AgentSkillsCN

auditing

依据pyproject.toml的最佳实践,对Python项目进行审计,涵盖设置管理、pre-commit钩子以及项目结构等方面。

SKILL.md
--- frontmatter
name: auditing
description: Audit Python project against best practices for pyproject.toml, settings management, pre-commit hooks, and project structure.
allowed-tools:
  - Read
  - Glob
  - Grep
  - AskUserQuestion

Audit Python Project

Analyze a Python project against best practices and generate a structured report.

Checks

Configuration (pyproject.toml)

CheckPass Criteria
pyproject.toml existsFile present at project root
ruff configured[tool.ruff] section with line-length and select rules
Rule coverageAt minimum: F, E, W, I, N, S, B, C4, UP, RUF selected
pytest configured[tool.pytest.ini_options] with testpaths
mypy configured[tool.mypy] section present
coverage configured[tool.coverage.run] with source and omit
Dev deps present[dependency-groups] dev includes pytest, ruff, mypy, pre-commit
Google docstrings[tool.ruff.lint.pydocstyle] convention = "google"

Settings Management

CheckPass Criteria
No os.getenv() in app codeGrep for os.getenv outside tests/ and scripts/
No hardcoded secretsGrep for password=, secret=, api_key= with literal string values
Pydantic Settings usedconfig/settings.py or settings.py with BaseSettings
YAML support configuredyaml_file in SettingsConfigDict
example.env.yaml existsTemplate committed for local dev
gitignore updated*.env.yaml ignored, example.env.yaml excluded from ignore

Pre-commit Hooks

CheckPass Criteria
.pre-commit-config.yaml existsFile present
gitleaks hook presentSecrets detection enabled
pip-audit hook presentDependency vulnerability scanning
ruff hooks presentBoth ruff (lint) and ruff-format hooks
No redundant toolsNo black, isort, flake8, bandit alongside ruff
Branch protectionno-commit-to-branch for main/develop

Project Structure

CheckPass Criteria
tests/ directory existsTest directory present
conftest.py existsShared fixtures file in tests/
init.py files presentPackage directories have init.py
src/ or flat layout consistentNot mixing both patterns

Workflow

1. Scan Project

text
Glob: pyproject.toml, config/settings.py, **/settings.py, .pre-commit-config.yaml,
      tests/, tests/conftest.py, **/__init__.py, src/

2. Run Checks

For each category, evaluate pass/fail and collect details.

3. Search for Anti-patterns

text
Grep: os.getenv, os.environ.get (in *.py excluding tests/)
Grep: password\s*=\s*["'], secret\s*=\s*["'], api_key\s*=\s*["'] (in *.py)

4. Generate Report

Use the audit-report.md template. Fill in:

  • Each check with ✓ (pass), ✗ (fail), or △ (partial/uncertain)
  • Findings grouped by category
  • Recommendations sorted by priority (high/medium/low)

5. Ask About Fixes

After presenting the report, ask via AskUserQuestion:

  • "Fix all issues" - Invoke relevant pysmith skills to fix
  • "Fix critical only" - Only fix high-priority items
  • "Report only" - No changes, just the audit report

Report Output

Write to docs/audits/python-audit-{date}.md or display inline if docs/ doesn't exist.

Priority Classification

PriorityCriteria
HighSecurity issues, missing secrets detection, hardcoded credentials
MediumMissing tool configs, incomplete rule coverage, no branch protection
LowStructure improvements, missing conftest.py, documentation gaps