Stats
Actions
Tags
Use when auditing code for all problems and saving findings as an actionable fix plan to a markdown file. Triggers on requests to find all issues, create a remediation plan, or systematically discover tech debt. Works with any programming language.
How this skill is triggered — by the user, by Claude, or both
Slash command
/audit-claude-marketplace:audit-to-plan [--output <path>] [--scope diff|full][--output <path>] [--scope diff|full]The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Comprehensive, language-agnostic code audit that writes all discovered problems into a structured
Comprehensive, language-agnostic code audit that writes all discovered problems into a structured
markdown fix-plan file. Each finding gets a unique ISSUE-NNN ID for tracking by automated workflows.
quality-loop skill| Argument | Default | Meaning |
|---|---|---|
--scope diff | ✓ default | Only files changed vs HEAD |
--scope full | Entire tracked codebase | |
--output <path> | docs/FIX_PLAN.md | Output file path |
Use the cheapest model tier adequate for each task:
| Tier | Use for |
|---|---|
| Nano (fastest, cheapest) | Reading files, building context lists, gathering file paths |
| Standard (default) | Running analysis agents, writing findings, deduplication |
| Power (most capable) | Only when Standard cannot reason about complex security or architectural issues |
Apply this guidance when dispatching agents: pass the tier hint in agent prompts so each sub-agent self-selects appropriately.
# --scope diff (default): staged + unstaged changes
git diff --name-only HEAD
git diff --name-only --cached
# --scope full: all tracked files
git ls-files
If user did not pass --scope, default to diff. Do not ask interactively.
From the scoped file list, detect which languages are present by file extension:
| Extensions | Language agent to spawn |
|---|---|
.ts .tsx .js .jsx .mjs .cjs | TypeScript/JavaScript |
.py .pyw | Python |
.go | Go |
.php | PHP |
.rb .erb | Ruby |
.java .kt .kts | Java/Kotlin |
.rs | Rust |
.c .cpp .cc .h .hpp .cxx | C/C++ |
.cs | C# |
Spawn a language agent only if that language's extensions appear in the scoped files.
Dispatch all applicable agents in parallel (single Agent tool message with multiple blocks).
Always run (language-independent):
| Agent | Focus |
|---|---|
| Code quality | Patterns, naming, complexity, dead code |
| Security | OWASP Top 10, secrets, injection, auth, input validation |
| Silent failures | Swallowed errors, bad fallbacks, missing error propagation |
| Type design | Type invariants, encapsulation, unsafe casts, data model correctness |
Language agents (only for detected languages — see table above):
| Language | Focus |
|---|---|
| TypeScript/JavaScript | Type safety, async correctness, prototype pollution |
| Python | PEP 8, type hints, unsafe eval/exec, dependency issues |
| Go | Error handling, goroutine leaks, context usage, idiomatic patterns |
| PHP | Type safety, framework conventions, SQL injection, runtime safety |
| Ruby | Security, metaprogramming misuse, Rails conventions (if applicable) |
| Java/Kotlin | Null safety, checked exceptions, thread safety, resource leaks |
| Rust | Unsafe blocks, ownership correctness, panic paths |
| C/C++ | Memory safety, buffer overflows, undefined behavior |
| C# | Async/await correctness, IDisposable, null reference safety |
When prompting general-purpose agents (silent failures, type design): include the agent's role description and the explicit list of files to inspect.
Merge all findings:
(file, line_range) — same location = same issue(file, problem_text) after normalizationAssign sequential IDs after deduplication: ISSUE-001, ISSUE-002, … (ascending by severity,
CRITICAL first).
Output path: --output arg or docs/FIX_PLAN.md in project root.
Every issue MUST include a file path and line number. Issues without line numbers are not actionable.
# Fix Plan — <project name>
Generated: <ISO 8601 timestamp>
Scope: <diff | full repo> — <N> files
Total issues: <N> (CRITICAL: X · HIGH: Y · MEDIUM: Z · LOW: W)
---
## Critical
### [CRITICAL] ISSUE-001 — <Short title>
- **ID:** `ISSUE-001`
- **File:** `path/to/file.go:42`
- **Problem:** <what is wrong>
- **Fix:** <concrete action — specific change to make>
- **Why:** <security/correctness/data-loss risk>
- **Status:** `open`
---
## High
### [HIGH] ISSUE-002 — <Short title>
- **ID:** `ISSUE-002`
- **File:** `path/to/file.py:88`
- **Problem:** ...
- **Fix:** ...
- **Status:** `open`
---
## Medium
### [MEDIUM] ISSUE-003 — <Short title>
- **ID:** `ISSUE-003`
- **File:** ...
- **Problem:** ...
- **Fix:** ...
- **Status:** `open`
---
## Low
### [LOW] ISSUE-004 — <Short title>
- **ID:** `ISSUE-004`
- **File:** ...
- **Problem:** ...
- **Fix:** ...
- **Status:** `open`
---
## Summary
| Severity | Count |
|----------|-------|
| CRITICAL | X |
| HIGH | Y |
| MEDIUM | Z |
| LOW | W |
| **Total** | **N** |
Local (recommended):
python3 scripts/quality_loop.py --plan docs/FIX_PLAN.md --dry-runpython3 scripts/quality_loop.py --plan docs/FIX_PLAN.md --apply --no-pushgit push origin fix/YYYYMMDD-quality-loop then open a PR via the GitHub UI or gh pr createFrom a client (Claude / Copilot / Gemini):
/skills instead of /skill. If /skill fails, run /skills to list available commands./skills quality-loop --plan docs/FIX_PLAN.md --dry-runNotes:
--dry-run first and inspect generated commits before pushing.| Level | Meaning |
|---|---|
| CRITICAL | Security vulnerability, data loss, crash |
| HIGH | Bug, broken contract, significant quality issue |
| MEDIUM | Maintainability, missing test coverage, tech debt |
| LOW | Style, naming, minor suggestions |
(file, line_range) firstgit diff HEAD and git diff --cachednpx claudepluginhub aleslanger/audit-claude-marketplace --plugin audit-claude-marketplaceGuides creation, editing, and verification of skills for AI coding agents using test-driven development with subagent scenarios. Use when authoring or debugging skills.