axiom-audit
Audit Axiom logs to identify and prioritize errors and warnings, research probable causes, and flag log smells. Use when user asks to check Axiom logs, analyze production errors, investigate log issues, or audit logging patterns.
Best use case
axiom-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Audit Axiom logs to identify and prioritize errors and warnings, research probable causes, and flag log smells. Use when user asks to check Axiom logs, analyze production errors, investigate log issues, or audit logging patterns.
Teams using axiom-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/axiom-audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How axiom-audit Compares
| Feature / Agent | axiom-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Audit Axiom logs to identify and prioritize errors and warnings, research probable causes, and flag log smells. Use when user asks to check Axiom logs, analyze production errors, investigate log issues, or audit logging patterns.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Axiom Logs Audit Skill
Systematically audit Axiom logs to identify, prioritize, and research errors and warnings.
## Setup
**Install axiom-mcp:**
```bash
go install github.com/axiomhq/axiom-mcp@latest
```
**Install mcptools:**
```bash
# macOS
brew tap f/mcptools
brew install mcp
# Windows/Linux
go install github.com/f/mcptools/cmd/mcptools@latest
```
**Set credentials:**
```bash
export AXIOM_TOKEN="xaat-your-token"
export AXIOM_ORG_ID="your-org-id" # Optional
```
Find credentials in repo:
```bash
grep -r "AXIOM" . --include="*.env*" --include="*.config.*"
```
## Usage
**List datasets:**
```bash
mcp call listDatasets --params '{"arguments":{}}' ~/go/bin/axiom-mcp
```
**Query APL:**
```bash
# Query errors
mcp call queryApl --params '{"arguments":{"dataset":"logs","apl":"['\''now-24h'\'':now] | where level == \"error\" | summarize count() by message"}}' ~/go/bin/axiom-mcp
# Query warnings
mcp call queryApl --params '{"arguments":{"dataset":"logs","apl":"['\''now-24h'\'':now] | where level == \"warn\" | summarize count() by message"}}' ~/go/bin/axiom-mcp
```
**Interactive shell (recommended for multiple queries):**
```bash
mcp shell ~/go/bin/axiom-mcp
```
## Audit Process
### 1. Identify Dataset
```bash
mcp call listDatasets --params '{"arguments":{}}' ~/go/bin/axiom-mcp
```
Or search codebase for dataset names:
```bash
grep -r "axiom.*dataset" . --include="*.ts" --include="*.js"
```
### 2. Query Errors & Warnings
**Errors:**
```apl
['now-24h':now]
| where level in ("error", "ERROR", "fatal", "FATAL")
| summarize count() by error_message=coalesce(_error, message, msg), error_type
| order by count_desc
```
**Warnings:**
```apl
['now-24h':now]
| where level in ("warn", "WARNING", "WARN")
| summarize count() by message
| order by count_desc
```
**Error trends:**
```apl
['now-7d':now]
| where level in ("error", "ERROR", "fatal", "FATAL")
| summarize count() by bin_auto(_time), error_type
```
### 3. Prioritize Errors
**Priority scoring:**
- **P0**: CRITICAL + High Frequency (>100/hour)
- **P1**: CRITICAL + Low Frequency OR HIGH + High Frequency
- **P2**: HIGH + Low Frequency OR MEDIUM + High Frequency
- **P3**: MEDIUM + Low Frequency
- **P4**: LOW
**Severity levels:**
- **CRITICAL**: Data loss, security issues, service down
- **HIGH**: Feature broken, user-facing errors
- **MEDIUM**: Degraded functionality, intermittent issues
- **LOW**: Minor warnings, non-critical issues
### 4. Research Each Error
For each unique error:
1. Find source in codebase using Grep
2. Read surrounding code to understand context
3. Identify probable cause (code bug, infrastructure, data, integration, config)
4. Collect evidence from code patterns and related errors
5. Flag log smells (see below)
### 5. Flag Log Smells
- **Excessive logging**: Same message flooding logs
- **Missing context**: No request ID, user ID, trace info
- **Poor error messages**: Vague or unhelpful
- **Logged but not handled**: Errors logged then ignored
- **Inconsistent logging**: Different levels for similar issues
- **Sensitive data exposure**: PII, secrets, tokens in logs
- **No stack traces**: Errors without stack traces
- **Generic catch-all handlers**: Hiding real issues
### 6. Generate Report
Create `.audits/axiom-audit-[timestamp].md` with:
```markdown
# Axiom Logs Audit Report
**Date**: [timestamp]
**Time Range**: [start] to [end]
**Total Errors**: X | **Total Warnings**: Y
## Executive Summary
- **P0 Issues**: X (immediate action required)
- **P1 Issues**: Y (urgent)
- **P2 Issues**: Z
- **P3+ Issues**: W
## Prioritized Error List
### P0: [Error Type]
**Occurrences**: X times | **Trend**: [↑/→/↓]
**First Seen**: [timestamp] | **Last Seen**: [timestamp]
**Error Message**:
```
[Actual error message]
```
**Source**: `path/to/file.ts:line`
**Probable Cause**: [Analysis]
**Evidence**:
- [Code patterns, related errors]
---
### P1: [Next Error]
[Same structure]
---
## Log Smells Detected
### Excessive Logging
- `[error pattern]` - X,000 times in Y minutes
- **Location**: `file.ts:line`
### Sensitive Data Exposure
- User emails logged in `auth.ts:42`
- **Impact**: Privacy/compliance risk
---
## Error Categories
**Infrastructure**: X% | **Code Bugs**: Y% | **Data Issues**: Z% | **External**: W%
---
## Trend Analysis
**New Errors**: [Errors that appeared recently]
**Increasing**: [Errors with rising frequency]
**Resolved**: [Errors that stopped]
```
### 7. Provide Summary
Brief summary for user highlighting:
- P0/P1 count and top issues
- Critical log smells
- Category breakdown
- Link to full report
## Critical Rules
- **NEVER EDIT FILES** - Audit only, no fixes
- **NEVER ASSUME** - Research each error in codebase
- **DO PRIORITIZE** - Use consistent priority scoring
- **DO IDENTIFY PATTERNS** - Group similar errors
- **DO FLAG LOG SMELLS** - Document logging anti-patterns
- **DO PROVIDE EVIDENCE** - Support analysis with code/data
## Success Criteria
✅ All errors/warnings extracted from Axiom
✅ Prioritized with severity + frequency scoring
✅ Root cause research for each error type
✅ Log smells identified
✅ Categorization and trend analysis complete
✅ Structured report generatedRelated Skills
assisting-with-soc2-audit-preparation
This skill assists with SOC2 audit preparation by automating tasks related to evidence gathering and documentation. It leverages the soc2-audit-helper plugin to generate reports, identify potential compliance gaps, and suggest remediation steps. Use this skill when the user requests help with "SOC2 audit", "compliance check", "security controls", "audit preparation", or "evidence gathering" related to SOC2. It streamlines the initial stages of SOC2 compliance, focusing on automated data collection and preliminary analysis.
performing-security-audits
This skill allows Claude to conduct comprehensive security audits of code, infrastructure, and configurations. It leverages various tools within the security-pro-pack plugin, including vulnerability scanning, compliance checking, cryptography review, and infrastructure security analysis. Use this skill when a user requests a "security audit," "vulnerability assessment," "compliance review," or any task involving identifying and mitigating security risks. It helps to ensure code and systems adhere to security best practices and compliance standards.
plugin-auditor
Audit automatically audits AI assistant code plugins for security vulnerabilities, best practices, AI assistant.md compliance, and quality standards when user mentions audit plugin, security review, or best practices check. specific to AI assistant-code-plugins repositor... Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
implementing-database-audit-logging
Process use when you need to track database changes for compliance and security monitoring. This skill implements audit logging using triggers, application-level logging, CDC, or native logs. Trigger with phrases like "implement database audit logging", "add audit trails", "track database changes", or "monitor database activity for compliance".
http-header-security-audit
Http Header Security Audit - Auto-activating skill for Security Fundamentals. Triggers on: http header security audit, http header security audit Part of the Security Fundamentals skill category.
hipaa-audit-helper
Hipaa Audit Helper - Auto-activating skill for Security Advanced. Triggers on: hipaa audit helper, hipaa audit helper Part of the Security Advanced skill category.
cursor-compliance-audit
Compliance and security auditing for Cursor IDE usage: SOC 2, GDPR, HIPAA assessment, evidence collection, and remediation. Triggers on "cursor compliance", "cursor audit", "cursor security review", "cursor soc2", "cursor gdpr", "cursor data governance".
container-security-auditor
Container Security Auditor - Auto-activating skill for Security Advanced. Triggers on: container security auditor, container security auditor Part of the Security Advanced skill category.
auditing-wallet-security
Audit wallet security by analyzing token approvals, permissions, and transaction patterns. Use when checking wallet security, reviewing approvals, or assessing risk exposure. Trigger with phrases like "audit wallet", "check approvals", "security scan", or "revoke tokens".
audit-trail-helper
Audit Trail Helper - Auto-activating skill for Enterprise Workflows. Triggers on: audit trail helper, audit trail helper Part of the Enterprise Workflows skill category.
accessibility-audit-runner
Accessibility Audit Runner - Auto-activating skill for Frontend Development. Triggers on: accessibility audit runner, accessibility audit runner Part of the Frontend Development skill category.
auditing-access-control
This skill enables Claude to audit access control implementations in various systems. It uses the access-control-auditor plugin to identify potential vulnerabilities and misconfigurations related to access control. Use this skill when the user asks to "audit access control", "check permissions", "assess access rights", or requests a "security review" focused on access management. It's particularly useful for analyzing IAM policies, ACLs, and other access control mechanisms in cloud environments, applications, or infrastructure. The skill helps ensure compliance with security best practices and identify potential privilege escalation paths.