hdkz-dev/zenith-audit
skills/zenith-audit/SKILL.md
High-fidelity quality auditing for the multi-game-engines project. Ensures 100% Zero-Any, security hardening, and physical resilience validation according to 2026 Zenith Tier standards.
testing
Updated Apr 28, 2026
$ install --global
skillsauthnpx skillsauth add hdkz-dev/multi-game-engines zenith-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 28, 2026, 3:47 AM169.2s1 file scanned
SKILL.md
- name:
- zenith-audit
- description:
- High-fidelity quality auditing for the multi-game-engines project. Ensures 100% Zero-Any, security hardening, and physical resilience validation according to 2026 Zenith Tier standards.
Zenith Tier High-Fidelity Audit
This skill provides a rigorous, exhaustive auditing protocol to ensure that the codebase meets the absolute highest engineering standards of 2026.
Capabilities
- Zero-Any Enforcement: Detects and eliminates 100% of
anytypes in production code. - Resilience Validation: Verifies error handling for extreme edge cases (network drops, storage locks, split packets).
- Branded Type Integrity: Ensures FEN, SFEN, Move, and I18nKey are created ONLY via their respective factories.
- Security Guard: Validates "Refuse by Exception" patterns and SRI compliance.
- Concurrency & Race condition check: Audits async flows for Atomic Ready and stale message filtering.
When to Use
- Before finalizing any Pull Request.
- When performing high-level architectural refactoring.
- When adding support for a new game domain or engine protocol.
- To verify the "Physical Proof" of robustness (98%+ coverage).
How to Audit
1. Zero-Any Scan
Run this to find illegal manual casts or any usage:
grep -r "as any" packages/*/src
grep -r ": any" packages/*/src
Zenith Rule: No any allowed in production. Use unknown + type guard or branded factory.
2. Branded Factory Check
Ensure no one is bypassing factories:
grep -r "as (FEN|SFEN|Move|PositionString|PositionId|I18nKey)" packages/*/src
Zenith Rule: All branded types must use createX(...) factories for validation.
3. Resilience Checklist
Review changed files for the following:
- Middleware Isolation: Is every middleware call wrapped in a
try-catch? - Stream Buffering: Does the communicator handle split packets/partial lines?
- Stale Message Filtering: Does search result handling check the
positionId? - Atomic Initialization: Does the load promise prevent concurrent initialization?
4. Verification Gate
Audit the test coverage and determinism:
# Verify coverage
pnpm test --coverage
# Check for flakiness (deterministic time)
grep -r "performance.now" packages/*/src/__tests__
Zenith Rule: performance.now() must be mocked in tests to ensure deterministic results.
5. Document Parity
Ensure docs/ and docs/en/ are in sync using the doc-sync skill.
Remediation Protocol
- Refuse by Exception: If an audit fails, do NOT fix silently. Document the failure in a "Gap Analysis" or "Audit Report" and fix it with physical test proof.
- Zero-Debt Policy: Audit findings must be resolved in the same task iteration.
Related Skills
hdkz-dev/doc-sync
documentation
VerifiedTrustedCommunity
Maintains 1:1 parity between Japanese and English documentation in the multi-game-engines project. Ensures global architectural alignment.
SKILL.mdUpdated Apr 28, 2026
hdkz-dev/code-review
development
VerifiedTrustedCommunity
AI-powered code review using CodeRabbit. Default code-review skill. Trigger for any explicit review request AND autonomously when the agent thinks a review is needed (code/PR/quality/security).
SKILL.mdUpdated Apr 27, 2026
steipete/skill-creator
testing
VerifiedTrustedCommunity
Create, edit, improve, or audit AgentSkills. Use when creating a new skill from scratch or when asked to improve, review, audit, tidy up, or clean up an existing skill or SKILL.md file. Also use when editing or restructuring a skill directory (moving files to references/ or scripts/, removing stale content, validating against the AgentSkills spec). Triggers on phrases like "create a skill", "author a skill", "tidy up a skill", "improve this skill", "review the skill", "clean up the skill", "audit the skill".
356,423SKILL.mdUpdated Apr 13, 2026
steipete/healthcheck
testing
VerifiedTrustedCommunity
Host security hardening and risk-tolerance configuration for OpenClaw deployments. Use when a user asks for security audits, firewall/SSH/update hardening, risk posture, exposure review, OpenClaw cron scheduling for periodic checks, or version status checks on a machine running OpenClaw (laptop, workstation, Pi, VPS).
356,423SKILL.mdUpdated Apr 13, 2026