Stats
Actions
Tags
From sacco-skills
Systematic codebase audit with parallel concern-specific agents and structured findings. Use for code reviews, pre-production hardening, security audits, architecture reviews, or engineering quality assessments. Produces prioritized findings with severity, file:line references, and remediation plan. Triggers: "audit", "review the code", "hardening", "production readiness", "security review", "quality assessment", "deep pass".
How this skill is triggered — by the user, by Claude, or both
Slash command
/sacco-skills:sacco-codebase-auditThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Dispatches parallel audit agents across concern areas, collects structured findings,
Dispatches parallel audit agents across concern areas, collects structured findings, and produces a prioritized remediation plan.
Select one or more scopes. Each scope runs as a parallel agent.
| Scope | What It Checks |
|---|---|
| security | OWASP top 10, auth/authz, secrets exposure, injection vectors, dependency vulnerabilities |
| architecture | Layering violations, circular dependencies, coupling, separation of concerns, API design |
| performance | N+1 queries, missing indexes, unbounded collections, hot paths, memory leaks, cache strategy |
| engineering | Error handling, logging, testing coverage, naming, dead code, code duplication, type safety |
| data | Schema design, migration safety, data integrity, backup/recovery, temporal consistency |
| operations | Observability, health checks, graceful shutdown, configuration management, deployment safety |
Every finding follows this exact structure:
### Finding <scope>-<number>: <title>
- **Severity:** Critical | High | Medium | Low | Info
- **File:** `path/to/file.rs:123`
- **Description:** What the problem is, with evidence.
- **Impact:** What can go wrong if this is not fixed.
- **Recommendation:** Specific fix with code example if applicable.
| Severity | Definition | SLA |
|---|---|---|
| Critical | Data loss, security breach, or system down risk. Blocks deployment. | Fix before merge |
| High | Significant bug, performance degradation, or architectural violation. | Fix this sprint |
| Medium | Code quality issue, missing edge case, or maintainability concern. | Fix next sprint |
| Low | Style issue, minor optimization, or documentation gap. | Backlog |
| Info | Observation, suggestion, or positive callout. | Optional |
Ask the user which scopes to audit, or default to all if "full audit" is requested.
Launch one agent per scope in parallel. Each agent:
Agent prompt template:
You are auditing this codebase for {scope} concerns.
Read all relevant files. For each issue found, produce a finding in this exact format:
[finding format from above]
Be thorough. Check every file. Do not skip edge cases.
Do not suggest fixes that introduce new problems.
Number findings as {scope}-1, {scope}-2, etc.
Return ONLY findings, no preamble.
After all agents complete:
docs/audit-report.md# Audit Report — <date>
## Summary
| Severity | Count |
|----------|-------|
| Critical | 2 |
| High | 5 |
| Medium | 8 |
| Low | 3 |
| Info | 1 |
## Critical Findings
...
## High Findings
...
Produce a docs/remediation-plan.md:
After remediation:
Guides creation, editing, and verification of skills for AI coding agents using test-driven development with subagent scenarios. Use when authoring or debugging skills.
npx claudepluginhub adrien-sacco/sacco-skills --plugin sacco-skills