melodic-software/audit-lsp
plugins/claude-ecosystem/skills/audit-lsp/SKILL.md
Audit Claude Code LSP server configurations for quality and compliance. Use when creating or validating plugin LSP servers, or troubleshooting code intelligence issues.
$ install --global
skillsauthnpx skillsauth add melodic-software/claude-code-plugins audit-lspInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 7, 2026, 8:32 AM26.5s1 file scanned
SKILL.md
- name:
- audit-lsp
- description:
- Audit Claude Code LSP server configurations for quality and compliance. Use when creating or validating plugin LSP servers, or troubleshooting code intelligence issues.
- argument-hint:
- [--force | --skip-validation]
- allowed-tools:
- Read, Bash, Glob, Grep, Task
Audit LSP Servers Command
Audit Claude Code LSP (Language Server Protocol) server configurations for quality and compliance.
Initialization
Before auditing, initialize the environment:
- Get the current UTC date for audit timestamps.
- Capture the project root path for subagent communication.
- Ensure the temp directory (
.claude/temp/) exists. - Clean up any stale audit files if the user confirms.
The plugin-development skill provides authoritative validation guidance (auto-loaded when this command runs).
What Gets Audited
.lsp.jsonfile structure and validity- LSP server configuration fields
- Language/file type associations
- Server command and arguments
- Plugin manifest
lspServersreferences
Command Arguments
| Argument | Description |
| --- | --- |
| (none) | Audit all discoverable LSP configurations |
| --force | Audit regardless of modification status |
| --skip-validation | Skip finding validation (faster, but may include false positives) |
Step 1: Discover LSP Configurations
Search for .lsp.json files in:
- Project root (
.lsp.json) - Plugin directories (
plugins/*/.lsp.json) - User plugins directory
Also check plugin.json manifests for lspServers field references.
Build a list of discovered LSP configurations with their scope (project, plugin, or user) and full path.
If no LSP configurations are found, report this and provide guidance on how to create one.
Step 2: Parse Arguments
Check if the --force flag is present in the command arguments. Build the audit queue based on discovered configurations and the force flag.
Step 3: Present Audit Plan
Display audit mode (SMART or FORCE), configurations discovered, and list each with scope and last modified date.
Step 4: Execute Audits
For each LSP configuration, spawn the plugin-component-auditor subagent with the following context:
- Scope (project, plugin, or user)
- Full path to the
.lsp.jsonfile - Associated plugin manifest (if applicable)
- Last audit date or "Never audited"
- Current audit date
- Project root path
Run subagents in parallel when multiple configurations exist.
Subagents write findings to .claude/temp/ as both JSON (for recovery/aggregation) and markdown (for human review). The main conversation thread collects results and updates audit logs using its Write/Edit tools.
Step 4.5: Validate Findings
Unless --skip-validation flag is present:
- Spawn the
audit-finding-validatoragent with:project_root: The captured project root pathaudit_type: "lsp"audit_files: List of.claude/temp/audit-*-lsp-*.jsonfile paths
- Wait for validation to complete
- Read updated JSON files with validation results
- Filter out FALSE_POSITIVE findings completely before aggregation
- Note: Filtered findings are logged to
.claude/temp/audit-filtered-findings.json
If --skip-validation flag is present:
- Skip validation phase entirely (current speed preserved)
- Present all findings without filtering
- Note in summary: "Validation: Skipped"
Step 5: Final Summary
Report total configurations audited, results by scope, and details table. List configuration or server issues with remediation steps.
Include validation statistics (if validation was performed):
- Validation performed: Yes/No
- Findings validated: X
- False positives filtered: Y
- Verified findings: Z
- Unverified findings: W
Important Notes
LSP Configuration Requirements
LSP configurations must specify valid server commands, proper language associations, and correct initialization options.
Configuration Locations
| Location | Purpose |
| --- | --- |
| .lsp.json (project root) | Project-specific LSP servers |
| plugins/*/.lsp.json | Plugin-provided LSP servers |
| Plugin manifest lspServers | Reference to LSP configurations |
Common LSP Server Types
- TypeScript/JavaScript language servers
- Python language servers
- Go language servers
- Custom domain-specific servers
Audit Log Location
All audit results are written to .claude/audit/lsp.md.
Use /audit-log lsp to view current audit status.
Example Usage
Example 1: Audit All LSP Configurations
User: /audit-lsp
Claude: Discovering LSP configurations...
## Audit Plan
**Mode**: SMART
**Configurations discovered**: 2
1. [project] .lsp.json
2. [plugin] plugins/typescript/.lsp.json
[Spawns plugin-component-auditor subagents]
## Audit Complete
| Scope | Config | Result | Score |
| --- | --- | --- | --- |
| project | .lsp.json | PASS | 100/100 |
| plugin | typescript/.lsp.json | PASS | 95/100 |
Example 2: Force Audit
User: /audit-lsp --force
Claude: Auditing all LSP configurations (force mode)...
Related Skills
melodic-software/milan-jovanovic-blog
development
VerifiedTrustedCommunity
Search Milan Jovanovic's .NET blog for Clean Architecture, DDD, CQRS, EF Core, and ASP.NET Core patterns. Use for finding applicable patterns, code examples, and architecture guidance. Invoke when working with .NET projects that could benefit from proven architectural patterns.
47SKILL.mdUpdated Apr 7, 2026
melodic-software/setup-dab
tools
VerifiedTrustedCommunity
Install and configure Data API Builder (DAB) for production SQL Server MCP access with RBAC
47SKILL.mdUpdated Apr 7, 2026
melodic-software/mssql
tools
VerifiedTrustedCommunity
Manage MssqlMcp servers - status, rebuild, and upstream updates
47SKILL.mdUpdated Apr 7, 2026
melodic-software/onboarding
tools
VerifiedTrustedCommunity
Developer environment setup guides for Windows, macOS, Linux, and WSL. Use when setting up development machines, installing tools, configuring environments, or following platform-specific setup guides. Covers package management, shell/terminal, code editors, AI tooling, containerization, databases, and more.
47SKILL.mdUpdated Apr 7, 2026