md-audit

GitHub

只读代码质量审计工具,扫描当前目录以发现漏洞、死代码、安全热点及缺失的错误处理等问题。识别项目类型后,使用Grep和Read检查硬编码密钥、未处理错误等风险,并按严重程度输出报告,严禁修改任何文件。

resources/skills/md-audit/SKILL.md chaitanyagiri/munder-difflin

Trigger Scenarios

audit the code quick audit find issues code scan what's wrong with this codebase

Install

npx skills add chaitanyagiri/munder-difflin --skill md-audit -g -y
More Options

Non-standard path

npx skills add https://github.com/chaitanyagiri/munder-difflin/tree/main/resources/skills/md-audit -g -y

Use without installing

npx skills use chaitanyagiri/munder-difflin@md-audit

指定 Agent (Claude Code)

npx skills add chaitanyagiri/munder-difflin --skill md-audit -a claude-code -g -y

安装 repo 全部 skill

npx skills add chaitanyagiri/munder-difflin --all -g -y

预览 repo 内 skill

npx skills add chaitanyagiri/munder-difflin --list

SKILL.md

Frontmatter
{
    "name": "md-audit",
    "version": "1.0.0",
    "description": "Read-only code quality audit — scan the current working directory for common\nissues (bugs, dead code, security hotspots, missing error handling) and return\na prioritised findings report. No files are edited.\nUse when asked to \"audit the code\", \"quick audit\", \"find issues\", \"code scan\",\nor \"what's wrong with this codebase\". (munder-difflin)\n",
    "allowed-tools": [
        "Read",
        "Bash",
        "Grep"
    ]
}

Code Audit (read-only)

Perform a read-only code quality scan and return a findings report. Do NOT edit any files.

Steps:

  1. Scope — identify the primary language and entry points (package.json, Cargo.toml, go.mod, pyproject.toml, or similar).
  2. Scan — use Grep and Read to look for:
    • Unhandled promise rejections / ignored errors
    • Hard-coded secrets or credentials (keys, tokens, passwords)
    • TODO/FIXME/HACK comments that signal known debt
    • Dead exports (exported symbols with no in-repo import)
    • Obvious type-safety gaps (unchecked any, missing null guards)
  3. Report — output a findings list sorted by severity (Critical → High → Medium → Low):
    ## Audit Report — <project name>
    
    ### Critical
    - [file:line] <description>
    
    ### High
    - ...
    
    ### Summary
    <total count> findings across <file count> files scanned.
    
  4. Stop after reporting. Do not apply any fixes.

Version History

  • df15a9a Current 2026-07-05 15:41

Same Skill Collection

resources/skills/capabilities/SKILL.md
resources/skills/last30Days/SKILL.md
resources/skills/last7Days/SKILL.md
resources/skills/lastMonth/SKILL.md
resources/skills/lastQuarter/SKILL.md
resources/skills/lastWeek/SKILL.md
resources/skills/lastYear/SKILL.md
resources/skills/md-fetch-summarize/SKILL.md
resources/skills/md-hive-sync/SKILL.md
resources/skills/temporal/SKILL.md
resources/skills/thisMonth/SKILL.md
resources/skills/thisQuarter/SKILL.md
resources/skills/thisWeek/SKILL.md
resources/skills/thisYear/SKILL.md
resources/skills/today/SKILL.md
resources/skills/yesterday/SKILL.md

Metadata

Files
0
Version
df15a9a
Hash
64e5ec65
Indexed
2026-07-05 15:41

Главная - Вики-сайт
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-11 03:45
浙ICP备14020137号-1 $Гость$