athola/blast-radius
plugins/pensive/skills/blast-radius/SKILL.md
Analyzes code change impact with risk scoring and affected-node mapping. Use before merging to understand what a change touches and what lacks test coverage.
$ install --global
skillsauthnpx skillsauth add athola/claude-night-market blast-radiusInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 27, 2026, 4:53 AM197.3s1 file scanned
SKILL.md
- name:
- blast-radius
- role:
- entrypoint
- description:
- Analyzes code change impact with risk scoring and affected-node mapping. Use before merging to understand what a change touches and what lacks test coverage.
- model_hint:
- standard
- tools:
- []
Blast Radius Analysis
Analyze the impact of current code changes using the code knowledge graph.
Prerequisites
This skill requires the gauntlet plugin for graph data. Check if it's available:
GRAPH_QUERY=$(find ~/.claude/plugins -name "graph_query.py" -path "*/gauntlet/*" 2>/dev/null | head -1)
If gauntlet is not installed (GRAPH_QUERY is empty):
Fall back to a manual impact analysis using git diff
and grep to trace imports and call sites. Skip graph
steps and go directly to step 3 (manual mode).
If gauntlet is installed but no graph.db exists:
Tell the user: "Run /gauntlet-graph build first."
Steps
-
Show current changes: Run
git diff --statto show the user what files changed. -
Run impact analysis (requires gauntlet):
python3 "$GRAPH_QUERY" \ --action impact --base-ref HEAD --depth 2Fallback tier 1 (sem available, no gauntlet): Use sem for cross-file dependency tracing:
if command -v sem &>/dev/null; then sem impact --json <changed-file> fiThis traces real function-level dependencies instead of filename matching. See
leyline:sem-integrationfor detection patterns.Fallback tier 2 (no sem, no gauntlet): Trace callers of changed functions with rg (or grep):
# Prefer rg for speed; fall back to grep if command -v rg &>/dev/null; then git diff --name-only HEAD | while read f; do stem="${f%.*}"; stem="${stem##*/}" [ -z "$stem" ] && continue # skip dotfiles (.gitignore etc.) rg -l "$stem" . 2>/dev/null done | sort -u else git diff --name-only HEAD | while read f; do stem="${f%.*}"; stem="${stem##*/}" [ -z "$stem" ] && continue # skip dotfiles (.gitignore etc.) grep -rl "$stem" . 2>/dev/null done | sort -u fiNote: this searches all file types. For Python-only projects, add
--type pytorgor--include="*.py"togrepto reduce false positives. -
Display results in priority order:
Format the output as a table:
Risk | Node | File | Reason 0.85 | auth.py::verify_token | auth.py:45 | untested, security 0.62 | db.py::execute_query | db.py:112 | high fan-in 0.41 | api.py::handle_request | api.py:78 | flow participant -
Highlight untested functions: List any affected functions that lack test coverage (no TESTED_BY edge).
-
Show overall risk: Display the overall risk level (low/medium/high) based on the maximum risk score.
-
Suggest actions:
- For high-risk nodes: "Consider adding tests before merging"
- For security-sensitive nodes: "Review authentication and authorization logic carefully"
- For high-fan-in nodes: "Changes here affect many callers; verify backward compatibility"
Risk Scoring Model
Five weighted factors (sum capped at 1.0):
| Factor | Weight | Meaning | |--------|--------|---------| | Test gap | 0.30 | No test coverage | | Security | 0.20 | Auth/crypto/SQL keywords | | Flow participation | 0.25 | Part of execution flows | | Cross-community | 0.15 | Called from other modules | | Caller count | 0.10 | High fan-in function |
Related Skills
athola/friction-detector
tools
VerifiedTrustedCommunity
Detect friction signals; graduate patterns into rules. Use for session retrospectives.
300SKILL.mdUpdated Apr 23, 2026
athola/validate-mr
testing
VerifiedTrustedCommunity
Use when you need a diff-derived test plan for an MR — reads the diff, groups changes by area, runs targeted verifications, and proves revert-tests are genuine guards, not dead assertions.
294SKILL.mdUpdated May 30, 2026
athola/palace-index-curator
development
VerifiedTrustedCommunity
Curate the web-capture index. Use when the capture backlog grows, captures sit unprocessed at seedling/pending, or to surface stored research during work.
294SKILL.mdUpdated May 30, 2026
athola/memory-clarity-probe
testing
VerifiedTrustedCommunity
Probe memory/summary clarity via dual anchor questions: task progress, info gaps. Use when verifying session state or summary before handoff or compression.
294SKILL.mdUpdated May 30, 2026