kanopi/live-site-audit
skills/live-site-audit/SKILL.md
Comprehensive live site audit orchestrating performance, accessibility, security, and code quality specialists in parallel. Invoke when user runs /audit-live-site, requests a comprehensive site health assessment, needs a full multi-dimensional audit, or wants a unified audit report with health score and remediation roadmap. Generates audit-live-site-YYYY-MM-DD-HHMM.md report file.
$ install --global
skillsauthnpx skillsauth add kanopi/cms-cultivator live-site-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 30, 2026, 7:06 AM8.7s2 files scanned
SKILL.md
- name:
- live-site-audit
- description:
- Comprehensive live site audit orchestrating performance, accessibility, security, and code quality specialists in parallel. Invoke when user runs /audit-live-site, requests a comprehensive site health assessment, needs a full multi-dimensional audit, or wants a unified audit report with health score and remediation roadmap. Generates audit-live-site-YYYY-MM-DD-HHMM.md report file.
- disable-model-invocation:
- true
Live Site Audit
Comprehensive multi-dimensional site audit that orchestrates four specialist agents in parallel for performance, accessibility, security, and code quality analysis.
Usage
/audit-live-site— Full audit of local project/audit-live-site https://example.com— Audit a live site URL/audit-live-site staging.example.com— Audit staging environment
Environment Detection
Tier 1 — Portable (Claude Desktop, Codex, any environment)
When Task() or browser tools are unavailable:
- Detect context — Determine site URL (from argument or local project) and CMS (Drupal/WordPress)
- Run sequential analysis — Perform all four audit dimensions directly using Read, Grep, Glob:
- Performance: Database query patterns, caching strategy, asset markup, Core Web Vitals indicators
- Accessibility: Semantic HTML, ARIA attributes, color values, keyboard patterns
- Security: OWASP Top 10 code patterns, input validation, output encoding
- Code Quality: Complexity, code smells, standards compliance, technical debt
- Synthesize findings — Combine results into unified prioritized report
- Calculate health score — Score each dimension (0–100) and compute overall health
- Save report — Write to
audit-live-site-YYYY-MM-DD-HHMM.mdand present path
Tier 2 — Claude Code Enhanced
When running in Claude Code with the Agent tool available:
Step 1: Spawn all 4 specialists in parallel — send a single message containing all 4 Agent calls:
Agent(subagent_type="cms-cultivator:performance-specialist:performance-specialist",
prompt="Analyze performance for {URL}. Working directory: {cwd}.
Check: Core Web Vitals, LCP/INP/CLS, render-blocking assets, image optimization,
caching strategy, TTFB. Return structured findings with severity levels and
specific file paths or URLs where issues are found.")
Agent(subagent_type="cms-cultivator:accessibility-specialist:accessibility-specialist",
prompt="Audit WCAG 2.1 AA compliance for {URL}. Working directory: {cwd}.
Check: semantic HTML, ARIA, keyboard navigation, color contrast (4.5:1), alt text,
form labels, skip links, focus indicators, touch targets. Return structured findings
with WCAG criterion references and severity levels.")
Agent(subagent_type="cms-cultivator:security-specialist:security-specialist",
prompt="Scan for OWASP Top 10 vulnerabilities at {URL}. Working directory: {cwd}.
Check: XSS, SQL injection, CSRF, auth issues, security headers, exposed endpoints,
sensitive file exposure, dependency vulnerabilities. Return structured findings
with severity levels and specific remediation steps.")
Agent(subagent_type="cms-cultivator:code-quality-specialist:code-quality-specialist",
prompt="Analyze code quality in {cwd}.
Check: PHPCS standards, cyclomatic complexity, design patterns, SOLID principles,
technical debt, code smells, documentation coverage. Return structured findings
with severity levels and file paths.")
Step 2: Wait for all 4 specialists to return results.
Step 3: Synthesize directly — do not spawn another agent. Using all four specialist outputs:
- Calculate per-category health scores (0–100) and overall weighted score (Performance 25%, Accessibility 25%, Security 30%, Code Quality 20%)
- Identify cross-domain issues (problems that appear in multiple specialist reports)
- Deduplicate and categorize all issues: Critical → High → Medium → Low
- Build a phased remediation roadmap
- Write the report to
audit-live-site-YYYY-MM-DD-HHMM.mdin the working directory - Present the executive summary, health score, and file path to the user
- Suggest: "Use the audit-export skill to export findings as CSV tasks."
Report Format
# Site Audit Report — [Site URL]
**Date**: [date]
**CMS**: [Drupal/WordPress]
**Overall Health Score**: [0-100]
## Executive Summary
- Performance: [score/100]
- Accessibility: [score/100]
- Security: [score/100]
- Code Quality: [score/100]
## Critical Issues (All Dimensions)
[Issues requiring immediate action]
## Prioritized Remediation Roadmap
### Phase 1: Critical (This Sprint)
### Phase 2: High Priority (This Quarter)
### Phase 3: Medium Priority (Next Quarter)
### Phase 4: Long-term Optimization
Chrome DevTools Integration
When chrome-devtools MCP is available (Claude Code only), the audit can include:
- Real browser performance measurement (actual LCP, INP, CLS values)
- Live accessibility testing with axe-core
- Network request analysis
- Screenshots at multiple breakpoints
After the Audit
Export findings to project management CSV:
Use the audit-export skill: provide the report file path to generate a Teamwork-compatible CSV with tasks organized by priority phase.
Related Skills
- accessibility-audit — Focused WCAG 2.1 AA audit only
- performance-audit — Focused Core Web Vitals audit only
- security-audit — Focused OWASP vulnerability audit only
- quality-audit — Focused code quality audit only
- audit-export — Export findings to CSV
- audit-report — Generate client-facing executive summary
Related Skills
kanopi/strategist-site-audit
tools
VerifiedTrustedCommunity
Strategist-focused site audit for discovery and pre-discovery. Given a site URL and optional qualitative research data, navigates the site via CoWork, audits against all 21 UX Laws from lawsofux.com, reviews content hierarchy, synthesises qualitative data, runs Lighthouse, and produces two deliverables — a Project Knowledge Summary (Markdown for Claude Desktop Projects) and a polished, iterable HTML Artifact for client sharing. Use when a strategist, UX lead, or PM asks for a discovery audit, UX laws audit, content hierarchy review, pre-discovery site review, "audit this site for strategy", "strategist audit", "UX audit", or pastes a site URL with discovery context. Not for developer audits — use accessibility-audit, performance-audit, or live-site-audit for those.
11SKILL.mdUpdated May 15, 2026
kanopi/story-point-estimator
development
VerifiedTrustedCommunity
Provide story point estimation guidance with hour calculations for software development tasks. Uses Fibonacci sequence (1, 2, 3, 5, 8, 13, 21, 34+) and converts story points to hours. Includes platform-specific adjustments and velocity calculations.
11SKILL.mdUpdated May 15, 2026
kanopi/qa-review
tools
VerifiedTrustedCommunity
Perform a full QA review of a Teamwork task by reading the task and all its comments for context, extracting the multi-dev URL, generating dynamic validation steps tailored to the task type, and using CoWork browser automation to execute those steps on the multi-dev environment. Produces a structured validation report with pass/fail per step, screenshots, internal notes, and a client-facing summary — all shown in chat. Use this skill whenever the user asks to QA, test, validate, or review a Teamwork task or multi-dev environment — even if they just say "can you QA this?" or paste a Teamwork link. Also triggers for phrases like "run QA on", "check the multi-dev", "validate this task", "test the dev link", or "review the ticket". Works across Drupal/CMS updates, WordPress/plugin updates, bug fixes, new feature development, and general web development tasks.
11SKILL.mdUpdated May 15, 2026
kanopi/project-heartbeat
tools
VerifiedTrustedCommunity
Generate a client-facing project heartbeat / status update message for a Kanopi project, ready to be posted as a Teamwork message. Use this skill whenever the user asks to write, draft, generate, or send a project update, heartbeat, status update, or progress report to a client. Also triggers when the user says things like "time for a project update", "draft the heartbeat", "write up the update for [project]", or "it's been two weeks, let's send an update". Always use this skill — even if the user doesn't say "heartbeat" — whenever the intent is to summarise recent project activity for a client audience.
11SKILL.mdUpdated May 15, 2026