cyberneticlibrary
← library

Audit plugin pipeline

plugin-auditcommandsetup L317,464
alirezarezvani/claude-skills
What it does

Audit skills across discovery, structure, quality, security, and marketplace compliance

Best for

Comprehensive 8-phase audit ensuring skill meets structure, quality, security, marketplace, and domain-specific review standards.

Inputs
  • · Skill directory path with SKILL.md
  • · Optional scripts/*.py, references/*.md, agents/*.md files
Outputs
  • · 8-phase audit report with PASS/FAIL verdict
  • · Auto-fixed non-critical issues
  • · Summary table: Phase results, auto-fixes count, warnings, action items
Requires
  • · skill_validator.py --json
  • · quality_scorer.py --detailed --json
  • · script_tester.py --verbose --json
  • · skill_security_auditor.py --strict --json
  • · sync-codex-skills.py, sync-gemini-skills.py
  • · Domain-specific code review agents (cs-senior-engineer, cs-product-manager, etc.)
Preconditions
  • · Skill directory exists with SKILL.md and valid frontmatter
  • · Python 3 with skill-tester, skill-security-auditor modules
  • · Marketplace sync scripts available
  • · Domain mapping in Phase 8 for correct review agent selection
  • · External dependencies declared for user approval in Phase 4
Failure modes
  • · Structure validation < 75 after auto-fix still continues (quality degraded)
  • · Security audit CRITICAL/HIGH findings not auto-fixed, require user action
  • · Script external imports auto-approved instead of asking (hidden bloat)
  • · plugin.json version mismatch auto-fixed without user awareness
  • · Ecosystem sync (Phase 7) missing if indices don't exist (orphaned skill)
  • · Domain code review applied incorrectly if domain path not matched (wrong criteria)
  • · Marketplace compliance skipped if .claude-plugin/plugin.json not found (unpublishable)
Trust signals
  • · Sequential phase execution enforces completeness (all 8 phases)
  • · Discovery phase maps domain to correct review agent in Phase 8
  • · Auto-fix applied only to non-critical issues (security, breaking changes require user approval)
  • · Structure validation re-run after fixes to confirm improvement
  • · Quality scoring detailed output for roadmap planning
  • · Script testing with explicit dependency user-approval gate
  • · Security audit zero-tolerance for CRITICAL/HIGH (manual review required)
  • · Marketplace plugin.json, settings.json, command file validation cross-checks
  • · Ecosystem sync for Codex and Gemini indices
  • · Cross-skill dependency resolution and broken-link detection
  • · Final verdict summary table with counts (auto-fixes, warnings, action items)