Skill

auditing

Use when checking a Python project for configuration gaps, missing tool configs, hardcoded secrets, or pre-commit hook issues

npx claudepluginhub jugrajsingh/skillgarden --plugin pysmith

Tool Access

This skill is limited to using the following tools:

ReadGlobGrepAskUserQuestion

Preview

Analyze a Python project against best practices and generate a structured report.

Supporting Assets

references/audit-checks.md

SKILL.md

Similar Skills

cache-components

139.2k

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

mcp-builder

124.2k

Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).

9 files

anthropics-skills-13

canvas-design

124.2k

Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.

20 files

anthropics-skills-13

Stats

Parent Repo Stars0

Parent Repo Forks0

Last CommitMar 26, 2026

Actions

View Source View Plugin View on GitHub View README

Audit Python Project

Analyze a Python project against best practices and generate a structured report.

Checks

Read references/audit-checks.md for the full checklist. Five categories:

Configuration (pyproject.toml) - ruff, pytest, mypy, coverage, dev deps, docstyle
Settings Management - no os.getenv(), no hardcoded secrets, Pydantic Settings, YAML
Pre-commit Hooks - gitleaks, pip-audit, ruff, no redundant tools, ordering, branch protection
Project Structure - tests/, conftest.py, init.py, consistent layout
Makefile Integration - Makefile.local exists, CLAUDE.md Commands section, tool alignment

Workflow

1. Scan Project

Glob: pyproject.toml, config/settings.py, **/settings.py, .pre-commit-config.yaml,
      tests/, tests/conftest.py, **/__init__.py, src/

2. Run Checks

For each category, evaluate pass/fail and collect details.

3. Search for Anti-patterns

Grep: os.getenv, os.environ.get (in *.py excluding tests/)
Grep: password\s*=\s*["'], secret\s*=\s*["'], api_key\s*=\s*["'] (in *.py)

4. Generate Report

Use the audit-report.md template. Fill in:

Each check with ✓ (pass), ✗ (fail), or △ (partial/uncertain)
Findings grouped by category
Recommendations sorted by priority (high/medium/low)

5. Ask About Fixes

After presenting the report, ask via AskUserQuestion:

"Fix all issues" - Invoke relevant pysmith skills to fix
"Fix critical only" - Only fix high-priority items
"Report only" - No changes, just the audit report

Report Output

Write to docs/audits/python-audit-{date}.md or display inline if docs/ doesn't exist.

Priority Classification

Priority	Criteria
High	Security issues, missing secrets detection, hardcoded credentials
Medium	Missing tool configs, incomplete rule coverage, no branch protection
Low	Structure improvements, missing conftest.py, documentation gaps