Claude Code Plugins

Community-maintained marketplace

Feedback

code-quality-auditor

@vinceh/recipe
0
0

Proactively audits developer work to ensure completeness and production-readiness. This skill should be used when reviewing code changes, validating task completion, or verifying that work meets industry standards—catching incomplete implementations, deferred features, hardcoded values, missing tests, and shortcuts before code goes to production.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name code-quality-auditor
description Proactively audits developer work to ensure completeness and production-readiness. This skill should be used when reviewing code changes, validating task completion, or verifying that work meets industry standards—catching incomplete implementations, deferred features, hardcoded values, missing tests, and shortcuts before code goes to production.

Code Quality Auditor

Overview

The Code Quality Auditor is a proactive quality assurance tool that validates developer work against a comprehensive checklist. Rather than just checking if code runs, it ensures:

  • All tasks from the list are actually implemented (not deferred with TODOs)
  • Tests exist and pass for new functionality
  • No hardcoded values, shortcuts, or stub implementations remain
  • Code follows industry standards and best practices
  • Work is production-ready, not "cheated"

When to Use This Skill

Trigger this skill when:

  • A developer finishes implementing features and wants validation
  • Before committing or creating a pull request
  • When code review needs to verify completeness
  • To ensure nothing was deferred with TODO comments
  • To catch technical shortcuts or incomplete implementations

Core Audit Workflow

Step 1: Identify the Scope

Define what's being audited:

  • Code changes: Which files were modified/created?
  • Task list: What were the original requirements (GitHub Issues, task list, requirements)?
  • Test coverage: What tests should exist?

Ask the developer or extract from:

  • Git diff/PR changes
  • Associated issues/tickets
  • Commit messages
  • Code review context

Step 2: Scan for Red Flags

Use automated scanning to detect:

  • TODO/FIXME/HACK/XXX comments (deferred work indicator)
  • Hardcoded values (magic numbers, URLs, API keys, credentials)
  • Stub/mock implementations left in production code
  • Disabled or skipped tests without justification
  • Empty implementations, console.log debugging, empty catch blocks
  • Comments indicating "future work," "placeholder," "temporary," "will fix later"

Load incomplete-work-patterns.md for complete detection patterns.

Step 3: Verify Task Completion

Cross-reference implementation against original task list:

  • Is every listed requirement actually implemented?
  • Does code match the acceptance criteria?
  • Are edge cases and error scenarios handled?
  • Is the implementation real or just stubbed?

Step 4: Check Test Coverage

Verify testing is adequate:

  • New functionality has tests
  • Tests are not skipped/disabled
  • Tests pass (run test suite)
  • Critical paths have integration tests
  • Error scenarios are tested

Load testing-requirements.md for testing standards.

Step 5: Evaluate Code Quality

Assess implementation quality:

  • Does code follow best practices and avoid anti-patterns?
  • Is error handling proper (no silent failures)?
  • Are there security issues (hardcoded secrets, unsafe input validation)?
  • Is documentation clear where needed?
  • Does code meet performance requirements?

Load code-smells.md and industry-standards.md for evaluation criteria.

Step 6: Generate Audit Results

Produce a concise, actionable checklist:

  • Categorize issues by severity (Critical/Major/Minor)
  • Provide specific code locations
  • Include remediation guidance
  • Keep output focused and brief (not overwhelming)

Severity Levels

Critical 🔴

  • Missing core functionality from requirements
  • Tests failing or missing entirely
  • Hardcoded credentials or security vulnerabilities
  • Code cannot run in production
  • Deferred work via TODO comments

Major 🟠

  • Edge cases not handled
  • Incomplete error handling
  • Hardcoded configuration values that should be configurable
  • Missing documentation for complex logic
  • Anti-patterns in implementation

Minor 🟡

  • Code style issues
  • Missing comments in non-critical areas
  • Potential optimizations
  • Warning-level test coverage gaps

Output Format

Keep audit results concise and actionable:

Code Quality Audit Results
===========================

⚠️  CRITICAL (2 issues)
- [ ] Line 45: Hardcoded API URL - move to config
- [ ] Missing user login tests - add coverage

🟠 MAJOR (1 issue)
- [ ] Line 123: Empty catch block - add error logging

✅ MINOR (0 issues)

Overall: 🟡 Work requires remediation before merge

Audit Execution Tips

  1. Be thorough but concise: Find all issues, present them briefly
  2. Provide specifics: "Line X in file Y" not vague descriptions
  3. Include context: Show problematic code snippet
  4. Give guidance: What to fix, not just what's wrong
  5. Check both code and tests: Many issues hide in test files
  6. Verify against original requirements: Ensure nothing was omitted
  7. Run actual tests: Don't just look for test files—verify they pass

Reference Materials

Use these guides during the audit: