kanopi/quality-audit
skills/quality-audit/SKILL.md
Comprehensive code quality analysis and technical debt assessment for Drupal and WordPress projects. Spawns code-quality-specialist for full analysis. Invoke when user runs /quality-analyze, requests a full code quality audit, needs technical debt assessment, or asks for comprehensive code quality analysis. Supports --quick, --standard, --comprehensive depth modes and scope/format/threshold flags.
$ install --global
skillsauthnpx skillsauth add kanopi/cms-cultivator quality-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 19, 2026, 5:01 AM7.0s2 files scanned
SKILL.md
- name:
- quality-audit
- description:
- Comprehensive code quality analysis and technical debt assessment for Drupal and WordPress projects. Spawns code-quality-specialist for full analysis. Invoke when user runs /quality-analyze, requests a full code quality audit, needs technical debt assessment, or asks for comprehensive code quality analysis. Supports --quick, --standard, --comprehensive depth modes and scope/format/threshold flags.
- disable-model-invocation:
- true
Quality Audit
Comprehensive code quality analysis and technical debt assessment using the code-quality-specialist agent.
Usage
/quality-analyze— Full code quality analysis (standard depth)/quality-analyze --quick --scope=current-pr— Pre-commit quality check/quality-analyze --comprehensive --format=refactoring-plan— Deep analysis with refactoring plan/quality-analyze --standard --format=json— CI/CD integration output/quality-analyze complexity— Legacy focus area (still supported)
Arguments
Depth Modes
--quick— Complexity + critical code smells only (~5 min)--standard— Full analysis (default, ~15 min)--comprehensive— Include design patterns review (~30 min)
Scope Control
--scope=current-pr— Only files changed in current PR--scope=recent-changes— Files changed since main branch--scope=module=<name>— Specific module/directory--scope=file=<path>— Single file--scope=entire— Full codebase (default)
Output Formats
--format=report— Detailed technical report with code examples (default)--format=json— Structured JSON for CI/CD--format=summary— High-level summary with quality scores--format=refactoring-plan— Prioritized refactoring recommendations
Quality Thresholds
--max-complexity=N— Report functions with cyclomatic complexity > N (default: 15)--min-grade=A|B|C— Report files below specified grade
Legacy Focus Areas (Still Supported)
complexity, debt, patterns, maintainability, standards
Environment Detection
Tier 1 — Portable (Claude Desktop, Codex, any environment)
When Task() or bash tools are unavailable, perform quality analysis directly:
- Parse arguments — Determine depth, scope, format, complexity threshold, and grade
- Identify files to analyze — Use Glob to find PHP, JS, TS files
- Analyze code quality directly:
- Use Read and Grep to count conditional branches and loops (cyclomatic complexity)
- Identify long functions (> 50 lines), large classes, and duplicated code patterns
- Check naming conventions and documentation presence
- Review SOLID principle adherence (single responsibility, dependency injection)
- Check CMS-specific patterns (Drupal dependency injection, WordPress hook over direct calls)
- Identify code smells: magic numbers, deeply nested conditions, God objects
- Generate report — Format findings per requested output format, with quality scores
- Save report — Write to
quality-analyze-YYYY-MM-DD-HHMM.mdand present path to user
Supported checks in Tier 1: code pattern analysis, complexity estimation, naming conventions, CMS-specific quality patterns.
Tier 2 — Claude Code Enhanced
When running in Claude Code with Task() available:
- Parse arguments — Determine depth, scope, format, and thresholds
- Determine files — For
--scope=current-pr:
Forgit diff --name-only origin/main...HEAD | grep -E '\.(php|tsx?|jsx?)$'--scope=recent-changes:git diff main...HEAD --name-only | grep -E '\.(php|tsx?|jsx?)$' - Spawn code-quality-specialist:
Task(cms-cultivator:code-quality-specialist:code-quality-specialist, prompt="Analyze code quality and technical debt with: - Depth mode: {depth} - Scope: {scope} - Format: {format} - Max complexity: {max_complexity or 15} - Min grade: {min_grade or 'none'} - Focus area: {focus or 'complete analysis'} - Files to analyze: {file_list} Analyze complexity, assess technical debt, review design patterns, check maintainability, and apply CMS-specific standards for Drupal and WordPress. Save report to quality-analyze-YYYY-MM-DD-HHMM.md and present the file path.") - Present results to user with file path
Quality Dimensions
Code Complexity
- Cyclomatic complexity (target: ≤ 10 per function)
- Cognitive complexity (how hard to understand)
- Nesting depth (target: ≤ 4 levels)
Technical Debt
- Code smells (magic numbers, long methods, duplicated code)
- Anti-patterns (God objects, spaghetti code, tight coupling)
- Dead code and unused dependencies
Design Patterns
- SOLID principles adherence
- DRY (Don't Repeat Yourself)
- Separation of concerns
- Appropriate use of design patterns
CMS-Specific Standards
- Drupal: Drupal coding standards (PHPCS), dependency injection over \Drupal::, render arrays over raw HTML
- WordPress: WordPress coding standards, hooks over direct function calls, $wpdb->prepare() for queries
Related Skills
- code-standards-checker — Quick standards compliance checks (auto-activates on "does this follow standards?")
- audit-export — Export findings to CSV for project management tools
- audit-report — Generate client-facing executive summary from audit file
Related Skills
kanopi/strategist-site-audit
tools
VerifiedTrustedCommunity
Strategist-focused site audit for discovery and pre-discovery. Given a site URL and optional qualitative research data, navigates the site via CoWork, audits against all 21 UX Laws from lawsofux.com, reviews content hierarchy, synthesises qualitative data, runs Lighthouse, and produces two deliverables — a Project Knowledge Summary (Markdown for Claude Desktop Projects) and a polished, iterable HTML Artifact for client sharing. Use when a strategist, UX lead, or PM asks for a discovery audit, UX laws audit, content hierarchy review, pre-discovery site review, "audit this site for strategy", "strategist audit", "UX audit", or pastes a site URL with discovery context. Not for developer audits — use accessibility-audit, performance-audit, or live-site-audit for those.
11SKILL.mdUpdated May 15, 2026
kanopi/story-point-estimator
development
VerifiedTrustedCommunity
Provide story point estimation guidance with hour calculations for software development tasks. Uses Fibonacci sequence (1, 2, 3, 5, 8, 13, 21, 34+) and converts story points to hours. Includes platform-specific adjustments and velocity calculations.
11SKILL.mdUpdated May 15, 2026
kanopi/qa-review
tools
VerifiedTrustedCommunity
Perform a full QA review of a Teamwork task by reading the task and all its comments for context, extracting the multi-dev URL, generating dynamic validation steps tailored to the task type, and using CoWork browser automation to execute those steps on the multi-dev environment. Produces a structured validation report with pass/fail per step, screenshots, internal notes, and a client-facing summary — all shown in chat. Use this skill whenever the user asks to QA, test, validate, or review a Teamwork task or multi-dev environment — even if they just say "can you QA this?" or paste a Teamwork link. Also triggers for phrases like "run QA on", "check the multi-dev", "validate this task", "test the dev link", or "review the ticket". Works across Drupal/CMS updates, WordPress/plugin updates, bug fixes, new feature development, and general web development tasks.
11SKILL.mdUpdated May 15, 2026
kanopi/project-heartbeat
tools
VerifiedTrustedCommunity
Generate a client-facing project heartbeat / status update message for a Kanopi project, ready to be posted as a Teamwork message. Use this skill whenever the user asks to write, draft, generate, or send a project update, heartbeat, status update, or progress report to a client. Also triggers when the user says things like "time for a project update", "draft the heartbeat", "write up the update for [project]", or "it's been two weeks, let's send an update". Always use this skill — even if the user doesn't say "heartbeat" — whenever the intent is to summarise recent project activity for a client audience.
11SKILL.mdUpdated May 15, 2026