acedergren/health-check
skills/health-check/SKILL.md
Use when running codebase quality gates (typecheck, lint, tests, security, dead code, circular deps, audits). Reports pass/fail across all checks without making edits or suggesting fixes. Keywords: health check, pre-PR validation, quality gates, repo diagnostics, CI gates.
$ install --global
skillsauthnpx skillsauth add acedergren/agentic-tools health-checkInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
4 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
4
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 27, 2026, 4:18 AM77.7s2 files scanned
SKILL.md
- name:
- health-check
- description:
- Use when running codebase quality gates (typecheck, lint, tests, security, dead code, circular deps, audits). Reports pass/fail across all checks without making edits or suggesting fixes. Keywords: health check, pre-PR validation, quality gates, repo diagnostics, CI gates.
Health Check
Full codebase diagnostic: typecheck, tests, security scans, dead code, circular deps, package health. Reports a summary table.
This skill is headless. Run each step as a single Bash command, capture the exit code and key output lines, then print the summary table. Do NOT analyze output, suggest fixes, or spawn agents. Just report what passed and what failed.
NEVER
- Never stop after the first failing gate — report the full picture even with failures.
- Never analyze failures or suggest fixes in the output.
- Never spawn subagents for interpretation.
- Never silently skip missing tools — mark them as
SKIP. - Never use this skill to commit, push, or mutate files.
Scripts
Use the helper instead of retyping the command matrix:
bash scripts/run-health-check.sh
bash scripts/run-health-check.sh --quick
bash scripts/run-health-check.sh --security-only
bash scripts/run-health-check.sh --code-quality
Gates
Run all gates. Capture exit code and summary line. Do NOT stop on failure.
TypeCheck (all workspaces)
npx tsc --noEmit 2>&1; echo "EXIT:$?"
Run for each workspace. Capture exit code + error count.
Tests
npx vitest run --reporter=dot 2>&1; echo "EXIT:$?"
Use dot reporter to minimize output. Capture exit code + pass/fail counts.
Lint
npx eslint . 2>&1; echo "EXIT:$?"
Capture exit code + error/warning counts.
Semgrep Security Scan
semgrep scan --config auto --severity ERROR --severity WARNING --quiet 2>&1; echo "EXIT:$?"
If semgrep not installed: record as SKIP.
Circular Dependencies
npx madge --circular --ts-config tsconfig.json src/ 2>&1; echo "EXIT:$?"
Record FAIL if any cycles found.
Dead Code / Unused Exports
npx knip --no-progress 2>&1; echo "EXIT:$?"
Record WARN (not FAIL) — knip can be noisy on first run.
Dependency Vulnerabilities
npm audit --production 2>&1; echo "EXIT:$?"
# or: pnpm audit --prod
WARN for low/moderate. FAIL for high/critical.
Summary Table
After all gates complete, print:
## Health Check Results
| Gate | Status | Details |
|--------------|--------|----------------------------------|
| TypeCheck | PASS | 0 errors |
| Tests | PASS | 1200 passed, 0 failed |
| Lint | PASS | 0 errors, 3 warnings |
| Semgrep | PASS | 0 findings |
| Circular | PASS | 0 circular dependencies |
| Dead Code | WARN | 3 unused exports |
| Audit | PASS | 0 vulnerabilities |
Status values: PASS, FAIL, SKIP (tool not installed), WARN (non-zero but non-blocking).
That's it. Do not suggest fixes, do not analyze errors, do not read files. Just print the table.
Arguments
--quick: Skip Semgrep + knip (saves time)--security-only: Only Semgrep + audit--code-quality: Only knip + madge + typecheck (skip security + tests)- If empty: Run all gates
Customization
Common additions for project-specific gates:
- OpenAPI lint:
npx spectral lint openapi.json - Bundle size check:
npx bundlesize - Package exports:
npx publint && npx attw --pack - Secret scanning:
trufflehog git "file://$(pwd)" --only-verified
Related Skills
acedergren/skills/api-audit
development
VerifiedTrustedCommunity
--- name: api-audit description: "Use when auditing API routes for schema drift, missing auth, or validation gaps. Scans routes against shared TypeScript types to find mismatches, missing middleware, and undocumented endpoints. Read-only — produces a severity-grouped report. Keywords: audit routes, schema drift, auth gaps, missing validation, type mismatch, orphaned schemas. Triggers on "audit API routes" or "find schema drift"." --- # API Route & Type Audit Skill ## When to Use Load this skil
14SKILL.mdUpdated Mar 26, 2026
acedergren/write-natural-swedish
development
VerifiedTrustedCommunity
Use when drafting, translating, polishing, or reviewing Swedish text so it sounds natural, fluent, contemporary, and appropriate for its audience. Triggers include "write better Swedish", "make this sound natural in Swedish", "translate into Swedish", "polish this Swedish", "tech company Swedish", "contemporary Swedish words", "Swedish developer docs", and "avoid Anglicisms".
13SKILL.mdUpdated May 13, 2026
acedergren/shadcn-svelte
development
VerifiedTrustedCommunity
Use when working with shadcn-svelte components, TanStack Table in Svelte 5, or Tailwind v4.1. Covers non-obvious reactivity bugs, library selection trade-offs, and migration pitfalls not in the official docs. Keywords: shadcn-svelte, TanStack Table, Tailwind v4.1, Svelte 5 runes, bits-ui, superforms, data table, svelte-check.
13SKILL.mdUpdated Mar 26, 2026
acedergren/oracle-idcs-org-provisioning
data-ai
VerifiedTrustedCommunity
Use when mapping IDCS claims to org membership after OAuth login succeeds. Covers mapProfileToUser, session.create.before, session.create.after hooks, MERGE INTO upserts, tenant-org mapping, and first-admin bootstrap. Keywords: IDCS groups, org_members, provisioning, session hooks, tenant map, MERGE INTO.
13SKILL.mdUpdated Mar 26, 2026