kanopi/performance-audit
skills/performance-audit/SKILL.md
Comprehensive performance analysis and Core Web Vitals optimization for Drupal and WordPress projects. Spawns performance-specialist for full analysis. Invoke when user runs /audit-perf, requests a full performance audit, needs Core Web Vitals analysis (LCP, INP, CLS), or asks for comprehensive performance assessment. Supports --quick, --standard, --comprehensive depth modes and scope/format/target flags.
$ install --global
skillsauthnpx skillsauth add kanopi/cms-cultivator performance-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 19, 2026, 5:01 AM6.6s2 files scanned
SKILL.md
- name:
- performance-audit
- description:
- Comprehensive performance analysis and Core Web Vitals optimization for Drupal and WordPress projects. Spawns performance-specialist for full analysis. Invoke when user runs /audit-perf, requests a full performance audit, needs Core Web Vitals analysis (LCP, INP, CLS), or asks for comprehensive performance assessment. Supports --quick, --standard, --comprehensive depth modes and scope/format/target flags.
- disable-model-invocation:
- true
Performance Audit
Comprehensive performance analysis and Core Web Vitals optimization using the performance-specialist agent.
Usage
/audit-perf— Full performance audit (standard depth)/audit-perf --quick --scope=current-pr— Pre-commit Core Web Vitals check/audit-perf --comprehensive --format=summary— Pre-release deep audit with executive summary/audit-perf --standard --format=json— CI/CD integration output/audit-perf queries— Legacy focus area (still supported)
Arguments
Depth Modes
--quick— Core Web Vitals only (~5 min)--standard— CWV + major bottlenecks (default, ~15 min)--comprehensive— Full profiling + recommendations (~30 min)
Scope Control
--scope=current-pr— Only files changed in current PR--scope=frontend— Only frontend files (CSS, JS, images)--scope=backend— Only backend files (PHP, SQL, caching)--scope=module=<name>— Specific module/directory--scope=file=<path>— Single file--scope=entire— Full codebase (default)
Output Formats
--format=report— Detailed report with metrics (default)--format=json— Structured JSON for CI/CD--format=summary— Executive summary--format=metrics— Core Web Vitals metrics only
Target Thresholds
--target=good— Report only if failing "good" thresholds (LCP > 2.5s, INP > 200ms, CLS > 0.1)--target=needs-improvement— Report if needing improvement (LCP > 4.0s, INP > 500ms, CLS > 0.25)
Legacy Focus Areas (Still Supported)
queries, n+1, assets, bundles, caching, vitals, lcp, inp, cls
Environment Detection
Tier 1 — Portable (Claude Desktop, Codex, any environment)
When Task() or bash tools are unavailable, perform performance analysis directly:
- Parse arguments — Determine depth mode, scope, format, and any legacy focus area
- Identify files to analyze — Use Glob to find PHP, CSS, JS, SCSS, and SQL files
- Analyze performance directly:
- Use Read and Grep to identify N+1 query patterns, missing cache tags, SELECT * queries
- Check CSS for render-blocking patterns, unused selectors, missing critical CSS hints
- Check JS for bundle size indicators, synchronous blocking, missing defer/async
- Review image markup for missing dimensions, lazy loading, responsive images
- Detect CMS-specific patterns (Drupal cache tags, WordPress transients)
- Generate report — Format findings per requested output format, prioritized by impact
- Save report — Write to
audit-perf-YYYY-MM-DD-HHMM.mdand present path to user
Supported checks in Tier 1: code-level query patterns, caching strategy, asset markup, CMS-specific anti-patterns.
Tier 2 — Claude Code Enhanced
When running in Claude Code with Task() available:
- Parse arguments — Determine depth, scope, format, and target threshold
- Determine files — For
--scope=current-pr:git diff --name-only origin/main...HEAD | grep -E '\.(php|tsx?|jsx?|css|scss|sql)$' - Spawn performance-specialist:
Task(cms-cultivator:performance-specialist:performance-specialist, prompt="Analyze performance and optimize Core Web Vitals with: - Depth mode: {depth} - Scope: {scope} - Format: {format} - Target threshold: {target or 'none'} - Focus area: {focus or 'complete analysis'} - Files to analyze: {file_list} Check database queries, caching strategies, asset optimization, and rendering for Drupal and WordPress. Save report to audit-perf-YYYY-MM-DD-HHMM.md and present the file path.") - Present results to user with file path
Core Web Vitals Targets
| Metric | Good | Needs Improvement | Poor | |--------|------|-------------------|------| | LCP | < 2.5s | 2.5s–4.0s | > 4.0s | | INP | < 200ms | 200ms–500ms | > 500ms | | CLS | < 0.1 | 0.1–0.25 | > 0.25 |
CMS-Specific Optimizations
Drupal: Cache tags/contexts/max-age, EntityQuery optimization, Views caching, BigPipe, CSS/JS aggregation
WordPress: Transient caching, WP_Query optimization (no_found_rows, update_post_term_cache), object cache (Redis/Memcached), conditional asset loading
Performance Budgets
| Metric | Target | |--------|--------| | Total JS | < 200KB | | Total CSS | < 100KB | | Images | < 1MB total | | HTTP Requests | < 50 |
Related Skills
- performance-analyzer — Quick code-level performance checks (auto-activates on "slow" or "optimize")
- audit-export — Export findings to CSV for project management tools
- audit-report — Generate client-facing executive summary from audit file
Related Skills
kanopi/strategist-site-audit
tools
VerifiedTrustedCommunity
Strategist-focused site audit for discovery and pre-discovery. Given a site URL and optional qualitative research data, navigates the site via CoWork, audits against all 21 UX Laws from lawsofux.com, reviews content hierarchy, synthesises qualitative data, runs Lighthouse, and produces two deliverables — a Project Knowledge Summary (Markdown for Claude Desktop Projects) and a polished, iterable HTML Artifact for client sharing. Use when a strategist, UX lead, or PM asks for a discovery audit, UX laws audit, content hierarchy review, pre-discovery site review, "audit this site for strategy", "strategist audit", "UX audit", or pastes a site URL with discovery context. Not for developer audits — use accessibility-audit, performance-audit, or live-site-audit for those.
11SKILL.mdUpdated May 15, 2026
kanopi/story-point-estimator
development
VerifiedTrustedCommunity
Provide story point estimation guidance with hour calculations for software development tasks. Uses Fibonacci sequence (1, 2, 3, 5, 8, 13, 21, 34+) and converts story points to hours. Includes platform-specific adjustments and velocity calculations.
11SKILL.mdUpdated May 15, 2026
kanopi/qa-review
tools
VerifiedTrustedCommunity
Perform a full QA review of a Teamwork task by reading the task and all its comments for context, extracting the multi-dev URL, generating dynamic validation steps tailored to the task type, and using CoWork browser automation to execute those steps on the multi-dev environment. Produces a structured validation report with pass/fail per step, screenshots, internal notes, and a client-facing summary — all shown in chat. Use this skill whenever the user asks to QA, test, validate, or review a Teamwork task or multi-dev environment — even if they just say "can you QA this?" or paste a Teamwork link. Also triggers for phrases like "run QA on", "check the multi-dev", "validate this task", "test the dev link", or "review the ticket". Works across Drupal/CMS updates, WordPress/plugin updates, bug fixes, new feature development, and general web development tasks.
11SKILL.mdUpdated May 15, 2026
kanopi/project-heartbeat
tools
VerifiedTrustedCommunity
Generate a client-facing project heartbeat / status update message for a Kanopi project, ready to be posted as a Teamwork message. Use this skill whenever the user asks to write, draft, generate, or send a project update, heartbeat, status update, or progress report to a client. Also triggers when the user says things like "time for a project update", "draft the heartbeat", "write up the update for [project]", or "it's been two weeks, let's send an update". Always use this skill — even if the user doesn't say "heartbeat" — whenever the intent is to summarise recent project activity for a client audience.
11SKILL.mdUpdated May 15, 2026