Ensure coverage across six dimensions: architecture, quality, security, performance, testing, maintainability
Combine static analysis results with targeted file reads of critical areas
Provide actionable recommendations with estimated effort and quick wins

Example Use Cases

Audit a legacy module to reveal architecture rot and high-risk coupling
Identify cyclomatic complexity hotspots and propose targeted refactors
Detect dependency vulnerabilities and outdated libraries in the supply chain
Uncover missing tests and gaps in test coverage for core services
Prioritize debt reduction with a stepwise plan including quick wins

Frequently Asked Questions

Add this skill to your agents