Claude-skill-registry code-audit
Audits the entire codebase for bugs, security vulnerabilities, CLAUDE.md violations, dead code, duplicate code, and test quality issues. Use when asked to "audit code", "find bugs", "review codebase", "check for security issues", or "find dead code". Writes prioritized findings to TODO.md without suggesting fixes.
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/code-audit" ~/.claude/skills/majiayu000-claude-skill-registry-code-audit && rm -rf "$T"
manifest:
skills/data/code-audit/SKILL.mdsource content
Perform a comprehensive code audit and write findings to TODO.md.
Pre-flight
- Read CLAUDE.md - Load project rules to audit against
- Read TODO.md - Preserve existing items (will be renumbered)
Audit Process
Copy this checklist and track progress:
Audit Progress: - [ ] Step 1: Explore codebase systematically - [ ] Step 2: Check CLAUDE.md compliance - [ ] Step 3: Collect and categorize findings - [ ] Step 4: Write TODO.md with priority ordering
Step 1: Systematic Exploration
Use Task tool with
subagent_type=Explore$ARGUMENTSAreas to examine:
- Core servicessrc/services/
- Processing pipelinesrc/processing/
- API routessrc/routes/
- Gemini integrationsrc/gemini/
- Utilitiessrc/utils/
- Bank logicsrc/bank/
- Testssrc/**/*.test.ts
For each area, look for:
- Logic errors, null handling, race conditions
- Security vulnerabilities (injection, missing auth, exposed secrets)
- Unhandled edge cases and boundary conditions
- Dead or duplicate code
- Test quality issues (no assertions, always-pass, duplicates)
Step 2: CLAUDE.md Compliance
Check project-specific rules. See references/compliance-checklist.md for the complete list.
Step 3: Categorize Findings
| Tag | Description | Priority |
|---|---|---|
| Injection, exposed secrets, missing auth | Critical |
| Logic errors, data corruption | Critical/High |
| Unhandled scenarios | Medium |
| CLAUDE.md violations | Medium |
| Unsafe casts, missing guards | Medium |
| Unused functions, unreachable code | Low |
| Repeated logic | Low |
| Useless/duplicate tests | Low |
| Anti-patterns | Low |
For each issue, document:
- File path and approximate location
- Clear problem description
- Category tag
Do NOT document solutions. Identify problems only.
Step 4: Write TODO.md
Handle Existing Items:
- If TODO.md already has items, extract them first
- Reformat each existing item to follow
format## item #N [tag]- If item lacks a tag, infer appropriate tag from content
- If item is a simple bullet, convert to proper format
- Keep existing items in their original order
Write Final TODO.md:
# TODO ## item #1 [tag] First existing item (reformatted if needed) ## item #2 [tag] Second existing item (reformatted if needed) --- # Code Audit Findings ## item #3 [security] Description of the security issue. ## item #4 [bug] Description of the bug. ## item #5 [convention] Description of the CLAUDE.md violation.
Rules:
- Each item:
## item #N [tag] - Content: Simple paragraph explaining the problem
- NO solutions
- Existing items stay at top in original order (items #1-N)
- Separator line (
) between existing and new items--- - New audit findings below separator, ordered by priority (items #N+1 onwards)
- All items numbered sequentially
Rules
- Analysis only - Do NOT modify source code
- No solutions - Document problems, not fixes
- Be thorough - Check every file in scope
- Be specific - Include file paths
- No time wasting - Don't analyze how to fix
Termination
Output this message and STOP:
✓ Code audit complete. Findings written to TODO.md. Found N issues: - X critical/high priority - Y medium priority - Z low priority Next step: Review TODO.md and use `plan-todo` to create implementation plans.
Do not ask follow-up questions. Do not offer to fix issues.