Stats
Actions
Tags
From aidd-dev
Read-only codebase audit across quality pillars: code quality, architecture, security, dependencies, performance, tests, and UI. Diagnoses and reports findings without editing code.
How this skill is triggered — by the user, by Claude, or both
Slash command
/aidd-dev:04-auditopusThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Diagnoses a codebase against quality pillars and emits a structured findings report. This skill is **read-only**: it identifies and ranks problems, it never changes code. Each finding hands off to the relevant act-skill when a fix is wanted.
Diagnoses a codebase against quality pillars and emits a structured findings report. This skill is read-only: it identifies and ranks problems, it never changes code. Each finding hands off to the relevant act-skill when a fix is wanted.
| # | Action | Pillar | Lens |
|---|---|---|---|
| 01 | code-quality | code-quality | Clean code (naming, SOLID, DRY, readability, smells) + tech debt (dead code, complexity, file/function size, error handling) |
| 02 | architecture | architecture | Conformance to C4 / ADRs, coupling, boundaries, layering |
| 03 | security | security | OWASP risks, authz, input validation, secrets in code |
| 04 | dependencies | dependencies | CVEs, licenses, outdated and unused deps, supply chain |
| 05 | performance | performance | N+1 queries, hot paths, bundle size, heavy operations |
| 06 | tests | tests | Critical-path coverage, flakiness, test pyramid balance |
| 07 | ui | ui | Loading/error/empty states, visual hierarchy, design-system drift, responsive, a11y |
This skill is run-one-OR-run-all:
When running all, skip a pillar whose method cannot run in this environment (e.g. no profiler for performance, no lockfile scanner for dependencies) and record it under the report's Coverage > Skipped with the reason. Never invent findings for an unscannable pillar.
The report uses the shared template @assets/audit-template.md. There is ALWAYS exactly one report file and exactly one writer of it - never one file per pillar in a full run.
Single-pillar run. Run the one pillar action; it writes its own report at aidd_docs/tasks/audits/<yyyy>_<mm>_<pillar>.md.
Full run. Run each applicable pillar action to COLLECT its findings (the pillars do not each write a file in this mode), then write ONE merged report at aidd_docs/tasks/audits/<yyyy>_<mm>_full.md:
Category = the pillar per row), sorted severity-first across all pillars,Every finding row: severity + pillar + concrete file:line + issue + suggested fix + effort. Read-only in both modes: emit the report and stop; never edit code.
@actions/01-code-quality.md@actions/02-architecture.md@actions/03-security.md@actions/04-dependencies.md@actions/05-performance.md@actions/06-tests.md@actions/07-ui.mdnpx claudepluginhub ai-driven-dev/frameworkConducts full codebase health audit across architecture, security, code quality, dependencies, test coverage. Produces scored report with letter grades and prioritized remediation. Use for existing codebases or before releases.
Performs multi-phase deep codebase review covering architecture, security, code quality, and UX/accessibility. Produces severity-rated findings suitable for direct conversion to GitHub issues.
Audits codebases for OWASP Top 10 security issues, performance bottlenecks, architecture flaws, dependency vulnerabilities, and observability gaps before releases, refactors, or compliance reviews.