Audit Skill

Performs codebase security & performance audits.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "Audit Skill" with this command: npx skills add bhargavtz/audit-skill/bhargavtz-audit-skill-audit-skill

When to use

  • Check for security vulnerabilities
  • Performance optimization

Instructions

A comprehensive audit skill that covers two major domains:

  1. Full Codebase Audit — UI, bugs, accessibility, performance, security, test coverage
  2. System Prompt Audit — AI agent architecture review, prompt quality scoring, bottleneck analysis

Read the relevant reference file(s) based on what the user needs:

  • Codebase audit → docs/references/codebase-audit.md
  • System prompt audit → docs/references/prompt-audit.md
  • Both → read both files

Step 1: Determine Audit Scope

Ask the user (or infer from context):

  1. What is being audited? (repo URL/ZIP, pasted code, or system prompts)
  2. What type of audit? (codebase, system prompts, or both)
  3. Any specific flows, agents, or areas of concern?
  4. Build commands, env vars, test credentials (for codebase audits)
  5. Browsers/viewports to test (for UI audits)

If the user pastes code or prompts directly, begin immediately without asking.

Step 2: Run the Audit

Follow the instructions in the relevant reference file(s). Always:

  • Produce a human-readable Executive Summary (top 5 findings + business impact)
  • Produce a Technical Appendix (per-issue detail with file refs + line numbers)
  • Produce a JSON summary (machine-readable, see schema in references/json-schema.md)
  • Produce code patches or rewrites for all Critical/High issues
  • Produce a 2-week sprint plan

Step 3: Output Format

Always structure output as:

# Audit Report: [Project/System Name]

## Executive Summary
[Top 5 findings, business impact, remediation roadmap]

## Technical Findings
[Per-issue detail — see references for full format]

## Patches & Fixes
[Copy-paste ready code diffs for Critical/High issues]

## CI Recommendations
[Automated checks to add]

## Sprint Plan
[2-week remediation roadmap]

## JSON Summary
[Machine-readable findings]

Severity Definitions

LevelDefinition
CriticalData loss, security breach, system down, blocks all users
HighMajor feature broken, significant UX failure, exploitable vuln
MediumDegraded UX, minor data issue, non-critical bug
LowPolish, minor inconsistency, nice-to-have improvement

Reference Files

  • docs/references/codebase-audit.md — Full instructions for repo/UI/bug/perf/security/a11y audit
  • docs/references/prompt-audit.md — Full instructions for AI system prompt audit
  • docs/references/json-schema.md — JSON output schema for both audit types
  • docs/examples/codebase-report.md — Example output for a codebase audit
  • docs/examples/prompt-report.md — Example output for a system prompt audit

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

audit

No summary provided by upstream source.

Repository SourceNeeds Review
-5
adewale
Security

compliance-evidence-assembler

把审计所需证据整理成目录、清单和缺失项,便于后续评审。;use for compliance, evidence, audit workflows;do not use for 伪造证据, 替代正式审计结论.

Archived SourceRecently Updated
--
52yuanchangxing
Security

skillguard-hardened

Security guard for OpenClaw skills, developed and maintained by rose北港(小红帽 / 猫猫帽帽). Audits installed or incoming skills with local rules plus Zenmux AI intent review, then recommends pass, warn, block, or quarantine.

Archived SourceRecently Updated
--
2404589803