universe

Autonomous agent that performs a comprehensive codebase analysis. Use this agent when the user asks for a "full codebase overview", "help me understand this project", "codebase analysis", "onboard me to this codebase", "project deep dive", or wants a complete understanding of the project's architecture, hotspots, and key modules.

Autonomous agent that analyzes the temporal health of a codebase. Use this agent when the user asks for a "full evolution analysis", "temporal audit", "codebase evolution report", "how has this project changed", "project health over time", or wants a comprehensive assessment of how the codebase has evolved with drift detection and forecasting.

Autonomous agent that performs comprehensive instruction file analysis. Use this agent when the user asks for a "full instruction review", "deep analysis of my rules", "comprehensive CLAUDE.md audit", or wants a thorough assessment of instruction quality, adherence, and missing conventions in a single report. This agent discovers conventions, lints quality, and checks conformance, then produces a prioritized report.

Autonomous orchestrator for /orbit Standard mode. Runs MCP tools across all 5 claude-universe systems (security, tests, code, evolution, instructions) in parallel, verifies top findings by reading actual code, and synthesizes a unified dashboard. Used by /orbit when no mode keyword or when Standard mode is invoked. Expected runtime: 30-90 seconds on medium projects.

Autonomous agent that performs a comprehensive security audit of the entire project. Use this agent when the user asks for a "full security audit", "security assessment", "comprehensive security review", "audit my project for vulnerabilities", or wants a complete security evaluation with prioritized findings and remediation plan.

Autonomous agent that audits test quality across an entire project. Use this agent when the user asks for a "full test audit", "test quality audit", "comprehensive test review", "audit my test suite", "how good are my tests overall", or wants a project-wide assessment of testing quality with criticality-weighted priorities and systemic patterns.

This skill should be used when the user asks to "check adherence", "check rule adherence", "are my rules being followed", "is Claude following my instructions", "how effective is my CLAUDE.md", "rule compliance", "instruction effectiveness", "how are my rules performing", "which rules are being violated", "audit my rules", "check my CLAUDE.md", mentions "/check-rules", or wants to know whether their coding agent instruction rules are actually being followed across Claude Code sessions.

Use when the user wants to infer reusable project conventions from existing code and turn them into instruction rules: "discover conventions", "infer rules from code", "what rules should I add", "generate rules from this codebase", or "/discover". This is for convention mining, not for checking rule adherence or explaining how a specific module works.

This skill should be used when the user asks "when did this get complicated", "why is this file so complex", "how did this evolve", "complexity history", "trace the evolution", "what happened to this code", "dissect this file", mentions "/dissect", or wants to understand how a file or function became complex by tracing its evolution through git history.

This skill should be used when the user asks "has this module drifted", "is this code still doing what it was designed for", "scope creep analysis", "architectural drift", "what was this originally for", "how has this changed over time", mentions "/drift", or wants to detect when code has quietly evolved away from its original purpose.

Use when the user wants a deep explanation of a specific file, module, or implementation flow: "explain this code", "walk me through this file", "why is this structured this way", or "/explain". Best for focused code understanding with history context, not for repo-wide architecture mapping, recent-change summaries, or generic "what happened?" requests.

This skill should be used when the user asks "what's about to become a problem", "predict issues", "trend analysis", "which files are growing", "what's getting worse", "complexity forecast", "what should I refactor next", mentions "/forecast", or wants to predict which files are on concerning trajectories before they become critical.

This skill should be used when the user asks to "find hotspots", "what are the riskiest files", "where do bugs hide", "churn analysis", "which files change most", "find risky code", "technical debt hotspots", mentions "/hotspots", or wants to identify the highest-risk areas of their codebase based on change frequency, complexity, and coupling.

This skill should be used when the user asks to "check the impact", "what will break if I change this", "blast radius", "impact analysis", "what depends on this", "who imports this", "is it safe to change this", mentions "/impact", or wants to understand the consequences of modifying a specific file or function before making changes.

This skill should be used when the user asks to "lint instructions", "lint my CLAUDE.md", "check instruction quality", "review my rules", "analyze my CLAUDE.md", "find issues in my instructions", "improve my rules", "instruction quality", mentions "/lint-rules", or wants to check the quality of their coding agent instruction files (CLAUDE.md, .cursorrules, AGENTS.md, .claude/rules/, .claude/agents/, .claude/skills/).

This skill should be used when the user asks to "map the architecture", "show me the architecture", "codebase overview", "how is this project structured", "architecture diagram", "module map", "dependency map", "what are the layers", mentions "/map", or wants a high-level architectural overview of the project.

Run for repo-wide or diff-wide readiness sweeps: "/orbit", "/orbit pr", "/orbit deep", "/orbit quick", "audit this project", "project-wide review", "is this PR ready overall", or "combined security, tests, codebase, evolution, and instruction review". Use this for broad multi-system assessment, not for a single-file review or a one-domain question.

This skill should be used when the user asks "what happened recently", "what changed", "catch me up", "recap the codebase", "what landed this week", "what's been going on", "summarize recent changes", mentions "/recap", or wants to understand recent codebase activity and what areas got attention or were neglected.

This skill should be used when the user asks "show me the old version", "what did this look like before", "rewind this file", "compare to the old version", "what changed and why", "show me the history of this file", mentions "/rewind", or wants to see a historical version of a file with annotated explanations of what changed.

This skill should be used when the user asks to "scan for vulnerabilities", "security scan", "find security issues", "check for security problems", "OWASP scan", "is this code secure", "find injection vulnerabilities", mentions "/scan", or wants to identify security vulnerabilities in their code.

Use when the user wants a security-focused review of specific files or changes: "security review this code", "check for exploits", "find security bugs", "pen test this", or "/security-review". This is for exploitability review of targeted code, not a broad whole-project scan or a general-purpose code review.

This skill should be used when the user asks to "plan tests", "what should I test", "what tests do I need", "test plan for", "testing strategy for", "test matrix for", "what cases should I cover", "help me plan tests", mentions "/test-plan", or wants to understand what tests are needed before writing any test code.

This skill should be used when the user asks to "review my tests", "are these tests good", "check my test quality", "audit these tests", "grade my tests", "test quality check", "are these tests testing the right things", "test coverage quality", mentions "/test-review", or wants to evaluate the quality of existing test files.

Use when the user wants new tests authored for a specific file, function, or module: "write tests", "add tests", "generate tests for", "test this function", "test this file", or "/test". This skill writes high-quality tests; it is not the default for running an existing test suite, debugging a failing test run, or reviewing current tests.

This skill should be used when the user asks to "threat model", "model threats", "what are the security risks", "attack surface analysis", "STRIDE analysis", "security risks of this feature", "who could attack this", mentions "/threat-model", or wants to understand the security threats to a feature, module, or system.

This skill should be used when the user asks to "trace a feature", "follow the data flow", "how does this feature work", "trace the request", "where does data flow", "walk me through this flow", "trace from entry to database", mentions "/trace", or wants to understand how a feature or request flows through the codebase from entry point to storage.