╔══════════════════════════════════════════════════════════════╗
║ CODEBASE HEALTH REPORT ║
╠══════════════════════════════════════════════════════════════╣
║ Project: my-awesome-app Lines: 12,847 ║
║ Language: TypeScript Files: 247 ║
╠══════════════════════════════════════════════════════════════╣
║ ║
║ OVERALL HEALTH: 72/100 ████████████░░░░ GOOD ║
║ ║
║ Architecture 78/100 ████████████░░░ GOOD ║
║ Security 45/100 ██████░░░░░░░░░░ NEEDS WORK ║
║ Performance 82/100 █████████████░░░ GOOD ║
║ Maintainability 65/100 █████████░░░░░░░ MODERATE ║
║ Testing 55/100 ████████░░░░░░░░ MODERATE ║
║ Documentation 90/100 ████████████████ EXCELLENT ║
║ Dependencies 70/100 ███████████░░░░░ GOOD ║
║ Code Quality 85/100 █████████████░░░ GOOD ║
║ ║
║ 🔴 Critical: 2 🟠 High: 5 🟡 Medium: 12 🟢 Low: 23 ║
╚══════════════════════════════════════════════════════════════╝
Linters find syntax errors. This skill finds architectural rot, security holes, performance traps, and tech debt — the stuff that kills projects slowly.
Code health isn't just "no lint errors." It's: Can a new developer understand this code? Are we one dependency update from a security breach? Will this architecture survive the next feature request?
✓ No syntax errors
✓ All imports resolved
✓ Prettier formatted
→ "Looks good!" 🤷
🔴 CRITICAL: Hardcoded Stripe key in config.ts:47
🔴 CRITICAL: SQL injection in users.ts:123
🟠 HIGH: N+1 query in orders.ts:89 (10x slower under load)
🟠 HIGH: 14 packages outdated, 3 with known CVEs
🟡 MEDIUM: God class UserService.ts (847 lines, 23 methods)
🟡 MEDIUM: No tests for payment module (handles money!)
🟢 LOW: 47 TODOs across codebase, oldest from 2022
# Via ClawHub
clawhub install skill-code-audit
# Or clone directly
git clone https://github.com/aptratcn/skill-code-audit.gitJust tell your AI agent:
"audit this codebase"
"health check my project"
"find tech debt in src/"
🔍 Scanning project...
📁 Detected: Node.js / TypeScript
📊 247 source files, 45 test files, 12,847 LOC
Quick questions before I dive deep:
1. Production app or internal tool?
2. Any specific concerns?
3. Timeline for fixes?
> Production app, security is top priority, sprint next week
Got it. Security-first with sprint-ready action items.
🚨 Found 2 critical security issues:
• Hardcoded API key in config.ts:47
• SQL injection in users.ts:123
⚡ Top performance bottleneck:
• N+1 query in orders.ts — 10x overhead under load
📊 Full scorecard generated. Overall: 72/100
Security needs immediate attention: 45/100
Sprint-ready fixes (estimated 5h total):
1. Move secrets to env vars (2h) — blocks deployment
2. Parameterize SQL queries (1h) — data breach risk
3. Batch order queries (1.5h) — 10x perf improvement
4. Update vulnerable packages (0.5h) — 3 CVEs patched
Create fix branch? → Yes → PR ready with all 4 fixes
| # | Dimension | Weight | What It Measures |
|---|---|---|---|
| 1 | Architecture | 15% | Pattern detection (MVC, microservices, monolith), coupling, cohesion, dependency direction |
| 2 | Security | 20% | Hardcoded secrets, SQL injection, XSS, auth gaps, known CVEs |
| 3 | Performance | 12% | N+1 queries, memory leaks, missing indexes, blocking calls |
| 4 | Maintainability | 15% | Complexity metrics, dead code, TODO density, god classes |
| 5 | Testing | 12% | Coverage gaps, test quality, missing critical tests |
| 6 | Documentation | 8% | README quality, API docs, inline comments, ADRs |
| 7 | Dependencies | 10% | Outdated packages, license conflicts, supply chain risks |
| 8 | Code Quality | 8% | Naming, style consistency, error handling, code smells |
Each dimension scores 0-100:
| Score | Rating | Meaning |
|---|---|---|
| 90-100 | 🟢 EXCELLENT | Production-ready, no concerns |
| 70-89 | 🟢 GOOD | Minor issues, low risk |
| 50-69 | 🟡 MODERATE | Noticeable debt, plan remediation |
| 30-49 | 🟠 NEEDS WORK | Significant issues, prioritize fixes |
| 0-29 | 🔴 CRITICAL | Urgent action required |
| Feature | Linters (ESLint, etc.) | Code Audit |
|---|---|---|
| Syntax errors | ✅ | ✅ |
| Style violations | ✅ | ✅ |
| Security vulnerabilities | ✅ Deep scan | |
| Architecture analysis | ❌ | ✅ Pattern detection |
| Performance issues | ❌ | ✅ N+1, memory, blocking |
| Tech debt quantification | ❌ | ✅ Scored & prioritized |
| Interactive Q&A | ❌ | ✅ Contextual follow-ups |
| Prioritized fix plan | ❌ | ✅ Impact-based ordering |
| CI integration | ✅ Detailed report |
Think of it this way: Linters are spell check. Code Audit is a full editorial review.
- Ask questions — The audit adapts to your project type and priorities
- Deep dive — Focus on specific dimensions or modules
- Sprint-ready fixes — Prioritized by impact, estimated by effort
- CI integration — Generate GitHub Actions workflow for ongoing audits
Works with any codebase. Special detection for:
- JavaScript/TypeScript — Node.js, React, Next.js, Vue, Express
- Python — Django, Flask, FastAPI
- Go — Standard layout, microservices
- Rust — Cargo projects
- Java — Spring Boot, Maven/Gradle
- Ruby — Rails, Sinatra
- PHP — Laravel, Symfony
MIT License — use it however you want.
Made for AI agents. By AI agents. 🤖