AgentSkillsCN

codebase-auditor

全面的代码库审计技能,可用于检测关键性缺陷、实现漏洞、安全风险以及代码质量问题。在以下场景中运用此技能:(1) 进行完整的代码库健康检查;(2) 审查代码是否存在安全漏洞;(3) 找出性能瓶颈;(4) 评估代码质量和可维护性;(5) 查找废弃代码或技术债务;(6) 评估测试覆盖率缺口;(7) 分析依赖关系问题;或 (8) 执行发布前的代码审计。本技能不局限于特定语言或框架,能够生成结构化的 Markdown 报告,并按严重程度对发现结果进行分类标注。

SKILL.md
--- frontmatter
name: codebase-auditor
description: |
  Comprehensive codebase audit skill for detecting critical bugs, implementation flaws, security vulnerabilities, and code quality issues. Use this skill when: (1) conducting a full codebase health check, (2) reviewing code for security vulnerabilities, (3) identifying performance bottlenecks, (4) assessing code quality and maintainability, (5) finding dead code or technical debt, (6) evaluating test coverage gaps, (7) analyzing dependency issues, or (8) performing pre-release audits. Language and framework agnostic. Produces structured Markdown reports with severity-classified findings.

Codebase Auditor

Conduct thorough codebase audits to identify critical issues across multiple dimensions.

Audit Workflow

Phase 1: Discovery

  1. Identify project type, languages, and frameworks used
  2. Locate configuration files, entry points, and core modules
  3. Map directory structure and understand architecture
  4. Identify existing testing and CI/CD setup

Phase 2: Systematic Investigation

Investigate each category using the checklists in references/. For each category:

  1. Read the relevant checklist from references/
  2. Search for patterns matching potential issues
  3. Examine suspicious code sections in detail
  4. Document findings with severity, location, and evidence

Investigation order (by typical impact):

  1. Security - See security-checklist.md
  2. Error Handling - See error-handling-checklist.md
  3. Concurrency - See concurrency-checklist.md
  4. Performance - See performance-checklist.md
  5. Code Quality - See code-quality-checklist.md
  6. Testing - See testing-checklist.md
  7. Dependencies - See dependencies-checklist.md
  8. Configuration - See configuration-checklist.md

Phase 3: Report Generation

Generate a Markdown report using the template in assets/report-template.md.

Severity Classification:

SeverityCriteria
CriticalImmediate security risk, data loss, or system failure
HighSignificant bugs, security issues, or major performance problems
MediumCode quality issues, potential bugs, or moderate performance impact
LowMinor improvements, style issues, or optimization opportunities

Output Guidelines

  • Include file paths with line numbers for all findings
  • Provide code snippets showing the issue
  • Suggest specific fixes where possible
  • Prioritize findings by severity
  • Group related issues together
  • Include statistics summary at end