Audit Python project against best practices for pyproject.toml, settings management, pre-commit hooks, and project structure.
Audits Python projects for configuration, security, and structural issues against best practices, then generates a prioritized report.
npx claudepluginhub jugrajsingh/skillgardenThis skill is limited to using the following tools:
Analyze a Python project against best practices and generate a structured report.
| Check | Pass Criteria |
|---|---|
| pyproject.toml exists | File present at project root |
| ruff configured | [tool.ruff] section with line-length and select rules |
| Rule coverage | At minimum: F, E, W, I, N, S, B, C4, UP, RUF selected |
| pytest configured | [tool.pytest.ini_options] with testpaths |
| mypy configured | [tool.mypy] section present |
| coverage configured | [tool.coverage.run] with source and omit |
| Dev deps present | [dependency-groups] dev includes pytest, ruff, mypy, pre-commit |
| Google docstrings | [tool.ruff.lint.pydocstyle] convention = "google" |
| Check | Pass Criteria |
|---|---|
| No os.getenv() in app code | Grep for os.getenv outside tests/ and scripts/ |
| No hardcoded secrets | Grep for password=, secret=, api_key= with literal string values |
| Pydantic Settings used | config/settings.py or settings.py with BaseSettings |
| YAML support configured | yaml_file in SettingsConfigDict |
| example.env.yaml exists | Template committed for local dev |
| gitignore updated | *.env.yaml ignored, example.env.yaml excluded from ignore |
| Check | Pass Criteria |
|---|---|
| .pre-commit-config.yaml exists | File present |
| gitleaks hook present | Secrets detection enabled |
| pip-audit hook present | Dependency vulnerability scanning |
| ruff hooks present | Both ruff (lint) and ruff-format hooks |
| No redundant tools | No black, isort, flake8, bandit alongside ruff |
| Branch protection | no-commit-to-branch for main/develop |
| Check | Pass Criteria |
|---|---|
| tests/ directory exists | Test directory present |
| conftest.py exists | Shared fixtures file in tests/ |
| init.py files present | Package directories have init.py |
| src/ or flat layout consistent | Not mixing both patterns |
Glob: pyproject.toml, config/settings.py, **/settings.py, .pre-commit-config.yaml,
tests/, tests/conftest.py, **/__init__.py, src/
For each category, evaluate pass/fail and collect details.
Grep: os.getenv, os.environ.get (in *.py excluding tests/)
Grep: password\s*=\s*["'], secret\s*=\s*["'], api_key\s*=\s*["'] (in *.py)
Use the audit-report.md template. Fill in:
After presenting the report, ask via AskUserQuestion:
Write to docs/audits/python-audit-{date}.md or display inline if docs/ doesn't exist.
| Priority | Criteria |
|---|---|
| High | Security issues, missing secrets detection, hardcoded credentials |
| Medium | Missing tool configs, incomplete rule coverage, no branch protection |
| Low | Structure improvements, missing conftest.py, documentation gaps |
Expert guidance for Next.js Cache Components and Partial Prerendering (PPR). **PROACTIVE ACTIVATION**: Use this skill automatically when working in Next.js projects that have `cacheComponents: true` in their next.config.ts/next.config.js. When this config is detected, proactively apply Cache Components patterns and best practices to all React Server Component implementations. **DETECTION**: At the start of a session in a Next.js project, check for `cacheComponents: true` in next.config. If enabled, this skill's patterns should guide all component authoring, data fetching, and caching decisions. **USE CASES**: Implementing 'use cache' directive, configuring cache lifetimes with cacheLife(), tagging cached data with cacheTag(), invalidating caches with updateTag()/revalidateTag(), optimizing static vs dynamic content boundaries, debugging cache issues, and reviewing Cache Component implementations.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.