nhouseholder/audit
skills/audit/SKILL.md
Audit codebases for security issues, code quality problems, and hardcoded secrets. Scans Python and JavaScript files for API keys, credentials, and anti-patterns. Fixes issues and commits with structured messages. Use when asked to audit, scan for secrets, check security, or review code quality.
$ install --global
skillsauthnpx skillsauth add nhouseholder/nicks-claude-code-superpowers auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 9, 2026, 2:40 AM20.2s1 file scanned
SKILL.md
- name:
- audit
- description:
- Audit codebases for security issues, code quality problems, and hardcoded secrets. Scans Python and JavaScript files for API keys, credentials, and anti-patterns. Fixes issues and commits with structured messages. Use when asked to audit, scan for secrets, check security, or review code quality.
- weight:
- heavy
Audit Skill
Systematic codebase audit for security, quality, and hygiene issues.
Workflow
1. Security Audit — Hardcoded Secrets
Scan for hardcoded API keys, tokens, passwords, and credentials using the Grep tool (not bash grep):
Use the Grep tool with pattern (api_key|apikey|api-key|secret|password|token|credential|auth)\s*[=:]\s*['"][^'"]{8,} and glob *.{py,js,jsx,ts,tsx,env} to search the codebase.
Also check for:
- Hardcoded URLs with credentials (
https://user:pass@...) - AWS keys (
AKIA...) - Private keys (
-----BEGIN) .envfiles committed to git
2. Fix Found Issues
For each secret found:
- Move the value to an environment variable
- Update the code to read from
os.environ(Python) orprocess.env(JS) - Add the variable name to
.env.examplewith a placeholder - Ensure
.envis in.gitignore
3. Code Quality Check
Scan for common anti-patterns:
console.logdebugging statements left in production codeprint()statements that should belogging- Unused imports
- TODO/FIXME comments that have been there too long
- Commented-out code blocks (>5 lines)
4. Commit Fixes (only if the user has asked for a commit)
git add <fixed_files>
git commit -m "security: remove hardcoded keys, move to env vars"
Or for quality fixes:
git commit -m "cleanup: remove debug statements and unused imports"
Do not auto-commit unless the user explicitly requested it.
5. Report
Output a summary:
AUDIT REPORT
============
Files scanned: X
Secrets found: Y (Z fixed)
Quality issues: N
Commits made: M
Remaining items requiring manual review:
- [list any that couldn't be auto-fixed]
Headless Mode
This skill works well in headless mode for batch processing:
claude -p "Audit all Python files for hardcoded API keys, fix any found, and commit with message 'security: remove hardcoded keys'" \
--allowedTools "Read,Edit,Bash,Grep" > audit_results.log 2>&1
Rules
- Never commit files containing real secrets — always replace first
- Always verify .gitignore includes .env before committing
- Report what was found even if auto-fix isn't possible
- Keep audit logs for compliance trail
Related Skills
nhouseholder/compactor
tools
VerifiedTrustedCommunity
Unified context management and session continuity skill. Combines total-recall, strategic-compact, /ledger, and session continuity. Runs in background to preserve critical context across compaction and sessions.
1SKILL.mdUpdated Apr 21, 2026
nhouseholder/webapp-testing
tools
VerifiedTrustedCommunity
Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.
1SKILL.mdUpdated Apr 17, 2026
nhouseholder/using-ultraplan
tools
VerifiedTrustedCommunity
Suggest /ultraplan for complex planning tasks on Claude Code CLI (2.1.91+ only). Research preview.
1SKILL.mdUpdated Apr 17, 2026
nhouseholder/ui-ux-pro-max
tools
VerifiedTrustedCommunity
UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 9 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind, shadcn/ui). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient. Integrations: shadcn/ui MCP for component search and examples.
1SKILL.mdUpdated Apr 17, 2026