Agent Skills
› chaitanyagiri/munder-difflin
› md-audit
md-audit
GitHub只读代码质量审计工具,扫描当前目录以发现漏洞、死代码、安全热点及缺失的错误处理等问题。识别项目类型后,使用Grep和Read检查硬编码密钥、未处理错误等风险,并按严重程度输出报告,严禁修改任何文件。
Trigger Scenarios
audit the code
quick audit
find issues
code scan
what's wrong with this codebase
Install
npx skills add chaitanyagiri/munder-difflin --skill md-audit -g -y
SKILL.md
Frontmatter
{
"name": "md-audit",
"version": "1.0.0",
"description": "Read-only code quality audit — scan the current working directory for common\nissues (bugs, dead code, security hotspots, missing error handling) and return\na prioritised findings report. No files are edited.\nUse when asked to \"audit the code\", \"quick audit\", \"find issues\", \"code scan\",\nor \"what's wrong with this codebase\". (munder-difflin)\n",
"allowed-tools": [
"Read",
"Bash",
"Grep"
]
}
Code Audit (read-only)
Perform a read-only code quality scan and return a findings report. Do NOT edit any files.
Steps:
- Scope — identify the primary language and entry points (
package.json,Cargo.toml,go.mod,pyproject.toml, or similar). - Scan — use
GrepandReadto look for:- Unhandled promise rejections / ignored errors
- Hard-coded secrets or credentials (keys, tokens, passwords)
TODO/FIXME/HACKcomments that signal known debt- Dead exports (exported symbols with no in-repo import)
- Obvious type-safety gaps (unchecked
any, missing null guards)
- Report — output a findings list sorted by severity (Critical → High → Medium → Low):
## Audit Report — <project name> ### Critical - [file:line] <description> ### High - ... ### Summary <total count> findings across <file count> files scanned. - Stop after reporting. Do not apply any fixes.
Version History
- df15a9a Current 2026-07-05 15:41


