Global Rank · of 601 Skills
code-audit-scripts AI Agent Skill
View Source: b-open-io/prompts
CriticalInstallation
npx skills add b-open-io/prompts --skill code-audit-scripts 8
Installs
Code Audit Scripts
Deterministic security and quality scans that output structured JSON. No LLM reasoning needed for the scanning — your job is to interpret results and recommend fixes.
Quick Start
Run everything at once:
bash <skill-path>/scripts/parallel-audit.sh /path/to/projectReturns a merged JSON report with all findings categorized by type and severity.
Individual Scans
Scan for Hardcoded Secrets
bash <skill-path>/scripts/scan-secrets.sh /path/to/projectDetects: API_KEY, SECRET, PASSWORD, PRIVATE_KEY, ACCESS_KEY, DATABASE_URL, JWT_SECRET, STRIPE_SK, and more. Filters out references to env vars (process.env, os.environ) to reduce false positives.
Scan for Debug Artifacts
bash <skill-path>/scripts/scan-debug.sh /path/to/project
# Include test files:
bash <skill-path>/scripts/scan-debug.sh /path/to/project --include-testsDetects: console.log/debug/warn, debugger statements (JS/TS), print/breakpoint (Python), fmt.Println (Go). Skips test files by default.
Scan for TODOs and FIXMEs
bash <skill-path>/scripts/scan-todos.sh /path/to/projectCategorizes by severity:
- High: FIXME, BUG, HACK, XXX — these need attention before shipping
- Low: TODO — tracked work items
Acting on Results
| Finding Type | What to Do |
|---|---|
| Secrets with real values | Immediately flag to user. Rotate the credential. Move to env var. |
| Secrets that are env var refs | False positive — ignore |
| Debug artifacts in src/ | Remove before shipping. List specific files and lines. |
| Debug artifacts in tests | Usually fine. Only flag if excessive. |
| FIXME/HACK/XXX | Flag as blockers for the current PR/deployment |
| TODO | Informational. Mention count but don't block on them. |
The parallel-audit.sh output includes a summary object with counts per category and high_priority count — use this for quick pass/fail decisions.
Installs
Security Audit
View Source
b-open-io/prompts
More from this source
EU-Hosted Inference API Power your AI Agents with
the best open-source models.
Drop-in OpenAI-compatible API. No data leaves Europe.
Explore Inference APIGLM
GLM 5
$1.00 / $3.20
per M tokens
Kimi
Kimi K2.5
$0.60 / $2.80
per M tokens
MiniMax
MiniMax M2.5
$0.30 / $1.20
per M tokens
Qwen
Qwen3.5 122B
$0.40 / $3.00
per M tokens
How to use this skill
Install code-audit-scripts by running npx skills add b-open-io/prompts --skill code-audit-scripts in your project directory. Run the install command above in your project directory. The skill file will be downloaded from GitHub and placed in your project.
No configuration needed. Your AI agent (Claude Code, Cursor, Windsurf, etc.) automatically detects installed skills and uses them as context when generating code.
The skill enhances your agent's understanding of code-audit-scripts, helping it follow established patterns, avoid common mistakes, and produce production-ready output.
What you get
Skills are plain-text instruction files — not executable code. They encode expert knowledge about frameworks, languages, or tools that your AI agent reads to improve its output. This means zero runtime overhead, no dependency conflicts, and full transparency: you can read and review every instruction before installing.
Compatibility
This skill works with any AI coding agent that supports the skills.sh format, including Claude Code (Anthropic), Cursor, Windsurf, Cline, Aider, and other tools that read project-level context files. Skills are framework-agnostic at the transport level — the content inside determines which language or framework it applies to.
Made in Europe Chat with 100+ AI Models in one App.
Use Claude, ChatGPT, Gemini alongside with EU-Hosted Models like Deepseek, GLM-5, Kimi K2.5 and many more.
Get the App:
