melodic-software/gemini-analyze
plugins/google-ecosystem/skills/gemini-analyze/SKILL.md
Send a file to Gemini CLI for structured code analysis. Use when you need security audits, performance reviews, architecture analysis, or bug detection.
$ install --global
skillsauthnpx skillsauth add melodic-software/claude-code-plugins gemini-analyzeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 7, 2026, 8:48 AM22.6s1 file scanned
SKILL.md
- name:
- gemini-analyze
- description:
- Send a file to Gemini CLI for structured code analysis. Use when you need security audits, performance reviews, architecture analysis, or bug detection.
- argument-hint:
- <file-path> [analysis-type: security|performance|architecture|bugs]
- allowed-tools:
- Read, Bash
Gemini Analyze Command
Send a file to Gemini CLI for structured analysis.
Prerequisites
- Gemini CLI installed and configured (
npm install -g @google/gemini-cliorbrew install gemini-cli) - Valid Google AI API key configured in environment
Usage
/google-ecosystem:gemini-analyze <file-path> [analysis-type]
Arguments
$1(required): File path to analyze$2(optional): Analysis type - defaults to "general"security- Security vulnerabilities and risksperformance- Performance issues and optimizationsarchitecture- Design patterns and structurebugs- Potential bugs and edge casesgeneral- Overall code review
Examples
/google-ecosystem:gemini-analyze src/auth.ts security/google-ecosystem:gemini-analyze lib/utils.py performance/google-ecosystem:gemini-analyze app/main.go architecture/google-ecosystem:gemini-analyze index.js bugs/google-ecosystem:gemini-analyze config.yaml(defaults to general)
Execution
Step 1: Validate File
Check that the file exists and is readable:
if [ ! -f "$1" ]; then
echo "Error: File not found: $1"
exit 1
fi
Step 2: Determine Analysis Type
analysis_type="${2:-general}"
Step 3: Build Prompt
Create analysis-specific prompts:
case "$analysis_type" in
security)
prompt="Security audit this code. Identify:
1. Authentication/authorization vulnerabilities
2. Input validation issues
3. Injection vulnerabilities (SQL, XSS, command)
4. Sensitive data exposure
5. Cryptographic weaknesses
Rate each finding: CRITICAL, HIGH, MEDIUM, LOW"
;;
performance)
prompt="Performance review this code. Identify:
1. Algorithmic inefficiencies
2. Memory leaks or excessive allocation
3. Unnecessary operations
4. Missing caching opportunities
5. N+1 query patterns
Estimate impact: HIGH, MEDIUM, LOW"
;;
architecture)
prompt="Architecture review this code. Analyze:
1. Design patterns used
2. SOLID principles adherence
3. Separation of concerns
4. Dependency management
5. Extensibility and maintainability
Provide recommendations for improvement"
;;
bugs)
prompt="Bug hunt in this code. Look for:
1. Logic errors
2. Off-by-one errors
3. Null/undefined handling
4. Race conditions
5. Edge cases not handled
6. Type mismatches
Rate likelihood: LIKELY, POSSIBLE, UNLIKELY"
;;
*)
prompt="General code review. Evaluate:
1. Code quality and readability
2. Best practices adherence
3. Potential issues
4. Improvement suggestions"
;;
esac
Step 4: Execute Analysis
result=$(cat "$1" | gemini "$prompt" -m gemini-2.5-flash)
Step 5: Parse Results
Note: Gemini CLI outputs plain text by default, not JSON. The jq parsing below is for reference if using JSON output mode. For standard usage, treat the entire output as the response.
response=$(echo "$result" | jq -r '.response // "Analysis failed"')
tokens=$(echo "$result" | jq '.stats.models | to_entries | map(.value.tokens.total) | add // 0')
model=$(echo "$result" | jq -r '.stats.models | keys[0] // "unknown"')
Output Format
Present findings in structured format:
# Gemini Analysis: {filename}
**Type**: {analysis_type}
**Model**: {model}
**Tokens**: {tokens}
---
{response}
---
*Analysis by Gemini CLI*
Notes
- Uses Flash model by default for cost efficiency
- Supports multiple analysis types with specialized prompts
- Structured findings with severity/impact ratings
- Token usage reported for cost tracking
Related Skills
melodic-software/milan-jovanovic-blog
development
VerifiedTrustedCommunity
Search Milan Jovanovic's .NET blog for Clean Architecture, DDD, CQRS, EF Core, and ASP.NET Core patterns. Use for finding applicable patterns, code examples, and architecture guidance. Invoke when working with .NET projects that could benefit from proven architectural patterns.
47SKILL.mdUpdated Apr 7, 2026
melodic-software/setup-dab
tools
VerifiedTrustedCommunity
Install and configure Data API Builder (DAB) for production SQL Server MCP access with RBAC
47SKILL.mdUpdated Apr 7, 2026
melodic-software/mssql
tools
VerifiedTrustedCommunity
Manage MssqlMcp servers - status, rebuild, and upstream updates
47SKILL.mdUpdated Apr 7, 2026
melodic-software/onboarding
tools
VerifiedTrustedCommunity
Developer environment setup guides for Windows, macOS, Linux, and WSL. Use when setting up development machines, installing tools, configuring environments, or following platform-specific setup guides. Covers package management, shell/terminal, code editors, AI tooling, containerization, databases, and more.
47SKILL.mdUpdated Apr 7, 2026