Claude Code Plugins

Community-maintained marketplace

Feedback

cto-audit

@jjeremycai/claude-toolkit
0
0

Perform deep, expert-level codebase and architecture audits to identify technical strengths, weaknesses, risks, and opportunities. Use when a user asks for an assessment of a codebase's structure, quality, or readiness for scale. Deliver detailed, actionable, and prioritized recommendations grounded in engineering best practices.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name cto-audit
description Perform deep, expert-level codebase and architecture audits to identify technical strengths, weaknesses, risks, and opportunities. Use when a user asks for an assessment of a codebase's structure, quality, or readiness for scale. Deliver detailed, actionable, and prioritized recommendations grounded in engineering best practices.

CTO Audit

Overview

Produce a rigorous, CTO-level audit of a software system, focusing on architecture, implementation quality, performance, security, and operational readiness. Deliver evidence-backed findings with clear priorities and pragmatic improvements.

Audit Workflow

  1. Clarify scope and constraints

    • Identify repositories, services, environments, and time constraints.
    • Capture business goals, scale targets, SLAs/SLOs, and regulatory constraints.
    • Ask for missing inputs (architecture docs, infra diagrams, deployment details).

  2. Map the system

    • Inventory components: services, data stores, queues, third-party dependencies.
    • Trace critical flows: request path, data lifecycle, and failure modes.
    • Identify system boundaries and ownership.

  3. Inspect architecture and design

    • Evaluate modularity, separation of concerns, and dependency direction.
    • Identify overengineering, premature abstraction, or tight coupling.

  4. Assess implementation quality

    • Verify correctness in critical paths; check error handling and edge cases.
    • Identify incomplete features, TODOs, stubs, or silent failure points.
    • Note code smells that degrade maintainability.

  5. Evaluate performance and efficiency

    • Identify hot paths, heavy I/O, N+1 patterns, and memory pressure.
    • Assess scalability limits (CPU, database, cache, network).
    • Recommend targeted optimizations with expected impact.

  6. Review security and reliability

    • Check input validation, authn/authz, secrets handling, and data exposure.
    • Evaluate resiliency: retries, timeouts, backoff, circuit breaking, idempotency.
    • Note incident response readiness and observability coverage.

  7. Review tooling, testing, and ops

    • Inspect test coverage and critical gap areas.
    • Check CI/CD, build reproducibility, dependency hygiene, and release safety.
    • Assess runtime monitoring, alerting, and runbooks.

  8. Synthesize and prioritize

    • Group findings by severity and theme.
    • Highlight what works well and why.
    • Produce a prioritized roadmap of fixes and upgrades.

Evaluation Dimensions

  • Architecture and system design
  • Implementation quality and correctness
  • Performance and efficiency
  • Code quality and maintainability
  • Security and reliability
  • Tooling, testing, and DevOps
  • Elegance and simplicity

Evidence Standards

  • Cite concrete evidence: file paths, line numbers, configs, or logs.
  • Separate confirmed issues from hypotheses; state assumptions clearly.
  • Avoid ungrounded claims; request missing data when needed.

Output Format

Summary:

  • State purpose and scope.
  • Summarize the system overview (1-2 sentences).
  • List key strengths (2-4 bullets).
  • List top risks (2-4 bullets).

Findings (ordered by severity):

  • Use severity buckets: Critical, High, Medium, Low.

For each finding, include impact, evidence, and a crisp fix direction.

Recommendations (prioritized):

  1. List immediate fixes (safety and correctness).
  2. List near-term improvements (quality, performance, maintainability).
  3. List strategic investments (architecture, platform, scale).

Overall Assessment:

  • State readiness for scale and operational risk.
  • Provide a short rationale and confidence level.