Skill

audit

From hw

Run a preventive code audit when the user wants graded findings across security, bugs, architecture, performance, tests, and quality.

npx claudepluginhub hypoxanthineovo/hypo-workflow --plugin hw

Tool Access

This skill uses the workspace's default tool permissions.

Preview

📌 输出语言规则：

SKILL.md

Similar Skills

ai-readiness-audit

Orchestrates extensible code quality audits: discovers dimensions, builds DAG for phased parallel execution via subagents, each in isolated context window.

11 files

awos

audit

Conducts full codebase health audit across architecture, security, code quality, dependencies, test coverage. Produces scored report with letter grades and prioritized remediation. Use for existing codebases or before releases.

composure

audit

Runs comprehensive codebase audits with mechanical verification (build, lint, tests, secrets scan, git status) and specialist reviewers, producing scored reports across 7+ axes. Quick modes skip reviewers.

arc

Stats

Stars10

Forks0

Last CommitMay 3, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

/hypo-workflow:audit

Output Language Rules

📌 输出语言规则：读取 config.yaml → output.language

zh-CN / zh：所有用户可见的输出使用中文（PROGRESS、报告、状态提示、错误消息、交互提问）

en：使用英文

auto：跟随用户对话语言内部日志（log.yaml、state.yaml）始终英文。

Use this skill for deep project auditing.

Preconditions

source code and architecture baseline should be available

Execution Flow

Determine scope:

full project
--scope <dir>
--since <milestone>

Read the architecture baseline first.

Resolve output.language and output.timezone.

Scan the six audit dimensions.

Grade findings as Critical, Warning, or Info.

Write the report to .pipeline/audits/audit-NNN.md in output.language.

Render report timestamps in output.timezone.

Apply the shared secret-safe evidence redaction helper before durable writes; do not store raw API keys, tokens, Authorization headers, cookies, passwords, or private keys.

Append a lifecycle log entry.

Set current.phase=lifecycle_audit when state tracking is used.

Reference Files

references/audit-spec.md

references/log-spec.md

SKILL.md

/hypo-workflow:audit

Output Language Rules

📌 输出语言规则：读取 config.yaml → output.language

zh-CN / zh：所有用户可见的输出使用中文（PROGRESS、报告、状态提示、错误消息、交互提问）
en：使用英文
auto：跟随用户对话语言内部日志（log.yaml、state.yaml）始终英文。

Use this skill for deep project auditing.

Preconditions

source code and architecture baseline should be available

Execution Flow

Determine scope:
- full project
- --scope <dir>
- --since <milestone>
Read the architecture baseline first.
Resolve output.language and output.timezone.
Scan the six audit dimensions.
Grade findings as Critical, Warning, or Info.
Write the report to .pipeline/audits/audit-NNN.md in output.language.
Render report timestamps in output.timezone.
Apply the shared secret-safe evidence redaction helper before durable writes; do not store raw API keys, tokens, Authorization headers, cookies, passwords, or private keys.
Append a lifecycle log entry.
Set current.phase=lifecycle_audit when state tracking is used.

Reference Files

references/audit-spec.md
references/log-spec.md
SKILL.md