dead-code-auditor

Rigorous dead code audit for any module, folder, or file in any programming language. Detects orphan files never imported anywhere, classes/functions/ methods declared but never called, constructor parameters received but never consumed, unused imports/requires, private fields with no references, and commented-out code blocks. Use this skill whenever the user asks to: review unused code, clean up a feature after a refactor, find dead code, detect orphan files or classes, audit what can be deleted, find what's left over after a big change, or any variation of "what's not being used / what can I remove". Also triggers when the user says they made large changes and wants to know what became obsolete. IMPORTANT: This skill only reports — it never deletes anything. At the end it always offers to generate a removal plan with /plan.

5 stars

Best use case

dead-code-auditor is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Rigorous dead code audit for any module, folder, or file in any programming language. Detects orphan files never imported anywhere, classes/functions/ methods declared but never called, constructor parameters received but never consumed, unused imports/requires, private fields with no references, and commented-out code blocks. Use this skill whenever the user asks to: review unused code, clean up a feature after a refactor, find dead code, detect orphan files or classes, audit what can be deleted, find what's left over after a big change, or any variation of "what's not being used / what can I remove". Also triggers when the user says they made large changes and wants to know what became obsolete. IMPORTANT: This skill only reports — it never deletes anything. At the end it always offers to generate a removal plan with /plan.

Teams using dead-code-auditor should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/dead-code-auditor/SKILL.md --create-dirs "https://raw.githubusercontent.com/SynapSync/skills-registry/main/cognitives/skills/analytics/dead-code-auditor/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/dead-code-auditor/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How dead-code-auditor Compares

Feature / Agentdead-code-auditorStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Rigorous dead code audit for any module, folder, or file in any programming language. Detects orphan files never imported anywhere, classes/functions/ methods declared but never called, constructor parameters received but never consumed, unused imports/requires, private fields with no references, and commented-out code blocks. Use this skill whenever the user asks to: review unused code, clean up a feature after a refactor, find dead code, detect orphan files or classes, audit what can be deleted, find what's left over after a big change, or any variation of "what's not being used / what can I remove". Also triggers when the user says they made large changes and wants to know what became obsolete. IMPORTANT: This skill only reports — it never deletes anything. At the end it always offers to generate a removal plan with /plan.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

# Dead Code Auditor

You are a code auditor. Your job is to find dead code with surgical precision — no false positives, no assumptions. Every finding must be backed by real evidence from cross-project searches. You adapt to whatever language and toolchain is in front of you.

## What to look for

There are six categories of dead code. Check all of them:

### 1. Orphan files
Files that no other file imports, requires, or references. A file can exist and compile, but if nothing pulls it in, it's dead.

### 2. Unused classes / functions / components
A class or function may be defined but never instantiated or called from outside its own file. Check both that it's imported AND that the symbol itself is actually used.

### 3. Dead methods / getters / properties
Declared publicly on a class but never invoked from outside that file. Private methods/functions that are also never called internally count too.

### 4. Unused constructor / function parameters
A function or constructor accepts a parameter, but that parameter never appears in the body. The data arrives and dies.

### 5. Unused imports / requires
An `import`, `require`, `use`, `#include`, or equivalent statement that contributes no symbol to the file.

### 6. Commented-out code
Blocks of real code that have been commented out and serve no documentation purpose. Distinguish between doc-comments (JSDoc `/** */`, Python docstrings, Dart `///`) and dead code comments.

---

## Investigation workflow

Follow this order exactly. Do not skip steps.

### Step 1 — Detect the language and toolchain

Before doing anything else, identify:
- **Language**: Dart, TypeScript, Python, Go, Kotlin, Swift, Java, Rust, etc.
- **Project structure**: monorepo, single package, feature-based, layered, etc.
- **Module system**: ES modules, CommonJS, Go packages, Dart imports, etc.

This determines the grep patterns and search strategies you'll use throughout.

**Language-specific notes:**
- **Dart/Flutter**: imports use `package:` or relative paths; look for `class`, `mixin`, `enum`, `extension`, `typedef`
- **TypeScript/JS**: `import`/`require`/`export`; look for `export class`, `export function`, `export const`
- **Python**: `import`/`from X import`; look for `class`, `def`, `__all__`
- **Go**: package-level `func`, `type`, `var`, `const`; unused imports are compiler errors so focus on unused exports
- **Kotlin/Java**: `import`; look for `class`, `fun`, `val`, `var`, `object`
- **Rust**: `use`; look for `pub fn`, `pub struct`, `pub enum`, `pub trait`

### Step 2 — Discover all files in the target

```bash
# Examples — adapt to the language
find <target_folder> -name "*.dart" | sort
find <target_folder> -name "*.ts" -o -name "*.tsx" | sort
find <target_folder> -name "*.py" | sort
find <target_folder> -name "*.go" | sort
```

This gives you the complete inventory of what exists.

### Step 3 — Read every file in the target

Read all files in the target folder. While reading, extract:
- All exported/public symbols (classes, functions, enums, interfaces, types, constants)
- All imports/requires declared
- Constructor/function parameters
- Commented-out code blocks
- Private symbols that may also be unused internally

### Step 4 — Verify every finding with cross-project search

For each symbol you want to validate, search the **entire source root** (not just the target folder):

```bash
# Is this file imported anywhere?
grep -r "filename_without_extension" src/ --include="*.ts"
grep -r "package_or_module_name" . --include="*.go"

# Is this class/function used anywhere?
grep -r "ClassName\|function_name" src/ --include="*.py" | grep -v "the_file_that_defines_it"

# Is this method/getter called anywhere?
grep -r "\.methodName\b" lib/ --include="*.dart" | grep -v "defining_file"

# Is this parameter used inside its own function?
grep -n "paramName" path/to/file.ts
```

Adapt the search root and file extensions to the actual project. Use `--include` to limit noise.

**Golden rule: A finding without a supporting search is not valid. If you didn't search for it, don't report it.**

### Step 5 — Handle language-specific edge cases

Some patterns look unused but aren't:

| Pattern | Language | What to check |
|---------|----------|---------------|
| Dependency injection containers | Any | `Get.find<T>()`, Angular DI, Spring `@Autowired` — class may be registered by name |
| Reflection / dynamic dispatch | Python, Java, Kotlin | `getattr`, `Class.forName`, annotations |
| String-based routing | Any | Route names as strings, not symbol references |
| Code generation / macros | Rust, Dart, Java | `@GeneratedCode`, `build_runner`, annotation processors |
| Re-export barrels | TS, Dart | `index.ts`, `barrel.dart` — file may not import but re-exports |
| Abstract classes / interfaces | Any | No direct instantiation; check for implementors/subclasses |
| Test files | Any | A class used only in tests is still used — don't flag it |
| Dynamic requires | JS/TS | `require(someVariable)` — can't be statically analyzed |

When you spot one of these patterns, bump the risk to 🟡 or 🔴 and explain why.

---

## Report format

Produce a Markdown report with this exact structure:

```
# 🔍 Dead Code Audit — `<path/to/folder/>`

## Executive Summary
| Category | Count | Removal risk |
|----------|-------|--------------|
| Orphan files | N | 🟢/🟡/🔴 |
| Dead methods / getters | N | ... |
| Unused parameters | N | ... |
| Unused imports | N | ... |
| Commented-out code | N | ... |

**Estimated removable: ~X lines across Y files**

---

## 🗂️ Orphan Files
> Files that nothing imports or references

### `path/to/file.ext`
- **Contains:** brief description of what's inside
- **Evidence:** `grep -r "filename" src/` → 0 external results
- **Removal risk:** 🟢 Low

---

## 💀 Dead Methods / Getters / Functions
> Declared but never called from outside their file

### `ClassName.methodName` in `path/to/file.ext`
- **Declared:** public getter/method that returns X
- **Evidence:** `grep -r ".methodName" src/` → 0 external results
- **Removal risk:** 🟢 Low

---

## ⚠️ Unused Constructor / Function Parameters
> Received but never consumed

### `WidgetName.paramName` in `path/to/file.ext`
- **Received:** `required this.paramName` / `paramName: string` in constructor
- **Evidence:** `grep -n "paramName" path/to/file.ext` → only appears in declaration
- **Removal risk:** 🟢 Low — remove field, constructor param, and the argument at the call site

---

## 📦 Unused Imports
> Import statements that contribute no symbol to the file

### `import 'package/file'` in `path/to/file.ext`
- **Imported symbol:** X
- **Evidence:** No symbol from this import is used in the file
- **Removal risk:** 🟢 Very low

---

## 📝 Commented-out Code
> Real code blocks that have been commented out

### `path/to/file.ext` line X
- **Content:** description of the commented code
- **Removal risk:** 🟢 Low / 🟡 Verify first

---

## Context
> Brief note on why this dead code exists (e.g. "left over from a refactor that moved from X to Y pattern")
```

---

## Risk levels

| Risk | When to use |
|------|-------------|
| 🟢 Low | Search confirms 0 references. Safe to delete. |
| 🟡 Medium | Possibly used via reflection, string-based lookup, DI container, or in test files not searched. Verify manually before deleting. |
| 🔴 High | References exist but appear indirect, or it's a base class with unknown subclasses outside the search scope. Do not delete without a deeper review. |

In statically-typed languages (Dart, TypeScript with strict mode, Go, Rust, Kotlin), almost all dead code is 🟢 because references are always explicit. In dynamically-typed or reflection-heavy languages (Python, Java with Spring, JS without TypeScript), be more conservative and use 🟡 when in doubt.

---

## After the report

Always close with:

> 💡 Want me to generate a `/plan` to remove all of this safely, with intermediate verification steps and a final static analysis pass?

If the user says yes, invoke the `claude-mem:make-plan` skill with:
- The full list of files to delete
- The methods/getters to remove with their file paths and approximate lines
- The parameters to remove along with the call sites that need updating
- The rule: no business logic changes, verify with the project's linter/analyzer at the end of each phase

Related Skills

cognitive-register

5
from SynapSync/skills-registry

Registers new cognitives (skills, agents, prompts, workflows, tools) into the SynapSync Registry with proper structure, manifest, and registry index. Trigger: When the user says "GUARDA", "REGISTRA", "AGREGA" followed by a cognitive type and name, or asks to save/register/add a cognitive to the registry.

sprint-forge

5
from SynapSync/skills-registry

Adaptive sprint workflow: deep analysis, evolving roadmap, one-at-a-time sprints, formal debt tracking, and re-entry prompts for context persistence. Trigger: When the user wants to analyze a project, create a roadmap, generate/execute sprints iteratively, or check project status and technical debt.

project-brain

5
from SynapSync/skills-registry

Session memory for AI agents — load context at the start, save sessions at the end, evolve knowledge across sessions. Like a professional's notebook: open before work, write a summary when done, persist between sessions. Trigger: When starting a session and need to recover context, or ending a session and want to save what happened.

universal-planner

5
from SynapSync/skills-registry

Unified planning and execution skill for any software scenario. PLAN mode produces structured documentation; EXECUTE mode implements sprints from plan output. Trigger: When planning or executing any software work that requires structured analysis and actionable task plans.

growth-ceo

5
from SynapSync/skills-registry

Elite tech CEO strategist that thinks like Musk, Bezos, Altman, Huang, and Thiel combined. Generates billion-dollar-scale strategic initiatives, product visions, and growth plays using first principles, 7 Powers, flywheels, and exponential thinking. Use this skill whenever the user discusses product strategy, business decisions, growth challenges, competitive positioning, or asks "what should we build" — even if they don't explicitly ask for "strategy". This includes: scaling from N to 10N users, what to build vs NOT build, MVP decisions, feature prioritization, competitive differentiation, enterprise vs self-serve, go-to-market, pivoting, revenue strategy, reducing churn, positioning against competitors, fundraising strategy, team building, platform plays, or any question where the user needs a founder/CEO-level perspective. If the user describes their product and asks "what should I do" — use this skill. Think big. Resources can be acquired. The vision comes first.

growth-architect

5
from SynapSync/skills-registry

AI Co-Founder & Growth Architect: strategic clarity, product vision, MVP design, and architecture decisions (ADRs) before execution begins. Trigger: When user needs strategic advice, MVP validation, market analysis, product vision, or architecture decisions — before generating any execution plan.

obsidian

5
from SynapSync/skills-registry

Unified Obsidian vault operations: sync documents to vault, read notes for context, search knowledge, and validate markdown standards. Filesystem-based, no MCP required. Trigger: When user wants to read from or write to Obsidian vault.

skill-creator

5
from SynapSync/skills-registry

Creates new AI agent skills following the SynapSync spec with enhanced templates and guidelines. Trigger: When user asks to create a new skill, add agent instructions, or document patterns for AI.

prompt-improver

5
from SynapSync/skills-registry

Analyze and improve prompts using Claude's official prompting best practices. Use this skill whenever the user wants to improve, refine, review, or optimize a prompt — whether it's a system prompt, a user prompt, an API prompt, or instructions for an AI agent. Also trigger when the user shares a raw prompt and asks for feedback, says 'make this prompt better', 'optimize my prompt', 'review this prompt', or pastes a prompt and asks what's wrong with it. Even if the user just says 'improve this' while sharing text that looks like a prompt or instruction set, use this skill.

cairo-auditor

9
from cartridge-gg/nums

Systematic Cairo/Starknet security audit workflow with deterministic preflight, parallel vector specialists, adversarial reasoning, and strict false-positive gating.

security-auditor

9
from cofin/flow

Use when reviewing authentication, authorization, user input, secrets, API keys, database queries, file uploads, session management, external API calls, OWASP risks, or data handling attack surface.

lightning-navigation-dead-link-handling

8
from PranavNagrecha/AwesomeSalesforceSkills

Use when an LWC navigates via NavigationMixin to records or pages that may no longer exist, lack the user's access, or be permanently moved. Triggers: 'lightning navigation 404', 'navigate to deleted record', 'NavigationMixin error toast', 'graceful fallback when target page missing', 'permission denied on navigation'. NOT for general routing within an SPA or for Experience Cloud public-facing routing.