kanopi/audit-report
skills/audit-report/SKILL.md
Generate client-facing executive summaries from existing audit report files. Transforms technical CMS Cultivator audit findings into non-technical stakeholder reports. Invoke when user asks to "generate a client report from this audit", "create an executive summary", "make a non-technical version of this audit", or "summarize audit findings for stakeholders". Requires an existing audit report file as input.
$ install --global
skillsauthnpx skillsauth add kanopi/cms-cultivator audit-reportInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 19, 2026, 5:01 AM9.8s2 files scanned
SKILL.md
- name:
- audit-report
- description:
- Generate client-facing executive summaries from existing audit report files. Transforms technical CMS Cultivator audit findings into non-technical stakeholder reports. Invoke when user asks to "generate a client report from this audit", "create an executive summary", "make a non-technical version of this audit", or "summarize audit findings for stakeholders". Requires an existing audit report file as input.
- disable-model-invocation:
- true
Audit Report
Generate client-facing executive summaries from CMS Cultivator audit report files, transforming technical findings into accessible stakeholder communication.
Usage
- "Generate a client report from audit-live-site-2026-04-15-1430.md"
- "Create an executive summary from the security audit"
- "Make a non-technical report for the client from this accessibility audit"
- "Summarize the audit findings for stakeholders"
Environment Detection
Tier 1 — Portable (Claude Desktop, Codex, any environment)
This skill runs fully in Tier 1 using only file operations:
- Identify audit file — Accept filename from user's request or context
- Read audit report — Use Read to load the markdown file
- Extract key metrics:
- Overall health score or compliance status
- Issue counts by severity (Critical/High/Medium/Low)
- Top 3-5 most impactful findings
- Estimated remediation effort totals
- Transform technical language — Convert developer terminology to business language:
- "SQL injection vulnerability" → "Security gap that could allow unauthorized data access"
- "WCAG 2.1 AA non-compliance" → "Accessibility barriers that may prevent users with disabilities from using the site"
- "N+1 query pattern" → "Performance inefficiency causing slow page loads"
- "Cyclomatic complexity" → "Code that is difficult to maintain and may contain hidden bugs"
- Structure executive summary with sections tailored for stakeholders
- Save report — Write to
[original-name]-client-report.md
Tier 2 — Claude Code Enhanced
Same as Tier 1. This skill does not require additional Claude Code tools — it runs identically in both tiers.
Executive Summary Format
# Site Health Report — [Site Name]
**Report Date**: [date]
**Prepared for**: [Client Name]
**Prepared by**: [Team/Agency Name]
## Overview
[2-3 sentences summarizing overall site health in plain language]
**Overall Health Score**: [score]/100
## Key Findings
### What's Working Well ✅
- [Positive finding 1]
- [Positive finding 2]
### Areas Requiring Attention
#### Urgent (Address Within 1 Week) 🔴
[Plain language description of critical issues and their business impact]
**Business Impact**: [Legal risk, lost revenue, user experience impact]
**Estimated Effort**: [X hours/days]
#### High Priority (Address This Month) 🟡
[Plain language description of high-priority issues]
**Business Impact**: [Impact description]
**Estimated Effort**: [X hours/days]
#### Planned Improvements (Next Quarter) 🟢
[Lower priority improvements]
## Recommended Actions
### Immediate (This Sprint)
1. [Action item with business justification]
2. [Action item]
### Short-Term (This Quarter)
1. [Action item]
### Long-Term (Roadmap)
1. [Action item]
## Investment Summary
| Priority | Issues | Est. Effort | Est. Cost* |
|----------|--------|-------------|------------|
| Urgent | [n] | [X hrs] | $ |
| High | [n] | [X hrs] | $ |
| Planned | [n] | [X hrs] | $ |
*Estimated at [agency rate]/hour. Actual costs will be confirmed in proposal.
## Next Steps
1. Review this report with your team
2. Prioritize issues based on business impact and budget
3. Schedule a follow-up meeting to discuss implementation roadmap
4. [Agency/team] will provide detailed proposals for approved work
---
*Technical details available in the accompanying developer audit report.*
Language Translation Guide
| Technical Term | Client-Friendly Language | |----------------|--------------------------| | SQL injection | Security vulnerability allowing unauthorized data access | | XSS vulnerability | Security gap that could allow malicious code injection | | WCAG 2.1 AA | Accessibility standards ensuring site works for users with disabilities | | Core Web Vitals | Google's page speed standards affecting search rankings | | N+1 query | Database inefficiency causing slow page loads | | Cache miss | Server inefficiency increasing page load times | | Cyclomatic complexity | Code complexity increasing maintenance risk | | Technical debt | Accumulated shortcuts requiring future cleanup | | CVE | Known security vulnerability in a software component |
Business Impact Framing
- Legal risk: WCAG non-compliance, GDPR issues, security vulnerabilities
- Revenue impact: Performance → conversion rates (100ms = +1% conversions)
- SEO impact: Core Web Vitals affect Google search rankings
- Reputation risk: Security breaches, data exposure
- Maintenance cost: Technical debt and complex code increase future costs
Related Skills
- live-site-audit — Generates comprehensive source audit reports
- accessibility-audit, performance-audit, security-audit, quality-audit — Focused source audits
- audit-export — Export findings as project management tasks (CSV)
Related Skills
kanopi/strategist-site-audit
tools
VerifiedTrustedCommunity
Strategist-focused site audit for discovery and pre-discovery. Given a site URL and optional qualitative research data, navigates the site via CoWork, audits against all 21 UX Laws from lawsofux.com, reviews content hierarchy, synthesises qualitative data, runs Lighthouse, and produces two deliverables — a Project Knowledge Summary (Markdown for Claude Desktop Projects) and a polished, iterable HTML Artifact for client sharing. Use when a strategist, UX lead, or PM asks for a discovery audit, UX laws audit, content hierarchy review, pre-discovery site review, "audit this site for strategy", "strategist audit", "UX audit", or pastes a site URL with discovery context. Not for developer audits — use accessibility-audit, performance-audit, or live-site-audit for those.
11SKILL.mdUpdated May 15, 2026
kanopi/story-point-estimator
development
VerifiedTrustedCommunity
Provide story point estimation guidance with hour calculations for software development tasks. Uses Fibonacci sequence (1, 2, 3, 5, 8, 13, 21, 34+) and converts story points to hours. Includes platform-specific adjustments and velocity calculations.
11SKILL.mdUpdated May 15, 2026
kanopi/qa-review
tools
VerifiedTrustedCommunity
Perform a full QA review of a Teamwork task by reading the task and all its comments for context, extracting the multi-dev URL, generating dynamic validation steps tailored to the task type, and using CoWork browser automation to execute those steps on the multi-dev environment. Produces a structured validation report with pass/fail per step, screenshots, internal notes, and a client-facing summary — all shown in chat. Use this skill whenever the user asks to QA, test, validate, or review a Teamwork task or multi-dev environment — even if they just say "can you QA this?" or paste a Teamwork link. Also triggers for phrases like "run QA on", "check the multi-dev", "validate this task", "test the dev link", or "review the ticket". Works across Drupal/CMS updates, WordPress/plugin updates, bug fixes, new feature development, and general web development tasks.
11SKILL.mdUpdated May 15, 2026
kanopi/project-heartbeat
tools
VerifiedTrustedCommunity
Generate a client-facing project heartbeat / status update message for a Kanopi project, ready to be posted as a Teamwork message. Use this skill whenever the user asks to write, draft, generate, or send a project update, heartbeat, status update, or progress report to a client. Also triggers when the user says things like "time for a project update", "draft the heartbeat", "write up the update for [project]", or "it's been two weeks, let's send an update". Always use this skill — even if the user doesn't say "heartbeat" — whenever the intent is to summarise recent project activity for a client audience.
11SKILL.mdUpdated May 15, 2026