martinffx/code-perf
skills/code-perf/SKILL.md
Performance profiling and optimization. Use when code is slow, has memory issues, or needs optimization. Triggers on "slow", "performance", "optimize", "memory leak", "profiling", "bottleneck", or any performance-related concern.
$ install --global
skillsauthnpx skillsauth add martinffx/claude-code-atelier code-perfInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 26, 2026, 1:03 PM78.2s4 files scanned
SKILL.md
- name:
- code-perf
- description:
- >
- user-invocable:
- true
Code Perf
Performance profiling and optimization workflow.
The Golden Rule
Never optimize without profiling.
You don't know where the bottleneck is until you measure. Making changes without profiling wastes time and often makes things worse.
Workflow
1. Profile
Measure the current performance.
Questions:
- What's slow? (endpoint, operation, page load)
- How slow? (latency, throughput)
- Under what conditions? (load, data size)
Tools:
- Browser DevTools (Performance tab)
- Node clinic.js
- Python cProfile
- Go pprof
2. Identify
Find the hot paths.
Look for:
- Functions called many times
- Large memory allocations
- Blocking I/O
- Unnecessary computations
3. Optimize
Apply the right optimization pattern.
4. Verify
Re-profile to confirm improvement.
Common Bottlenecks
See references/common-bottlenecks.md for detailed patterns:
| Pattern | Symptom | Solution | |---------|---------|----------| | N+1 | Multiple DB queries | Eager load, batch | | Memory leak | Growing RSS | Clear caches, weak refs | | Blocking I/O | Thread blocked | Async, worker pool | | Unnecessary work | CPU high | Skip redundant calc | | Large data | Slow serialization | Pagination, streams |
Optimization Patterns
See references/optimization-patterns.md for:
Caching
// Before: every call hits DB
const user = await db.users.find(id);
// After: cache
const cacheKey = `user:${id}`;
let user = await redis.get(cacheKey);
if (!user) {
user = await db.users.find(id);
await redis.set(cacheKey, user, 'EX', 300);
}
Lazy Loading
// Before: load everything
const allUsers = await db.users.findMany();
// After: paginate
const users = await db.users.findMany({
take: 20,
skip: page * 20
});
Connection Pooling
// Before: new connection each time
const client = new Client();
await client.connect();
// After: pool
const pool = new Pool({ max: 20 });
// Use pool.query() throughout
Profiling Tools
See references/profiling-tools.md for:
Node.js
# CPU profiling
node --prof app.js
# Memory
node --inspect app.js # Chrome DevTools
# clinic.js
npx clinic doctor -- node app.js
Python
# cProfile
python -m cProfile -o profile.prof app.py
# view with: python -m cProfile -s cumulative app.py
Go
# pprof
go test -cpuprofile=cpu.prof
go tool pprof cpu.prof
# Web interface
go tool pprof -http=:8080 cpu.prof
Skill Loading
- If optimization involves queries → load python-sqlalchemy or typescript-drizzle-orm
- If memory issues → load for heap snapshots
- If database → load appropriate database skill
Related Skills
martinffx/oracle-security
development
VerifiedTrustedCommunity
Security architecture and threat modeling knowledge. Auto-invokes when designing features that handle untrusted data, authentication, authorization, external integrations, file uploads, or sensitive data. Provides risk assessment frameworks, trust boundary analysis, and security design principles — not implementation code.
25SKILL.mdUpdated May 24, 2026
martinffx/oracle-doubt
testing
VerifiedTrustedCommunity
Adversarial review of non-trivial decisions using fresh-context scrutiny. Use when correctness matters more than speed, when stakes are high (production, security-sensitive logic, irreversible operations), or before committing significant architectural or implementation choices.
25SKILL.mdUpdated May 24, 2026
martinffx/code-handoff
development
VerifiedTrustedCommunity
Compact the current conversation into a handoff document for another agent to pick up.
25SKILL.mdUpdated May 24, 2026
martinffx/oracle-grillme
testing
VerifiedTrustedCommunity
Socratic interrogation of plans against the project's domain model and documented decisions. Use when the user wants to stress-test a plan, clarify terminology, or validate assumptions against existing domain language. Updates CONTEXT.md and ADRs inline as decisions crystallise.
25SKILL.mdUpdated May 23, 2026