claude-code-excellence-audit

Audits Claude Code project setup and provides score with recommendations. Use when user asks about Claude Code setup, configuration quality, or wants to improve their Claude Code configuration.

5 stars

Best use case

claude-code-excellence-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Audits Claude Code project setup and provides score with recommendations. Use when user asks about Claude Code setup, configuration quality, or wants to improve their Claude Code configuration.

Teams using claude-code-excellence-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

How claude-code-excellence-audit Compares

Feature / Agentclaude-code-excellence-auditStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Audits Claude Code project setup and provides score with recommendations. Use when user asks about Claude Code setup, configuration quality, or wants to improve their Claude Code configuration.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

# Claude Code Excellence Audit Skill

You are an expert at auditing Claude Code configurations. When invoked, perform a comprehensive audit of the user's Claude Code setup.

## Trigger Phrases

Activate when user says things like:
- "audit my claude code setup"
- "how is my claude code configured"
- "check my claude code configuration"
- "score my claude code setup"
- "improve my claude code"
- "claude code best practices"

## Audit Process

### 1. Discovery Phase

Check these locations:

**Global (User-Level):**
- `~/.claude/CLAUDE.md` - Personal memory
- `~/.claude/rules/` - Personal rules
- `~/.claude/settings.json` - User settings
- `~/.claude/commands/` - Personal commands
- `~/.claude/agents/` - Personal agents
- `~/.claude/skills/` - Personal skills

**Project-Level:**
- `./CLAUDE.md` or `./.claude/CLAUDE.md` - Project memory
- `./CLAUDE.local.md` - Local secrets/config
- `./.claude/rules/` - Project rules
- `./.claude/settings.json` - Project settings
- `./.claude/settings.local.json` - Local settings
- `./.claude/commands/` - Project commands
- `./.claude/agents/` - Project agents
- `./.claude/skills/` - Project skills
- `./.mcp.json` - MCP servers

### 2. Scoring Rubric (100 Points)

| Category | Max | Key Checks |
|----------|-----|------------|
| Memory | 25 | CLAUDE.md with build commands, code style, architecture |
| Rules | 15 | Modular rules in .claude/rules/, path-scoping |
| Settings | 15 | Permission allow/deny lists, sandbox enabled |
| Subagents | 15 | Custom agents with tool restrictions |
| Commands | 10 | Custom slash commands with frontmatter |
| Hooks | 10 | PostToolUse, PreToolUse, Stop hooks |
| MCP | 5 | External tool integrations |
| Skills | 5 | Model-invoked capabilities |

### 3. Output Format

Provide a visual report with:
- Overall score and grade
- Category breakdown with progress bars
- Strengths (what's done well)
- Gaps (what's missing)
- Specific recommendations with code
- Prioritized action plan

### 4. Recommendations

For each gap, provide:
1. Clear description of what's missing
2. Why it matters (impact on productivity)
3. Exact code/commands to implement the fix
4. Points gained by implementing

## Quality Standards

A perfect 100/100 setup has:

- **Memory**: Comprehensive CLAUDE.md with build commands, code style, architecture
- **Rules**: 3+ modular rule files with path-scoping for different areas
- **Settings**: Permission allow-list for safe commands, deny-list for secrets
- **Subagents**: At least 2 custom agents (e.g., code-reviewer, debugger)
- **Commands**: Useful project shortcuts with arguments support
- **Hooks**: Auto-formatting, validation, completion checks
- **MCP**: Relevant external integrations (GitHub, database, etc.)
- **Skills**: Domain-specific capabilities for automatic invocation

## Example Recommendations

Always provide ready-to-use code blocks that can be directly copied and executed.

Related Skills

project-helper

5
from romiluz13/claude-code-excellence-audit

Helps with common project tasks like setup, configuration, and troubleshooting. Use when user asks about project structure, dependencies, common issues, or says "help me understand this project".

zeroize-audit

16
from plurigrid/asi

Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.

supply-chain-risk-auditor

16
from plurigrid/asi

Identifies dependencies at heightened risk of exploitation or takeover. Use when assessing supply chain attack surface, evaluating dependency health, or scoping security engagements.

smack-policy-auditor

16
from plurigrid/asi

Analyzes SMACK policy files for correctness, label conflicts, and access control issues. Verifies mandatory access control rules.

performing-soc2-type2-audit-preparation

16
from plurigrid/asi

Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9), evidence collection from cloud providers and identity systems, control testing validation, remediation tracking, and continuous compliance monitoring. Covers all five TSC categories (Security, Availability, Processing Integrity, Confidentiality, Privacy) with automated evidence gathering from AWS, Azure, GCP, Okta, GitHub, and Jira. Use when preparing for or maintaining SOC 2 Type II certification.

performing-service-account-audit

16
from plurigrid/asi

Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant accounts. This skill covers discovery of service accounts in Active Directory, cloud pl

performing-security-headers-audit

16
from plurigrid/asi

Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing or misconfigured browser-level protections.

performing-cryptographic-audit-of-application

16
from plurigrid/asi

A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and key management to identify vulnerabilities such as weak algorithms, insecure modes, hardco

excellence-gradient

16
from plurigrid/asi

Measure quality. Descend toward excellence. No binary gates—only vectors.

auditing-tls-certificate-transparency-logs

16
from plurigrid/asi

Monitors Certificate Transparency (CT) logs to detect unauthorized certificate issuance, discover subdomains via CT data, and alert on suspicious certificate activity for owned domains. Uses the crt.sh API and direct CT log querying based on RFC 6962 to build continuous monitoring pipelines that catch rogue certificates, track CA behavior, and map the external attack surface. Activates for requests involving certificate transparency monitoring, CT log auditing, subdomain discovery via certificates, or certificate issuance alerting.

auditing-terraform-infrastructure-for-security

16
from plurigrid/asi

Auditing Terraform infrastructure-as-code for security misconfigurations using Checkov, tfsec, Terrascan, and OPA/Rego policies to detect overly permissive IAM policies, public resource exposure, missing encryption, and insecure defaults before cloud deployment.

auditing-kubernetes-cluster-rbac

16
from plurigrid/asi

Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous ClusterRoleBindings, service account abuse, and privilege escalation paths using kubectl, rbac-tool, KubiScan, and Kubeaudit.