audit
Run comprehensive codebase audit for gaps, deprecated code, TODOs, FIXMEs, architectural anti-patterns, type issues, and code smells. Use when user asks to audit code, find issues, check code quality, or identify architectural problems.
Best use case
audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. Run comprehensive codebase audit for gaps, deprecated code, TODOs, FIXMEs, architectural anti-patterns, type issues, and code smells. Use when user asks to audit code, find issues, check code quality, or identify architectural problems.
Run comprehensive codebase audit for gaps, deprecated code, TODOs, FIXMEs, architectural anti-patterns, type issues, and code smells. Use when user asks to audit code, find issues, check code quality, or identify architectural problems.
Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.
Practical example
Example input
Use the "audit" skill to help with this workflow task. Context: Run comprehensive codebase audit for gaps, deprecated code, TODOs, FIXMEs, architectural anti-patterns, type issues, and code smells. Use when user asks to audit code, find issues, check code quality, or identify architectural problems.
Example output
A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.
When to use this skill
- Use this skill when you want a reusable workflow rather than writing the same prompt again and again.
When not to use this skill
- Do not use this when you only need a one-off answer and do not need a reusable workflow.
- Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How audit Compares
| Feature / Agent | audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Run comprehensive codebase audit for gaps, deprecated code, TODOs, FIXMEs, architectural anti-patterns, type issues, and code smells. Use when user asks to audit code, find issues, check code quality, or identify architectural problems.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Codebase Audit
## Instructions
Perform a comprehensive, systematic audit of the codebase to identify quality issues, architectural problems, and technical debt.
### Phase 1: Discovery & Planning
1. **Identify scope** - Determine which files/directories to audit based on user request
2. **Create comprehensive file list** - Use Glob to find all relevant files
3. **Initialize todo list** - Create a todo with one item per file to audit
4. **Set up audit report** - Create structured markdown report at `.audit/audit-report-[timestamp].md`
### Phase 2: Automated Analysis
Run automated tools to supplement manual review:
- TypeScript compiler diagnostics
- ESLint (if configured)
- Grep for common patterns: TODO, FIXME, HACK, XXX, @deprecated
### Phase 3: Systematic File Review
For EACH file in the todo list:
1. **Read and analyze** the file thoroughly
2. **Check for issues** in these categories:
- **Deprecations**: Deprecated APIs, patterns, or code marked for removal
- **TODOs/FIXMEs**: Unfinished work or known issues
- **Architectural anti-patterns**:
- God objects/classes
- Circular dependencies
- Tight coupling
- Violation of SOLID principles
- Inconsistent patterns
- **Type issues**:
- Use of `any` or `unknown`
- Missing type annotations
- Incorrect type usage
- Type casts that hide issues
- **Code smells**:
- Duplicated code
- Long functions/classes
- Complex conditionals
- Dead code
- Magic numbers/strings
- Poor naming
3. **Assign severity** to each finding:
- **CRITICAL**: Breaks functionality, security issues, data corruption risks
- **HIGH**: Architectural violations, major maintainability issues
- **MEDIUM**: Code smells, minor anti-patterns, missing types
- **LOW**: Style issues, minor TODOs, cosmetic improvements
4. **Check for cross-file patterns** - As you review, note patterns that appear across multiple files
5. **Update report** - Add findings to the structured report
6. **Mark file as completed** in todo list
### Phase 4: Cross-File Analysis
After reviewing all individual files:
1. **Identify systemic patterns** - Issues that appear across multiple files
2. **Architectural assessment** - Overall system architecture health
3. **Dependency analysis** - Check for circular dependencies or coupling issues
4. **Consistency check** - Verify naming conventions, patterns are followed
### Phase 5: Validation & Summary
1. **Run final checks**:
- TypeScript type check (`tsc --noEmit` or similar)
- Linting (`npm run lint` or similar)
- Build process if applicable
2. **Generate executive summary**:
- Total issues by category
- Total issues by severity
- Top 10 most critical findings
### Audit Report Structure
```markdown
# Audit Report - [Date]
## Executive Summary
- **Files Audited**: X
- **Total Issues Found**: Y
- **Critical**: A | **High**: B | **Medium**: C | **Low**: D
## Top 10 Critical Findings
1. [Issue description] - Severity: CRITICAL - File: path/to/file.ts:line
## Issues by Category
### Deprecations
- [Issue] - Severity - File:line
### TODOs/FIXMEs
- [Issue] - Severity - File:line
### Architectural Anti-Patterns
- [Issue] - Severity - File:line
### Type Issues
- [Issue] - Severity - File:line
### Code Smells
- [Issue] - Severity - File:line
## Cross-File Patterns
- [Pattern description and affected files]
## Automated Tool Results
- TypeScript diagnostics summary
- ESLint results summary
```
## Critical Principles
- **NEVER skip files** - Audit every file in the todo list
- **NEVER edit files during audit** - This is read-only analysis
- **NEVER provide recommendations** - Only identify and report problems
- **NEVER create action plans** - That's a separate responsibility
- **DO use memory/pinboard** - Store context as you discover patterns
- **DO be thorough** - Think critically about each file
- **DO be objective** - Report what you find, not what to do about it
- **DO track progress** - Keep todo list updated in real-time
- **DO find all relevant files** - If you discover new files that should be audited, add them to the todo
## Dynamic File Discovery
If during audit you discover additional files that should be reviewed:
1. Add them to the todo list immediately
2. Continue systematic review
3. Ensure no stone is left unturnedRelated Skills
audit-website
Audit websites for SEO, technical, content, and security issues using squirrelscan CLI. Returns LLM-optimized reports with health scores, broken links, meta tag analysis, and actionable recommendations. Use when analyzing websites, debugging SEO issues, or checking site health.
wcag-audit-patterns
Conduct WCAG 2.2 accessibility audits with automated testing, manual verification, and remediation guidance. Use when auditing websites for accessibility, fixing WCAG violations, or implementing accessible design patterns.
seo-content-auditor
Analyzes provided content for quality, E-E-A-T signals, and SEO best practices. Scores content and provides improvement recommendations based on established guidelines. Use PROACTIVELY for content review.
security-auditor
Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks. Masters vulnerability assessment, threat modeling, secure authentication (OAuth2/OIDC), OWASP standards, cloud security, and security automation. Handles DevSecOps integration, compliance (GDPR/HIPAA/SOC2), and incident response. Use PROACTIVELY for security audits, DevSecOps, or compliance implementation.
production-code-audit
Autonomously deep-scan entire codebase line-by-line, understand architecture and patterns, then systematically transform it to production-grade, corporate-level professional quality with optimizations
laravel-security-audit
Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.
dependency-management-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
codebase-cleanup-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
aws-security-audit
Comprehensive AWS security posture assessment using AWS CLI and security best practices
accessibility-compliance-accessibility-audit
You are an accessibility expert specializing in WCAG compliance, inclusive design, and assistive technology compatibility. Conduct audits, identify barriers, and provide remediation guidance.
minimal-run-and-audit
Trusted-lane execution and reporting skill for README-first AI repo reproduction. Use when the task is specifically to capture or normalize evidence from the selected smoke test or documented inference or evaluation command and write standardized `repro_outputs/` files, including patch notes when repository files changed. Do not use for training execution, initial repo intake, generic environment setup, paper lookup, target selection, or end-to-end orchestration by itself.
claude-settings-audit
Analyze a repository to generate recommended Claude Code settings.json permissions. Use when setting up a new project, auditing existing settings, or determining which read-only bash commands to allow. Detects tech stack, build tools, and monorepo structure.