paulnsorensen/read-mode-probe
cursor/plugins/local/cheese-grok/skills/read-mode-probe/SKILL.md
Use when the user wants to interrogate an unfamiliar codebase with structured probes rather than a summary — invariants, data flow, error paths, hot paths, security surface. Triggers on "probe this", "what are the invariants here", "where does X flow", "find the risk in this code", "trace error paths", "what's on the hot path", "security audit this file/module", "what could go wrong here". Returns numbered findings with confidence + citations, never edits.
$ install --global
skillsauthnpx skillsauth add paulnsorensen/dotfiles read-mode-probeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 23, 2026, 7:13 AM113.5s1 file scanned
SKILL.md
- name:
- read-mode-probe
- description:
- Use when the user wants to interrogate an unfamiliar codebase with structured probes rather than a summary — invariants, data flow, error paths, hot paths, security surface. Triggers on "probe this", "what are the invariants here", "where does X flow", "find the risk in this code", "trace error paths", "what's on the hot path", "security audit this file/module", "what could go wrong here". Returns numbered findings with confidence + citations, never edits.
- allowed-tools:
- read_file, codebase_search, find_symbol, mcp__serena__find_symbol, mcp__serena__find_referencing_symbols, mcp__serena__get_symbols_overview, mcp__serena__search_for_pattern, mcp__tilth__tilth_search, mcp__tilth__tilth_read, mcp__tilth__tilth_grok, mcp__code-review-graph__*
- version:
- 0.1.0
- author:
- paulnsorensen
- last-updated:
- 2026-05-22
read-mode-probe — Five probes, one stance
Reader-first. No edits. Pick the probe closest to the user's question;
if ambiguous, ask. Output is a numbered list of findings tagged with
confidence (high / med / low) and a file:line citation, followed by
a "next probes I would run" closer.
The five probes
1. Invariant probe
List the things that must always be true in this code, and cite where they're enforced. Catalog what would happen if each invariant were violated (silent corruption? hard panic? rejected request?).
Tool order:
mcp__serena__find_symbolfor the central type/function.mcp__tilth__tilth_grokto pull its callers + tests in one shot.mcp__serena__find_referencing_symbolsto find every check site.
2. Data-flow probe
Trace a value — a user-id, a request body, an env var, a feature flag — from its entry point to its persistence or external use. Name every file:line where the value is read, transformed, or written.
Tool order:
mcp__tilth__tilth_search(kind=content) for the literal name.mcp__serena__find_referencing_symbolson each definition site.mcp__code-review-graph__get_affected_flows_toolfor the downstream graph.
3. Error-path probe
For a given function or module, enumerate every throw, return Err,
panic, reject, or unhandled rejection. For each: where it can be
triggered, who catches it (if anyone), and whether it's recoverable
or terminal.
Tool order:
mcp__tilth__tilth_grok(target=<function>)for body + callers.mcp__tilth__tilth_search(query="catch,try,Result,Err,panic,throw,reject")to find the surrounding error machinery.
4. Hot-path probe
Find loops, N+1 queries, sync I/O on request paths, and unbounded allocations. Sort findings by likely impact — flag the worst offender first.
Tool order:
mcp__code-review-graph__get_hub_nodes_toolfor high-fan-in functions.mcp__code-review-graph__find_large_functions_toolfor >150-LOC bodies.mcp__tilth__tilth_search(query="forEach,for.*await,await.*for,for.*\\.length")for common loop antipatterns.
5. Security probe
Audit input validation, authz checks, secret handling, deserialization sinks, SQL/shell injection vectors, SSRF, prototype pollution.
Tool order:
mcp__tilth__tilth_search(query="JSON.parse,eval,exec,Function,vm,child_process,spawn")for deserialization + exec sinks.mcp__tilth__tilth_search(query="req.body,req.params,req.query,process.argv")for untrusted-input entry points.mcp__serena__find_referencing_symbolsto walk from each input to where it's used.
Output template
## Findings (<probe-name> probe on <target>)
1. [high] <finding> — `path/to/file.ts:42`
<one-sentence why this matters>
2. [med] <finding> — `path/to/file.ts:88`
<one-sentence why this matters>
...
## Next probes I would run
- <name>: <one-sentence reason>
- <name>: <one-sentence reason>
Hard rules
- Every finding has a file:line citation. No "looks like" or "appears to" — quote the line if needed.
- Confidence tags are mandatory.
high= verified by reading the exact code.med= pattern-matched but not fully traced.low= suspicious, worth checking but not confirmed. - No edits, no refactor suggestions. If the user asks "how should we fix this?", reply: "Switch out of read-mode-probe. Want me to propose a fix?" — and wait.
- Reader-first verbs only.
read_file,codebase_search,find_symbol,mcp__serena__*,mcp__tilth__*(notilth_edit),mcp__code-review-graph__*. Noedit_file, norun_terminal_cmdexceptgit log|status|diff|show,ls,wc.
Related Skills
paulnsorensen/work-recovery
tools
VerifiedTrustedCommunity
Reconstruct what a past coding-agent session was doing so you can resume it — goal, files touched, last verified state, and the next step — by querying the session logs. Use when the user says "what was I working on", "recover that session", "reconstruct where I left off", "resume my last session", "what did that session change", "rebuild context from logs", or invokes /work-recovery. Report-only — it never scores or judges. Do NOT use for usage scoring (that is /skill-improver, /tool-efficiency, /prompt-analytics) or one-off interactive log queries (that is /session-analytics).
2SKILL.mdUpdated Jun 3, 2026
paulnsorensen/wiki-curator
development
VerifiedTrustedCommunity
Curate this repo's hallouminate wiki (.hallouminate/wiki/, the repo:dotfiles:wiki corpus) — add or update architecture pages, per-harness docs, and gotchas. Use when the user says "update the wiki", "document this in the wiki", "refresh the harness docs", "add a wiki page", "curate the wiki", "the wiki is stale", or invokes /wiki-curator. Also use at session end to write back a non-obvious decision or gotcha worth preserving. Grounds the existing wiki first, follows one-topic-per-file conventions, verifies every external doc URL before writing, and reindexes. Do NOT use for general code search (that is cheez-search) or for editing AGENTS.md command reference.
2SKILL.mdUpdated Jun 3, 2026
paulnsorensen/tool-efficiency
tools
VerifiedTrustedCommunity
Audit how a tool, command, or MCP server is actually used across coding-agent sessions and produce calibrated recommendations — tool-vs-task fit, error forensics, fix recommendations, permission friction, MCP health, and token economics. Use when the user says "tool efficiency", "am I using X efficiently", "audit tool usage", "why does X keep failing", "how do I fix this error", "what should I change", "permission friction", "is this MCP worth it", "tool error rate", "fix recommendations", or invokes /tool-efficiency. Do NOT use for auditing a skill or agent definition (that is /skill-improver) or for one-off interactive log queries (that is /session-analytics).
2SKILL.mdUpdated Jun 3, 2026
paulnsorensen/prompt-analytics
tools
VerifiedTrustedCommunity
Analyze how prompts and skill routing behave across coding-agent sessions and produce calibrated recommendations — prompt-pattern analysis, routing accuracy, and knowledge gaps. Use when the user says "analyze my prompts", "prompt patterns", "is routing working", "which skill should have fired", "knowledge gaps", "what do I keep asking", or invokes /prompt-analytics. Do NOT use for auditing a single skill/agent definition (that is /skill-improver), tool/MCP efficiency (that is /tool-efficiency), or one-off interactive log queries (that is /session-analytics).
2SKILL.mdUpdated Jun 3, 2026