excatt/audit
skills/audit/SKILL.md
Execute project-specific verification rules. Validates business logic, architecture patterns, and naming conventions that linters cannot catch. Auto-suggests bootstrap if no rules exist. Triggers: audit, check rules, run audit, audit manage Do NOT use for: build/lint/test (/verify), design vs implementation (/gap-analysis)
$ install --global
skillsauthnpx skillsauth add excatt/superclaude-plusplus auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 4:44 PM214.5s5 files scanned
SKILL.md
- name:
- audit
- description:
- |
- Triggers:
- audit, check rules, run audit, audit manage
- Do NOT use for:
- build/lint/test (/verify), design vs implementation (/gap-analysis)
- user-invocable:
- true
- argument-hint:
- [manage]
Audit Skill
Project-specific verification rules that generic linters cannot enforce.
| Skill | Checks |
|-------|--------|
| /verify | Build, types, lint, test, security |
| /audit | Business logic, architecture patterns, naming conventions |
| /gap-analysis | Design doc vs implementation matchRate |
Mode Selection
/audit → rules exist? → RUN mode (execute rules)
→ no rules? → MANAGE mode (bootstrap)
/audit manage → MANAGE mode (create/delete/sync rules)
Rules location: .claude/audit-rules/*.md
RUN Mode
Step 1: Collect & Match
Read all .claude/audit-rules/*.md. Match each rule's scope against changed files:
BASE=$(git remote show origin 2>/dev/null | grep 'HEAD branch' | awk '{print $NF}')
BASE=${BASE:-main}
git diff "$BASE"...HEAD --name-only
Skip rules whose scope has no matching changes.
Auto-exempt files (always skip, no rule needed):
- Lock files:
pnpm-lock.yaml,uv.lock,package-lock.json,Cargo.lock - Generated/build output:
dist/,build/,.next/,__pycache__/ - Docs:
README.md,CHANGELOG.md,LICENSE - Test fixtures:
fixtures/,__fixtures__/,test-data/ - Vendor/third-party:
vendor/,node_modules/ - CI/CD config:
.github/,.gitlab-ci.yml,Dockerfile - CLAUDE.md and
.claude/internals
Step 2: Execute
For each matched rule:
- Run bash commands from
## Checksection (if any) - AI-analyze results against
## Pass Criteria - Classify: PASS / FAIL / WARN / SKIP
Step 3: Report
AUDIT REPORT
=============
api-response-format PASS
error-handling FAIL 2 violations
src/api/users.ts:45 bare catch without error type
src/api/posts.ts:78 empty catch block
naming-convention PASS
---------------------------------------------
Rules: 3 | Passed: 2 | Failed: 1
Status: NEEDS FIX
Status: all pass → CLEAR / any error-severity fail → NEEDS FIX / warning-only → REVIEW
Step 4: Fix (if issues found)
Ask user via AskUserQuestion:
- Apply All Fixes — Automatically apply all recommended fixes
- Review Each Fix — Approve each fix individually
- Skip Fixes — Report only, make no changes
After fixes, re-run only failed rules and show before/after comparison.
MANAGE Mode
Bootstrap (No Rules)
Detect project type from config files and propose seed rules:
| Signal | Type | Suggested Rules |
|--------|------|-----------------|
| next in package.json | Next.js | Server/Client separation, API response format |
| fastapi in pyproject.toml | FastAPI | HTTPException usage, router naming |
| express/nest in package.json | Node API | Error middleware, response wrapper |
| Any project | Universal | Naming convention |
Change Analysis
git diff "$BASE"...HEAD --name-only --stat
Compare changed domains against existing rule scopes → propose CREATE/UPDATE/DELETE.
User Confirmation
Always confirm before creating or deleting rules:
Proposed:
+ api-response-format (new, covers src/api/**)
- legacy-auth-check (stale, files removed)
Apply? [Y/n]
Rule Format
Each rule is a markdown file with YAML frontmatter (name, scope, severity) and structured sections (What, Check, Pass Criteria, Examples).
Full guide: references/rule-format.md
Example rules: references/examples/
Integration
Pre-commit flow: /verify → /audit → commit
Review loop: Implement → Spec Review → Quality Review → /verify → /audit → Complete
Related Skills
excatt/grill-with-docs
testing
VerifiedTrustedCommunity
사용자 계획을 기존 도메인 모델에 대해 stress-test하는 인터뷰 세션. 용어를 날카롭게 다듬고, 결정이 굳어질 때마다 CONTEXT.md(도메인 어휘 사전)와 ADR을 인라인으로 갱신한다. 새 기능 요구사항 탐색은 `/brainstorm`을, 기존 도메인 모델·용어와의 정합성 점검은 이 스킬을 사용한다.
13SKILL.mdUpdated May 21, 2026
excatt/skills/xlsx
development
VerifiedTrustedCommunity
# Excel (XLSX) Spreadsheet Skill Claude Code supports comprehensive spreadsheet operations through the **xlsx** skill, enabling creation, editing, and analysis of Excel files (.xlsx, .xlsm, .csv, .tsv). ## Trigger - When user needs Excel spreadsheet creation or editing - Financial modeling or data analysis required - Spreadsheet formulas and calculations needed - Data import from CSV/TSV files ## Core Capabilities **Primary functions include:** - Creating new spreadsheets with formulas and f
13SKILL.mdUpdated May 15, 2026
excatt/workflow
tools
VerifiedTrustedCommunity
Generate structured implementation workflows from PRDs and feature requirements
13SKILL.mdUpdated May 15, 2026
excatt/websocket
development
VerifiedTrustedCommunity
실시간 통신 설계 가이드를 실행합니다.
13SKILL.mdUpdated May 15, 2026