deep-analysis

Comprehensive analytical templates for thorough investigation, audits, and evaluations leveraging extended thinking capabilities.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "deep-analysis" with this command: npx skills add lobbi-docs/claude/lobbi-docs-claude-deep-analysis

Deep Analysis Skill

Comprehensive analytical templates for thorough investigation, audits, and evaluations leveraging extended thinking capabilities.

When to Use

  • Code audits requiring systematic review

  • Security assessments and threat modeling

  • Performance analysis and optimization planning

  • Architecture reviews and technical debt assessment

  • Incident post-mortems and root cause analysis

  • Compliance audits and risk assessments

Analysis Templates

Code Audit Template

Code Audit Report

Repository: [repo-name] Scope: [files/modules audited] Date: [YYYY-MM-DD] Auditor: Claude + [Human reviewer]

Executive Summary

[2-3 sentence overview of findings]

Audit Criteria

  • Code quality and maintainability
  • Security vulnerabilities
  • Performance concerns
  • Test coverage
  • Documentation completeness
  • Dependency health

Critical Findings

IDSeverityLocationIssueRecommendation
C1Criticalfile:line[Issue][Fix]
C2Criticalfile:line[Issue][Fix]

High Priority Findings

IDSeverityLocationIssueRecommendation
H1Highfile:line[Issue][Fix]

Medium Priority Findings

[...]

Low Priority / Suggestions

[...]

Metrics

MetricValueTargetStatus
Test Coverage75%80%⚠️
Cyclomatic Complexity12<10⚠️
Technical Debt4.2d<3d
Security Score8/109/10⚠️

Recommendations

  1. Immediate: [Critical fixes]
  2. Short-term: [Within sprint]
  3. Long-term: [Tech debt reduction]

Sign-off

  • All critical issues addressed
  • High priority issues have timeline
  • Audit findings documented in backlog

Security Threat Model Template

Threat Model: [System/Component Name]

Version: [1.0] Last Updated: [YYYY-MM-DD] Classification: [Internal/Confidential]

System Overview

[Brief description of the system being modeled]

Assets

AssetDescriptionSensitivityOwner
User DataPII, credentialsCriticalAuth Team
API KeysService credentialsHighDevOps
Business DataTransactionsHighProduct

Trust Boundaries

┌─────────────────────────────────────────┐ │ External (Untrusted) │ │ [Internet Users] [Third-party APIs] │ └──────────────────┬──────────────────────┘ │ WAF/Load Balancer ┌──────────────────┴──────────────────────┐ │ DMZ (Semi-trusted) │ │ [API Gateway] [CDN] [Public Services] │ └──────────────────┬──────────────────────┘ │ Internal Firewall ┌──────────────────┴──────────────────────┐ │ Internal (Trusted) │ │ [App Servers] [Databases] [Queues] │ └─────────────────────────────────────────┘

Threat Categories (STRIDE)

Spoofing

ThreatLikelihoodImpactMitigation
Credential theftMediumHighMFA, rate limiting
Session hijackingLowHighSecure cookies, HTTPS

Tampering

ThreatLikelihoodImpactMitigation
SQL injectionMediumCriticalParameterized queries
Data modificationLowHighIntegrity checks

Repudiation

[...]

Information Disclosure

[...]

Denial of Service

[...]

Elevation of Privilege

[...]

Attack Vectors

  1. Vector 1: [Description]
    • Entry point: [Where]
    • Technique: [How]
    • Mitigation: [Defense]

Risk Matrix

ThreatLikelihoodImpactRisk ScorePriority
T1HighCritical9P1
T2MediumHigh6P2
T3LowMedium3P3

Security Controls

ControlTypeStatusCoverage
WAFPreventive✅ ActiveExternal
SASTDetective✅ CI/CDCode
DASTDetective⚠️ PartialRuntime
EncryptionPreventive✅ ActiveData

Recommendations

  1. [Priority 1 recommendations]
  2. [Priority 2 recommendations]
  3. [Priority 3 recommendations]

Performance Analysis Template

Performance Analysis Report

System: [System name] Period: [Date range] Environment: [Production/Staging]

Executive Summary

[Key findings and recommendations]

Performance Metrics

Response Times

EndpointP50P95P99TargetStatus
/api/users45ms120ms350ms<200ms
/api/search230ms890ms2.1s<500ms
/api/reports1.2s3.4s8.2s<2s

Throughput

ServiceCurrent RPSPeak RPSCapacityUtilization
API1,2002,4005,00048%
Worker5008001,00080%

Resource Utilization

ResourceAveragePeakThresholdStatus
CPU45%78%80%⚠️
Memory62%85%85%⚠️
Disk I/O30%55%70%
Network25%40%60%

Bottleneck Analysis

Identified Bottlenecks

  1. Database Queries (High Impact)

    • Location: /api/search endpoint
    • Cause: Missing index on created_at column
    • Impact: 890ms P95 latency
    • Fix: Add composite index

  2. Memory Pressure (Medium Impact)

    • Location: Report generation service
    • Cause: Large dataset loading into memory
    • Impact: GC pauses, OOM risks
    • Fix: Implement streaming/pagination

Load Test Results

ScenarioUsersDurationErrorsAvg Response
Baseline10010min0%120ms
Normal50030min0.1%180ms
Peak100015min2.3%450ms
Stress20005min15%2.1s

Optimization Recommendations

Quick Wins (This Sprint)

  1. Add database indexes - Expected: 40% improvement
  2. Enable query caching - Expected: 25% improvement
  3. Optimize N+1 queries - Expected: 30% improvement

Medium Term (Next Quarter)

  1. Implement read replicas
  2. Add CDN for static assets
  3. Optimize serialization

Long Term (6+ Months)

  1. Service decomposition
  2. Event-driven architecture
  3. Edge computing deployment

Capacity Planning

TimeframeExpected LoadCurrent CapacityGapAction
3 months+25%5,000 RPSMonitor
6 months+50%5,000 RPS⚠️Scale
12 months+100%5,000 RPSRedesign

Architecture Review Template

Architecture Review

System: [System name] Version: [Current architecture version] Review Date: [YYYY-MM-DD] Participants: [Team members]

Current Architecture

System Diagram

[Include architecture diagram or ASCII representation]

Components

ComponentPurposeTechnologyOwner
API GatewayRequest routingKongPlatform
Auth ServiceAuthenticationKeycloakSecurity
Core APIBusiness logicPython/FastAPIBackend
DatabaseData persistencePostgreSQLData

Data Flow

  1. User request → API Gateway
  2. API Gateway → Auth validation
  3. Auth → Core API
  4. Core API → Database
  5. Response → User

Evaluation Criteria

Scalability

AspectCurrentTargetGapScore
Horizontal scalingManualAutoYes6/10
Database scalingSingleShardedYes5/10
CachingRedisDistributedNo8/10

Reliability

AspectCurrentTargetGapScore
Availability99.5%99.9%Yes7/10
Disaster recoveryManualAutoYes5/10
Data backupDailyReal-timeYes6/10

Maintainability

AspectCurrentTargetGapScore
Code modularityMediumHighYes6/10
DocumentationPartialCompleteYes5/10
Test coverage70%85%Yes7/10

Technical Debt Assessment

ItemImpactEffortPriorityAge
Legacy auth systemHighHighP12y
Monolithic APIMediumHighP21.5y
Missing monitoringMediumLowP11y

Recommendations

Immediate (0-3 months)

  1. [Recommendation 1]
  2. [Recommendation 2]

Short-term (3-6 months)

  1. [Recommendation 1]
  2. [Recommendation 2]

Long-term (6-12 months)

  1. [Recommendation 1]
  2. [Recommendation 2]

Decision Log

DecisionRationaleAlternatives ConsideredDate
[Decision 1][Why][Options][Date]

Integration with Extended Thinking

For deep analysis tasks, use maximum thinking budget:

response = client.messages.create( model="claude-opus-4-5-20250514", max_tokens=32000, thinking={ "type": "enabled", "budget_tokens": 25000 # Maximum budget for deep analysis }, system="""You are a senior technical analyst performing a comprehensive review. Use structured analysis templates and document all findings systematically.""", messages=[{ "role": "user", "content": "Perform a security threat model for..." }] )

Best Practices

  • Use appropriate templates: Match template to analysis type

  • Be systematic: Follow the template structure completely

  • Quantify findings: Use metrics and severity ratings

  • Prioritize actionable: Focus on findings that can be fixed

  • Document evidence: Link to specific code/logs/data

  • Track progress: Update findings as they're addressed

See Also

  • [[extended-thinking]] - Enable deep reasoning capabilities

  • [[complex-reasoning]] - Reasoning frameworks

  • [[testing]] - Validation strategies

  • [[debugging]] - Issue investigation

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

k8s-image-audit

No summary provided by upstream source.

Repository SourceNeeds Review
-5
lobbi-docs
General

vision-multimodal

No summary provided by upstream source.

Repository SourceNeeds Review
-68
lobbi-docs
General

design-system

No summary provided by upstream source.

Repository SourceNeeds Review
-58
lobbi-docs