laurigates/health-audit
health-plugin/skills/health-audit/SKILL.md
Plugin audit against detected stack (Python, Node, Rust, Go, Terraform, Docker, K8s). Use when cleaning up unused plugins or discovering stack-relevant ones for a project.
$ install --global
skillsauthnpx skillsauth add laurigates/claude-plugins health-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 9:17 AM135.4s2 files scanned
SKILL.md
- created:
- 2026-02-05
- modified:
- 2026-05-09
- reviewed:
- 2026-04-15
- user-invocable:
- false
- description:
- Plugin audit against detected stack (Python, Node, Rust, Go, Terraform, Docker, K8s). Use when cleaning up unused plugins or discovering stack-relevant ones for a project.
- allowed-tools:
- Bash(test *), Bash(find *), Bash(jq *), Bash(claude plugin *), Read, Write, Edit, Glob, Grep, TodoWrite, AskUserQuestion
- args:
- [--fix] [--dry-run] [--verbose]
- argument-hint:
- [--fix] [--dry-run] [--verbose]
- name:
- health-audit
/health:audit
Audit the project's enabled plugins against the actual technology stack. Identifies plugins that don't apply to this project and suggests relevant plugins that aren't enabled.
When to Use This Skill
| Use this skill when... | Use another approach when... |
|------------------------|------------------------------|
| Reviewing plugin relevance for current project | General health diagnostics (use /health:check) |
| Cleaning up unused plugins | Plugin registry corruption (use /health:plugins --fix) |
| Discovering relevant plugins for tech stack | Agentic optimization audit (use /health:agentic-audit) |
| Optimizing project-specific plugin configuration | Installing specific plugin (install directly) |
| Onboarding to existing project | Need comprehensive settings validation |
Context
- Current project: !
pwd - Project settings exists: !
find . -maxdepth 2 -path '*/.claude/settings.json' - Package.json exists: !
find . -maxdepth 1 -name 'package.json' - Cargo.toml exists: !
find . -maxdepth 1 -name 'Cargo.toml' - pyproject.toml exists: !
find . -maxdepth 1 -name 'pyproject.toml' - requirements.txt exists: !
find . -maxdepth 1 -name 'requirements.txt' - go.mod exists: !
find . -maxdepth 1 -name 'go.mod' - Dockerfile exists: !
find . -maxdepth 1 -name 'Dockerfile' - docker-compose exists: !
find . -maxdepth 1 \( -name 'docker-compose.yml' -o -name 'docker-compose.yaml' -o -name 'compose.yml' -o -name 'compose.yaml' \) - GitHub workflows: !
find .github/workflows -maxdepth 1 -name '*.yml' -quit -print - Terraform files: !
find . -maxdepth 2 -name '*.tf' -quit -print - Kubernetes manifests: !
find . -maxdepth 3 \( -path '*/k8s/*' -o -path '*/kubernetes/*' \) -name '*.yaml' -quit -print
Parameters
| Parameter | Description |
|-----------|-------------|
| --fix | Apply recommended changes to .claude/settings.json |
| --dry-run | Show what would be changed without modifying files |
| --verbose | Show detailed analysis of each plugin decision |
Execution
Execute this plugin relevance audit:
Step 1: Detect the project technology stack
Analyze project files from the context above to determine the technology stack. Match indicators against the tech stack mapping in REFERENCE.md.
Step 2: Retrieve available plugins
Run claude plugin list --json to get all available plugins from configured marketplaces. Parse the output for plugin name, description, keywords, and category.
Step 3: Read currently enabled plugins
Read .claude/settings.json and extract the enabledPlugins array. If the file does not exist or enabledPlugins is not set, treat as empty list.
Step 4: Analyze plugin relevance
Compare each enabled plugin against the detected tech stack. Use the plugin relevance mapping in REFERENCE.md to determine which plugins are relevant, irrelevant, or missing.
Categorize each plugin as:
- RELEVANT -- matches detected tech stack
- NOT RELEVANT -- no matching indicators found
- MISSING -- relevant plugin not currently enabled
Step 5: Generate the audit report
Print a structured report covering:
- Detected technology stack with evidence
- Currently enabled plugins with relevance status
- Suggested plugins to add (with reasons)
- Suggested plugins to remove (with reasons)
- Summary counts
Step 6: Apply changes (if --fix)
When --fix is passed:
- Back up current settings:
cp .claude/settings.json .claude/settings.json.backup - Ask for confirmation before each category of changes (removals, additions)
- Update
.claude/settings.json-- remove confirmed irrelevant plugins, add confirmed relevant plugins, preserve other settings - Verify changes by re-reading the file, confirming valid JSON, and showing the diff
User-Level vs Project-Level
Note: This command only manages project-level plugin settings in .claude/settings.json.
User-level plugins (in ~/.claude/settings.json) are managed separately and don't need duplication at project level.
When analyzing, check if a plugin is already enabled at user level:
jq -r '.enabledPlugins[]? // empty' ~/.claude/settings.json 2>/dev/null
If a plugin is enabled at user level, it doesn't need to be in project settings unless you want project-specific behavior.
Edge Cases
| Scenario | Behavior |
|----------|----------|
| No .claude/settings.json | Create it with recommended plugins |
| Empty enabledPlugins | Suggest adding relevant plugins |
| Monorepo with multiple languages | Suggest all matching plugins |
| Plugin not in marketplace | Flag as "unknown" but don't remove |
| User declined changes | Respect decision, show manual instructions |
Agentic Optimizations
| Context | Command |
|---------|---------|
| Plugin relevance audit | /health:audit |
| Audit with auto-fix | /health:audit --fix |
| Dry-run mode | /health:audit --dry-run |
| List enabled plugins | jq -r '.enabledPlugins[]? // empty' .claude/settings.json 2>/dev/null |
| Detect project languages | find . -maxdepth 1 \( -name 'package.json' -o -name 'Cargo.toml' -o -name 'pyproject.toml' \) -exec basename {} \; |
Flags
| Flag | Description |
|------|-------------|
| --fix | Apply recommended changes (with confirmation) |
| --dry-run | Show what would be changed without modifying |
| --verbose | Show detailed reasoning for each decision |
See Also
/health:plugins- Fix plugin registry issues/health:check- Full diagnostic scan/configure:claude-plugins- Initial plugin setup
Related Skills
laurigates/workflow-verify-before-filing
testing
VerifiedTrustedCommunity
Verify accumulated bug claims at upstream HEAD and dedup against trackers before filing issues. Use when filing upstream reports from backlogs, audit docs, or git-history findings.
38SKILL.mdUpdated Jun 12, 2026
laurigates/cold-read-gate
documentation
VerifiedTrustedCommunity
Gate outward-bound text (upstream issues, docs, PR bodies) through isolated haiku fresh-reader critique before publishing. Use when an artifact must survive a reader with zero project context.
38SKILL.mdUpdated Jun 12, 2026
laurigates/evaluate-improve
tools
VerifiedTrustedCommunity
Suggest improvements to SKILL.md content, descriptions, or tool config from eval results. Use when raising pass rates, fixing triggering, or iterating on a skill after evaluation.
38SKILL.mdUpdated Apr 16, 2026
laurigates/deadbranch
tools
VerifiedTrustedCommunity
deadbranch CLI for stale-branch cleanup — dry-run preview, TUI or non-interactive delete, protects main/develop/WIP. Use when asked to clean up branches, prune branches, or remove stale branches.
37SKILL.mdUpdated Jun 11, 2026