Claude-skill-registry code-hardcode-audit
Detect hardcoded values, magic numbers, and leaked secrets. TRIGGERS - hardcode audit, magic numbers, PLR2004, secret scanning.
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/code-hardcode-audit" ~/.claude/skills/majiayu000-claude-skill-registry-code-hardcode-audit && rm -rf "$T"
manifest:
skills/data/code-hardcode-audit/SKILL.mdsource content
Code Hardcode Audit
When to Use This Skill
Use this skill when the user mentions:
- "hardcoded values", "hardcodes", "magic numbers"
- "constant detection", "find constants"
- "duplicate constants", "DRY violations"
- "code audit", "hardcode audit"
- "PLR2004", "semgrep", "jscpd", "gitleaks"
- "secret scanning", "leaked secrets", "API keys"
- "passwords in code", "credential leaks"
Quick Start
# Full audit (all tools, both outputs) uv run --script scripts/audit_hardcodes.py -- src/ # Python magic numbers only (fastest) uv run --script scripts/run_ruff_plr.py -- src/ # Pattern-based detection (URLs, ports, paths) uv run --script scripts/run_semgrep.py -- src/ # Copy-paste detection uv run --script scripts/run_jscpd.py -- src/ # Secret scanning (API keys, tokens, passwords) uv run --script scripts/run_gitleaks.py -- src/
Tool Overview
| Tool | Detection Focus | Language Support | Speed |
|---|---|---|---|
| Ruff PLR2004 | Magic value comparisons | Python | Fast |
| Semgrep | URLs, ports, paths, credentials | Multi-language | Medium |
| jscpd | Duplicate code blocks | Multi-language | Slow |
| gitleaks | Secrets, API keys, passwords | Any (file-based) | Fast |
Output Formats
JSON (--output json)
{ "summary": { "total_findings": 42, "by_tool": { "ruff": 15, "semgrep": 20, "jscpd": 7 }, "by_severity": { "high": 5, "medium": 25, "low": 12 } }, "findings": [ { "id": "MAGIC-001", "tool": "ruff", "rule": "PLR2004", "file": "src/config.py", "line": 42, "column": 8, "message": "Magic value used in comparison: 8123", "severity": "medium", "suggested_fix": "Extract to named constant" } ], "refactoring_plan": [ { "priority": 1, "action": "Create constants/ports.py", "finding_ids": ["MAGIC-001", "MAGIC-003"] } ] }
Compiler-like Text (--output text)
src/config.py:42:8: PLR2004 Magic value used in comparison: 8123 [ruff] src/probe.py:15:1: hardcoded-url Hardcoded URL detected [semgrep] src/client.py:20-35: Clone detected (16 lines, 95% similarity) [jscpd] Summary: 42 findings (ruff: 15, semgrep: 20, jscpd: 7)
CLI Options
--output {json,text,both} Output format (default: both) --tools {all,ruff,semgrep,jscpd,gitleaks} Tools to run (default: all) --severity {all,high,medium,low} Filter by severity (default: all) --exclude PATTERN Glob pattern to exclude (repeatable) --parallel Run tools in parallel (default: true)
References
- Tool Comparison - Detailed tool capabilities
- Output Schema - JSON schema specification
- Troubleshooting - Common issues and fixes
Related
- ADR-0046: Semantic Constants Abstraction
- ADR-0047: Code Hardcode Audit Skill
- PMD CPD-based clone detection (DRY focus)code-clone-assistant