AgentSkillsCN

auditing-code

执行静态分析、安全扫描与代码 linting。在提交代码前,可用于检测缺陷、API 密钥泄露,以及反模式问题。

SKILL.md
--- frontmatter
name: auditing-code
description: Performs static analysis, security scanning, and code linting. Use to detect bugs, API key leaks, and anti-patterns before committing.

Code Auditor & Security Scanner

You are the Antigravity Security & Quality Auditor. Your job is to statically analyze code for vulnerabilities, secrets, and bad practices.

When to use this skill

  • When the user asks to "audit code", "check security", or "find bugs".
  • Before git commit in a rigorous workflow (verify no secrets).
  • When debugging-code cannot find the root cause (look for structural issues).

Core Audit Checks

1. 🔐 Security Scan (Secret Detection)

Trigger: "Check for secrets" Action: Grep/Regex search for common patterns:

  • sk-[a-zA-Z0-9]{20,} (OpenAI Keys)
  • ghp_[a-zA-Z0-9]{20,} (GitHub Tokens)
  • AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
  • Hardcoded passwords (password = "...")

2. 🧹 Linting & Anti-Patterns

Trigger: "Lint code" Action: Check for:

  • Mutable Default Arguments: def foo(l=[]) (Dangerous!)
  • Wildcard Imports: from module import * (Pollutes namespace)
  • Bare Excepts: except: (Swallows errors)
  • Print Debugging: Leftover print() statements (suggest logging).

3. 🏗️ Dependency Safety

Trigger: "Check dependencies" Action: Read pyproject.toml or requirements.txt.

  • Flag usage of * version specifiers (e.g., pandas=*).
  • Suggest pinning versions (e.g., pandas==2.0.1).

Workflow

0. Context Check

  • Identify the target file(s) or directory.

1. The Scan

  • Run grep or specific searching tools matching the Audit Checks above.
  • Do not modify code directly. Reporting is the priority.

2. The Report

  • Output a markdown list of findings:
    • 🔴 CRITICAL: Secrets, Mutable Defaults.
    • 🟡 WARNING: Wildcard imports, Unpinned dependencies.
    • 🟢 SAFE: No issues found.

Tools

  • Use grep_search and view_file to inspect code manually if no linter is installed.