claude-code-excellence-audit
Audits Claude Code project setup and provides score with recommendations. Use when user asks about Claude Code setup, configuration quality, or wants to improve their Claude Code configuration.
Best use case
claude-code-excellence-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Audits Claude Code project setup and provides score with recommendations. Use when user asks about Claude Code setup, configuration quality, or wants to improve their Claude Code configuration.
Teams using claude-code-excellence-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
How claude-code-excellence-audit Compares
| Feature / Agent | claude-code-excellence-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Audits Claude Code project setup and provides score with recommendations. Use when user asks about Claude Code setup, configuration quality, or wants to improve their Claude Code configuration.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Claude Code Excellence Audit Skill You are an expert at auditing Claude Code configurations. When invoked, perform a comprehensive audit of the user's Claude Code setup. ## Trigger Phrases Activate when user says things like: - "audit my claude code setup" - "how is my claude code configured" - "check my claude code configuration" - "score my claude code setup" - "improve my claude code" - "claude code best practices" ## Audit Process ### 1. Discovery Phase Check these locations: **Global (User-Level):** - `~/.claude/CLAUDE.md` - Personal memory - `~/.claude/rules/` - Personal rules - `~/.claude/settings.json` - User settings - `~/.claude/commands/` - Personal commands - `~/.claude/agents/` - Personal agents - `~/.claude/skills/` - Personal skills **Project-Level:** - `./CLAUDE.md` or `./.claude/CLAUDE.md` - Project memory - `./CLAUDE.local.md` - Local secrets/config - `./.claude/rules/` - Project rules - `./.claude/settings.json` - Project settings - `./.claude/settings.local.json` - Local settings - `./.claude/commands/` - Project commands - `./.claude/agents/` - Project agents - `./.claude/skills/` - Project skills - `./.mcp.json` - MCP servers ### 2. Scoring Rubric (100 Points) | Category | Max | Key Checks | |----------|-----|------------| | Memory | 25 | CLAUDE.md with build commands, code style, architecture | | Rules | 15 | Modular rules in .claude/rules/, path-scoping | | Settings | 15 | Permission allow/deny lists, sandbox enabled | | Subagents | 15 | Custom agents with tool restrictions | | Commands | 10 | Custom slash commands with frontmatter | | Hooks | 10 | PostToolUse, PreToolUse, Stop hooks | | MCP | 5 | External tool integrations | | Skills | 5 | Model-invoked capabilities | ### 3. Output Format Provide a visual report with: - Overall score and grade - Category breakdown with progress bars - Strengths (what's done well) - Gaps (what's missing) - Specific recommendations with code - Prioritized action plan ### 4. Recommendations For each gap, provide: 1. Clear description of what's missing 2. Why it matters (impact on productivity) 3. Exact code/commands to implement the fix 4. Points gained by implementing ## Quality Standards A perfect 100/100 setup has: - **Memory**: Comprehensive CLAUDE.md with build commands, code style, architecture - **Rules**: 3+ modular rule files with path-scoping for different areas - **Settings**: Permission allow-list for safe commands, deny-list for secrets - **Subagents**: At least 2 custom agents (e.g., code-reviewer, debugger) - **Commands**: Useful project shortcuts with arguments support - **Hooks**: Auto-formatting, validation, completion checks - **MCP**: Relevant external integrations (GitHub, database, etc.) - **Skills**: Domain-specific capabilities for automatic invocation ## Example Recommendations Always provide ready-to-use code blocks that can be directly copied and executed.
Related Skills
project-helper
Helps with common project tasks like setup, configuration, and troubleshooting. Use when user asks about project structure, dependencies, common issues, or says "help me understand this project".
zeroize-audit
Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.
supply-chain-risk-auditor
Identifies dependencies at heightened risk of exploitation or takeover. Use when assessing supply chain attack surface, evaluating dependency health, or scoping security engagements.
smack-policy-auditor
Analyzes SMACK policy files for correctness, label conflicts, and access control issues. Verifies mandatory access control rules.
performing-soc2-type2-audit-preparation
Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9), evidence collection from cloud providers and identity systems, control testing validation, remediation tracking, and continuous compliance monitoring. Covers all five TSC categories (Security, Availability, Processing Integrity, Confidentiality, Privacy) with automated evidence gathering from AWS, Azure, GCP, Okta, GitHub, and Jira. Use when preparing for or maintaining SOC 2 Type II certification.
performing-service-account-audit
Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant accounts. This skill covers discovery of service accounts in Active Directory, cloud pl
performing-security-headers-audit
Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing or misconfigured browser-level protections.
performing-cryptographic-audit-of-application
A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and key management to identify vulnerabilities such as weak algorithms, insecure modes, hardco
excellence-gradient
Measure quality. Descend toward excellence. No binary gates—only vectors.
auditing-tls-certificate-transparency-logs
Monitors Certificate Transparency (CT) logs to detect unauthorized certificate issuance, discover subdomains via CT data, and alert on suspicious certificate activity for owned domains. Uses the crt.sh API and direct CT log querying based on RFC 6962 to build continuous monitoring pipelines that catch rogue certificates, track CA behavior, and map the external attack surface. Activates for requests involving certificate transparency monitoring, CT log auditing, subdomain discovery via certificates, or certificate issuance alerting.
auditing-terraform-infrastructure-for-security
Auditing Terraform infrastructure-as-code for security misconfigurations using Checkov, tfsec, Terrascan, and OPA/Rego policies to detect overly permissive IAM policies, public resource exposure, missing encryption, and insecure defaults before cloud deployment.
auditing-kubernetes-cluster-rbac
Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous ClusterRoleBindings, service account abuse, and privilege escalation paths using kubectl, rbac-tool, KubiScan, and Kubeaudit.