qte77/auditing-readme
plugins/readme-generator/skills/auditing-readme/SKILL.md
Audit README.md files against best practices for repos, accounts, or orgs. Detects missing sections, stale links, inconsistent formatting, and convention violations. Use when reviewing README quality across one or many repos.
$ install --global
skillsauthnpx skillsauth add qte77/claude-code-utils auditing-readmeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 12, 2026, 4:32 AM97.2s1 file scanned
SKILL.md
- name:
- auditing-readme
- description:
- Audit README.md files against best practices for repos, accounts, or orgs. Detects missing sections, stale links, inconsistent formatting, and convention violations. Use when reviewing README quality across one or many repos.
- compatibility:
- Designed for Claude Code
- argument-hint:
- <scope> [target-or-glob]
- allowed-tools:
- Read, Grep, Glob, Bash, WebFetch, Agent
Audit README
Scope: $ARGUMENTS
Audit README.md files against scope-specific best practices and report findings.
Phase 1: Detect Scope and Targets
Parse $ARGUMENTS:
repo— audit README.md in the current directoryrepo <owner/repo>— audit a specific remote repo's READMErepos <owner/pattern>— batch audit multiple repos (e.g.,repos qte77/gha-*)account <username>— audit a GitHub user profile READMEorg <orgname>— audit an organization profile README
Workflow Mode (batch repos scope)
When scope is repos with more than ~3 targets and the Workflow tool is available,
fan the audit out in parallel instead of looping turn-by-turn:
-
Resolve the glob to a concrete list:
gh repo list <owner> --json nameWithOwner, filtered by pattern. -
Drive the bundled workflow (its instruction to call Workflow is the opt-in — no
ultracodeneeded):Workflow({ scriptPath: "${CLAUDE_PLUGIN_ROOT}/workflows/audit-repos.js", args: { repos: ["owner/a", "owner/b"], skillPath: "${CLAUDE_PLUGIN_ROOT}/skills/auditing-readme/SKILL.md" } })argsis delivered to the script as a JSON string (the script parses it). Alternatively pass{ owner, pattern, skillPath }and let the workflow's Discover phase resolve the list. -
Render the returned
perRepofindings andconsistencyobservations with the Phase 4 format.
Fall back to the inline Phases 2–4 (one repo at a time) when the Workflow tool is unavailable. The workflow's agents are read-only, so the only permission to pre-grant is the Workflow tool.
Phase 2: Fetch READMEs
- Local repos: read README.md directly
- Remote repos:
gh api repos/<owner>/<repo>/contents/README.md --jq '.content' | base64 -d - Account profiles:
gh api repos/<user>/<user>/contents/README.md --jq '.content' | base64 -d - Org profiles: try
profile/README.mdfirst, fall back to rootREADME.mdin.githubrepo
Phase 3: Run Checklist
Base Repo Checklist
| # | Check | Level | Pass Condition |
|---|-------|-------|----------------|
| R1 | Title | required | H1 heading exists, matches repo name |
| R2 | Description | required | Non-empty text within 3 lines of H1 |
| R3 | Version badge | recommended | ![Version] badge present |
| R3b | Standard badge set | recommended | For GHA repos: version, license, CI status, CodeFactor, CodeQL, Dependabot, ruff/pytest or BATS (applicable subset) |
| R4 | Install/Usage | required | Section with heading containing "install", "usage", "quick start", or "getting started" |
| R5 | License | required | Section containing "license" with link to LICENSE (not LICENSE.md) |
| R6 | Internal links valid | required | All [text](relative-path) links resolve to existing files |
| R7 | LICENSE file name | required | License file must be named LICENSE (not LICENSE.md) |
GHA Extension (if action.yml/action.yaml exists)
| # | Check | Level | Pass Condition |
|---|-------|-------|----------------|
| G1 | Inputs table | required | Markdown table under heading containing "input" |
| G2 | Outputs table | required | Markdown table or "no outputs" statement |
| G3 | Usage YAML | required | Fenced yaml block with uses: |
| G4 | What it does | required | Section with numbered steps |
| G5 | Input column order | recommended | Name, Required, Default, Description |
Account Profile Checklist
| # | Check | Level | Pass Condition | |---|-------|-------|----------------| | A1 | Tagline | required | Non-empty text within 5 lines of first heading | | A2 | Current focus | recommended | Section describing current work | | A3 | Featured projects | recommended | 3+ repository links with descriptions | | A4 | Not stale | required | Updated within 6 months | | A5 | Scannability | recommended | Under 500 words |
Organization Profile Checklist
| # | Check | Level | Pass Condition |
|---|-------|-------|----------------|
| O1 | File location | required | README at .github/profile/README.md |
| O2 | Mission | required | Single-sentence purpose within 3 lines of H1 |
| O3 | Activities | required | Description of what the org does |
| O4 | Projects | recommended | Links to key repos, grouped by domain |
| O5 | CTA | required | "Get involved" section with actionable links |
| O6 | Length | recommended | 150-400 words |
Phase 4: Report
Output a findings table per target:
## <repo-name>
| # | Check | Level | Status | Notes |
|---|-------|-------|--------|-------|
Summary: X/Y required pass, Z/W recommended pass.
Batch Summary
| Repo | Required | Recommended | Top Issue |
|------|----------|-------------|-----------|
Consistency Checks (batch only)
- Input table column order consistent?
- Badge style/placement consistent?
- Section naming consistent?
- License format consistent (
LICENSEnotLICENSE.md)?
Rules
- Never modify files during an audit — read-only
- Report facts, not opinions
- License file MUST be
LICENSE(notLICENSE.md) — flag as FAIL if.mdvariant used
Related Skills
qte77/researching-website-design
development
VerifiedTrustedCommunity
Analyzes industry websites for design patterns, layout, typography, and content strategies using first-principles thinking. Use when researching website design, UI patterns, or competitive design analysis.
1SKILL.mdUpdated Apr 19, 2026
qte77/auditing-website-usability
development
VerifiedTrustedCommunity
Audits website usability for UX optimization, covering forms, navigation, validation, and microcopy. Use when reviewing user experience, task completion flows, or interface friction points.
1SKILL.mdUpdated Apr 19, 2026
qte77/auditing-website-accessibility
development
VerifiedTrustedCommunity
Audits website accessibility for WCAG 2.1 AA compliance, generating findings and code fixes. Use when reviewing accessibility, keyboard navigation, screen reader compatibility, or inclusive design.
1SKILL.mdUpdated Apr 19, 2026
qte77/testing-typescript
development
VerifiedTrustedCommunity
Writes tests following TDD (using vitest and @testing-library/react) best practices. Use when writing unit tests, integration tests, or component tests in TypeScript.
1SKILL.mdUpdated Apr 19, 2026