From f358ad2c4dacfdcf54bee0dede7e3cddbe50c433 Mon Sep 17 00:00:00 2001 From: sck_0 Date: Thu, 5 Mar 2026 16:10:31 +0100 Subject: [PATCH] feat: add codebase-audit-pre-push skill and sync generated files --- CATALOG.md | 10 +- README.md | 6 +- data/bundles.json | 1 + data/catalog.json | 108 ++++++++++- skills/codebase-audit-pre-push/SKILL.md | 241 ++++++++++++++++++++++++ skills_index.json | 10 + 6 files changed, 369 insertions(+), 7 deletions(-) create mode 100644 skills/codebase-audit-pre-push/SKILL.md diff --git a/CATALOG.md b/CATALOG.md index e3ace9a8..86e9aea8 100644 --- a/CATALOG.md +++ b/CATALOG.md @@ -2,7 +2,7 @@ Generated at: 2026-02-08T00:00:00.000Z -Total skills: 1002 +Total skills: 1006 ## architecture (69) @@ -136,7 +136,7 @@ calculations | startup, business, analyst, market, opportunity | startup, busine | `startup-financial-modeling` | This skill should be used when the user asks to \\\"create financial projections", "build a financial model", "forecast revenue", "calculate burn rate", "est... | startup, financial, modeling | startup, financial, modeling, skill, should, used, user, asks, projections, model, forecast, revenue | | `whatsapp-automation` | Automate WhatsApp Business tasks via Rube MCP (Composio): send messages, manage templates, upload media, and handle contacts. Always search tools first for c... | whatsapp | whatsapp, automation, automate, business, tasks, via, rube, mcp, composio, send, messages, upload | -## data-ai (181) +## data-ai (182) | Skill | Description | Tags | Triggers | | --- | --- | --- | --- | @@ -241,6 +241,7 @@ calculations | startup, business, analyst, market, opportunity | startup, busine | `dbt-transformation-patterns` | Master dbt (data build tool) for analytics engineering with model organization, testing, documentation, and incremental strategies. Use when building data tr... | dbt, transformation | dbt, transformation, data, analytics, engineering, model, organization, testing, documentation, incremental, building, transformations | | `documentation-generation-doc-generate` | You are a documentation expert specializing in creating comprehensive, maintainable documentation from code. Generate API docs, architecture diagrams, user g... | documentation, generation, doc, generate | documentation, generation, doc, generate, specializing, creating, maintainable, code, api, docs, architecture, diagrams | | `documentation-templates` | Documentation templates and structure guidelines. README, API docs, code comments, and AI-friendly documentation. | documentation | documentation, structure, guidelines, readme, api, docs, code, comments, ai, friendly | +| `drizzle-orm-expert` | Expert in Drizzle ORM for TypeScript — schema design, relational queries, migrations, and serverless database integration. Use when building type-safe databa... | drizzle, orm | drizzle, orm, typescript, schema, relational, queries, migrations, serverless, database, integration, building, type | | `embedding-strategies` | Select and optimize embedding models for semantic search and RAG applications. Use when choosing embedding models, implementing chunking strategies, or optim... | embedding, strategies | embedding, strategies, select, optimize, models, semantic, search, rag, applications, choosing, implementing, chunking | | `fal-audio` | Text-to-speech and speech-to-text using fal.ai audio models | fal, audio | fal, audio, text, speech, ai, models | | `fal-generate` | Generate images and videos using fal.ai AI models | fal, generate | fal, generate, images, videos, ai, models | @@ -810,7 +811,7 @@ scripts. | bash | bash, pro, defensive, scripting, automation, ci, cd, pipelines | `workflow-automation` | Workflow automation is the infrastructure that makes AI agents reliable. Without durable execution, a network hiccup during a 10-step payment flow means lost... | | automation, infrastructure, makes, ai, agents, reliable, without, durable, execution, network, hiccup, during | | `x-twitter-scraper` | X (Twitter) data platform skill — tweet search, user lookup, follower extraction, engagement metrics, giveaway draws, monitoring, webhooks, 19 extraction too... | [twitter, x-api, scraping, mcp, social-media, data-extraction, giveaway, monitoring, webhooks] | [twitter, x-api, scraping, mcp, social-media, data-extraction, giveaway, monitoring, webhooks], twitter, scraper, data | -## security (118) +## security (121) | Skill | Description | Tags | Triggers | | --- | --- | --- | --- | @@ -838,6 +839,7 @@ scripts. | bash | bash, pro, defensive, scripting, automation, ci, cd, pipelines | `clerk-auth` | Expert patterns for Clerk auth implementation, middleware, organizations, webhooks, and user sync Use when: adding authentication, clerk auth, user authentic... | clerk, auth | clerk, auth, middleware, organizations, webhooks, user, sync, adding, authentication, sign, up | | `cloud-penetration-testing` | This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exp... | cloud, penetration | cloud, penetration, testing, skill, should, used, user, asks, perform, assess, azure, aws | | `code-review-checklist` | Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability | code, checklist | code, checklist, review, conducting, thorough, reviews, covering, functionality, security, performance, maintainability | +| `codebase-audit-pre-push` | Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness. | codebase, audit, pre, push | codebase, audit, pre, push, deep, before, github, removes, junk, files, dead, code | | `codebase-cleanup-deps-audit` | You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for ... | codebase, cleanup, deps, audit | codebase, cleanup, deps, audit, dependency, security, specializing, vulnerability, scanning, license, compliance, supply | | `convex` | Convex reactive backend expert: schema design, TypeScript functions, real-time subscriptions, auth, file storage, scheduling, and deployment. | convex | convex, reactive, backend, schema, typescript, functions, real, time, subscriptions, auth, file, storage | | `crypto-bd-agent` | Autonomous crypto business development patterns — multi-chain token discovery, 100-point scoring with wallet forensics, x402 micropayments, ERC-8004 on-chain... | crypto, bd, agent | crypto, bd, agent, autonomous, business, development, multi, chain, token, discovery, 100, point | @@ -850,6 +852,8 @@ scripts. | bash | bash, pro, defensive, scripting, automation, ci, cd, pipelines | `docker-expert` | Docker containerization expert with deep knowledge of multi-stage builds, image optimization, container security, Docker Compose orchestration, and productio... | docker | docker, containerization, deep, knowledge, multi, stage, image, optimization, container, security, compose, orchestration | | `dotnet-backend` | Build ASP.NET Core 8+ backend services with EF Core, auth, background jobs, and production API patterns. | dotnet, backend | dotnet, backend, asp, net, core, ef, auth, background, jobs, api | | `ethical-hacking-methodology` | This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct secur... | ethical, hacking, methodology | ethical, hacking, methodology, skill, should, used, user, asks, learn, understand, penetration, testing | +| `fda-food-safety-auditor` | Expert AI auditor for FDA Food Safety (FSMA), HACCP, and PCQI compliance. Reviews food facility records and preventive controls. | fda, food, safety, auditor | fda, food, safety, auditor, ai, fsma, haccp, pcqi, compliance, reviews, facility, records | +| `fda-medtech-compliance-auditor` | Expert AI auditor for Medical Device (SaMD) compliance, IEC 62304, and 21 CFR Part 820. Reviews DHFs, technical files, and software validation. | fda, medtech, compliance, auditor | fda, medtech, compliance, auditor, ai, medical, device, samd, iec, 62304, 21, cfr | | `find-bugs` | Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit ... | find, bugs | find, bugs, security, vulnerabilities, code, quality, issues, local, branch, changes, asked, review | | `firebase` | Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules a... | firebase | firebase, gives, complete, backend, minutes, auth, database, storage, functions, hosting, ease, setup | | `firmware-analyst` | Expert firmware analyst specializing in embedded systems, IoT security, and hardware reverse engineering. | firmware, analyst | firmware, analyst, specializing, embedded, iot, security, hardware, reverse, engineering | diff --git a/README.md b/README.md index 65e3bfce..e838169c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# 🌌 Antigravity Awesome Skills: 179+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More +# 🌌 Antigravity Awesome Skills: 1006+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More -> **The Ultimate Collection of 179+ Universal Agentic Skills for AI Coding Assistants — Claude Code, Gemini CLI, Codex CLI, Antigravity IDE, GitHub Copilot, Cursor, OpenCode** +> **The Ultimate Collection of 1006+ Universal Agentic Skills for AI Coding Assistants — Claude Code, Gemini CLI, Codex CLI, Antigravity IDE, GitHub Copilot, Cursor, OpenCode** [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![Claude Code](https://img.shields.io/badge/Claude%20Code-Anthropic-purple)](https://claude.ai) @@ -11,7 +11,7 @@ [![OpenCode](https://img.shields.io/badge/OpenCode-CLI-gray)](https://github.com/opencode-ai/opencode) [![Antigravity](https://img.shields.io/badge/Antigravity-DeepMind-red)](https://github.com/anthropics/antigravity) -**Antigravity Awesome Skills** is a curated, battle-tested library of **179 high-performance agentic skills** designed to work seamlessly across all major AI coding assistants: +**Antigravity Awesome Skills** is a curated, battle-tested library of **1006 high-performance agentic skills** designed to work seamlessly across all major AI coding assistants: - 🟣 **Claude Code** (Anthropic CLI) - 🔵 **Gemini CLI** (Google DeepMind) diff --git a/data/bundles.json b/data/bundles.json index 149d91b9..c636930e 100644 --- a/data/bundles.json +++ b/data/bundles.json @@ -279,6 +279,7 @@ "clerk-auth", "cloud-penetration-testing", "code-review-checklist", + "codebase-audit-pre-push", "codebase-cleanup-deps-audit", "convex", "customs-trade-compliance", diff --git a/data/catalog.json b/data/catalog.json index 9346b2cc..8416be87 100644 --- a/data/catalog.json +++ b/data/catalog.json @@ -1,6 +1,6 @@ { "generatedAt": "2026-02-08T00:00:00.000Z", - "total": 1002, + "total": 1006, "skills": [ { "id": "00-andruia-consultant", @@ -7314,6 +7314,33 @@ ], "path": "skills/code-reviewer/SKILL.md" }, + { + "id": "codebase-audit-pre-push", + "name": "codebase-audit-pre-push", + "description": "Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness.", + "category": "security", + "tags": [ + "codebase", + "audit", + "pre", + "push" + ], + "triggers": [ + "codebase", + "audit", + "pre", + "push", + "deep", + "before", + "github", + "removes", + "junk", + "files", + "dead", + "code" + ], + "path": "skills/codebase-audit-pre-push/SKILL.md" + }, { "id": "codebase-cleanup-deps-audit", "name": "codebase-cleanup-deps-audit", @@ -9871,6 +9898,31 @@ ], "path": "skills/dotnet-backend-patterns/SKILL.md" }, + { + "id": "drizzle-orm-expert", + "name": "drizzle-orm-expert", + "description": "Expert in Drizzle ORM for TypeScript — schema design, relational queries, migrations, and serverless database integration. Use when building type-safe database layers with Drizzle.", + "category": "data-ai", + "tags": [ + "drizzle", + "orm" + ], + "triggers": [ + "drizzle", + "orm", + "typescript", + "schema", + "relational", + "queries", + "migrations", + "serverless", + "database", + "integration", + "building", + "type" + ], + "path": "skills/drizzle-orm-expert/SKILL.md" + }, { "id": "dropbox-automation", "name": "dropbox-automation", @@ -10676,6 +10728,60 @@ ], "path": "skills/fastapi-templates/SKILL.md" }, + { + "id": "fda-food-safety-auditor", + "name": "fda-food-safety-auditor", + "description": "Expert AI auditor for FDA Food Safety (FSMA), HACCP, and PCQI compliance. Reviews food facility records and preventive controls.", + "category": "security", + "tags": [ + "fda", + "food", + "safety", + "auditor" + ], + "triggers": [ + "fda", + "food", + "safety", + "auditor", + "ai", + "fsma", + "haccp", + "pcqi", + "compliance", + "reviews", + "facility", + "records" + ], + "path": "skills/fda-food-safety-auditor/SKILL.md" + }, + { + "id": "fda-medtech-compliance-auditor", + "name": "fda-medtech-compliance-auditor", + "description": "Expert AI auditor for Medical Device (SaMD) compliance, IEC 62304, and 21 CFR Part 820. Reviews DHFs, technical files, and software validation.", + "category": "security", + "tags": [ + "fda", + "medtech", + "compliance", + "auditor" + ], + "triggers": [ + "fda", + "medtech", + "compliance", + "auditor", + "ai", + "medical", + "device", + "samd", + "iec", + "62304", + "21", + "cfr" + ], + "path": "skills/fda-medtech-compliance-auditor/SKILL.md" + }, { "id": "ffuf-claude-skill", "name": "ffuf-claude-skill", diff --git a/skills/codebase-audit-pre-push/SKILL.md b/skills/codebase-audit-pre-push/SKILL.md new file mode 100644 index 00000000..8b05db03 --- /dev/null +++ b/skills/codebase-audit-pre-push/SKILL.md @@ -0,0 +1,241 @@ +--- +name: codebase-audit-pre-push +description: "Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness." +category: development +risk: safe +source: community +date_added: "2026-03-05" +--- + +# Pre-Push Codebase Audit + +As a senior engineer, you're doing the final review before pushing this code to GitHub. Check everything carefully and fix problems as you find them. + +## When to Use This Skill + +- User requests "audit the codebase" or "review before push" +- Before making the first push to GitHub +- Before making a repository public +- Pre-production deployment review +- User asks to "clean up the code" or "optimize everything" + +## Your Job + +Review the entire codebase file by file. Read the code carefully. Fix issues right away. Don't just note problems—make the necessary changes. + +## Audit Process + +### 1. Clean Up Junk Files + +Start by looking for files that shouldn't be on GitHub: + +**Delete these immediately:** +- OS files: `.DS_Store`, `Thumbs.db`, `desktop.ini` +- Logs: `*.log`, `npm-debug.log*`, `yarn-error.log*` +- Temp files: `*.tmp`, `*.temp`, `*.cache`, `*.swp` +- Build output: `dist/`, `build/`, `.next/`, `out/`, `.cache/` +- Dependencies: `node_modules/`, `vendor/`, `__pycache__/`, `*.pyc` +- IDE files: `.idea/`, `.vscode/` (ask user first), `*.iml`, `.project` +- Backup files: `*.bak`, `*_old.*`, `*_backup.*`, `*_copy.*` +- Test artifacts: `coverage/`, `.nyc_output/`, `test-results/` +- Personal junk: `TODO.txt`, `NOTES.txt`, `scratch.*`, `test123.*` + +**Critical - Check for secrets:** +- `.env` files (should never be committed) +- Files containing: `password`, `api_key`, `token`, `secret`, `private_key` +- `*.pem`, `*.key`, `*.cert`, `credentials.json`, `serviceAccountKey.json` + +If you find secrets in the code, mark it as a CRITICAL BLOCKER. + +### 2. Fix .gitignore + +Check if the `.gitignore` file exists and is thorough. If it’s missing or not complete, update it to include all junk file patterns above. Ensure that `.env.example` exists with keys but no values. + +### 3. Audit Every Source File + +Look through each code file and check: + +**Dead Code (remove immediately):** +- Commented-out code blocks +- Unused imports/requires +- Unused variables (declared but never used) +- Unused functions (defined but never called) +- Unreachable code (after `return`, inside `if (false)`) +- Duplicate logic (same code in multiple places—combine) + +**Code Quality (fix issues as you go):** +- Vague names: `data`, `info`, `temp`, `thing` → rename to be descriptive +- Magic numbers: `if (status === 3)` → extract to named constant +- Debug statements: remove `console.log`, `print()`, `debugger` +- TODO/FIXME comments: either resolve them or delete them +- TypeScript `any`: add proper types or explain why `any` is used +- Use `===` instead of `==` in JavaScript +- Functions longer than 50 lines: consider splitting +- Nested code greater than 3 levels: refactor with early returns + +**Logic Issues (critical):** +- Missing null/undefined checks +- Array operations on potentially empty arrays +- Async functions that are not awaited +- Promises without `.catch()` or try/catch +- Possibilities for infinite loops +- Missing `default` in switch statements + +### 4. Security Check (Zero Tolerance) + +**Secrets:** Search for hardcoded passwords, API keys, and tokens. They must be in environment variables. + +**Injection vulnerabilities:** +- SQL: No string concatenation in queries—use parameterized queries only +- Command injection: No `exec()` with user-provided input +- Path traversal: No file paths from user input without validation +- XSS: No `innerHTML` or `dangerouslySetInnerHTML` with user data + +**Auth/Authorization:** +- Passwords hashed with bcrypt/argon2 (never MD5 or plain text) +- Protected routes check for authentication +- Authorization checks on the server side, not just in the UI +- No IDOR: verify users own the resources they are accessing + +**Data exposure:** +- API responses do not leak unnecessary information +- Error messages do not expose stack traces or database details +- Pagination is present on list endpoints + +**Dependencies:** +- Run `npm audit` or an equivalent tool +- Flag critically outdated or vulnerable packages + +### 5. Scalability Check + +**Database:** +- N+1 queries: loops with database calls inside → use JOINs or batch queries +- Missing indexes on WHERE/ORDER BY columns +- Unbounded queries: add LIMIT or pagination +- Avoid `SELECT *`: specify columns + +**API Design:** +- Heavy operations (like email, reports, file processing) → move to a background queue +- Rate limiting on public endpoints +- Caching for data that is read frequently +- Timeouts on external calls + +**Code:** +- No global mutable state +- Clean up event listeners (to avoid memory leaks) +- Stream large files instead of loading them into memory + +### 6. Architecture Check + +**Organization:** +- Clear folder structure +- Files are in logical locations +- No "misc" or "stuff" folders + +**Separation of concerns:** +- UI layer: only responsible for rendering +- Business logic: pure functions +- Data layer: isolated database queries +- No 500+ line "god files" + +**Reusability:** +- Duplicate code → extract to shared utilities +- Constants defined once and imported +- Types/interfaces reused, not redefined + +### 7. Performance + +**Backend:** +- Expensive operations do not block requests +- Batch database calls when possible +- Set cache headers correctly + +**Frontend (if applicable):** +- Implement code splitting +- Optimize images +- Avoid massive dependencies for small utilities +- Use lazy loading for heavy components + +### 8. Documentation + +**README.md must include:** +- Description of what the project does +- Instructions for installation and execution +- Required environment variables +- Guidance on running tests + +**Code comments:** +- Explain WHY, not WHAT +- Provide explanations for complex logic +- Avoid comments that merely repeat the code + +### 9. Testing + +- Critical paths should have tests (auth, payments, core features) +- No `test.only` or `fdescribe` should remain in the code +- Avoid `test.skip` without an explanation +- Tests should verify behavior, not implementation details + +### 10. Final Verification + +After making all changes, run the app. Ensure nothing is broken. Check that: +- The app starts without errors +- Main features work +- Tests pass (if they exist) +- No regressions have been introduced + +## Output Format + +After auditing, provide a report: + +``` +CODEBASE AUDIT COMPLETE + +FILES REMOVED: +- node_modules/ (build artifact) +- .env (contained secrets) +- old_backup.js (unused duplicate) + +CODE CHANGES: +[src/api/users.js] + ✂ Removed unused import: lodash + ✂ Removed dead function: formatOldWay() + 🔧 Renamed 'data' → 'userData' for clarity + 🛡 Added try/catch around API call (line 47) + +[src/db/queries.js] + ⚡ Fixed N+1 query: now uses JOIN instead of loop + +SECURITY ISSUES: +🚨 CRITICAL: Hardcoded API key in config.js (line 12) → moved to .env +⚠️ HIGH: SQL injection risk in search.js (line 34) → fixed with parameterized query + +SCALABILITY: +⚡ Added pagination to /api/users endpoint +⚡ Added index on users.email column + +FINAL STATUS: +✅ CLEAN - Ready to push to GitHub + +Scores: +Security: 9/10 (one minor header missing) +Code Quality: 10/10 +Scalability: 9/10 +Overall: 9/10 +``` + +## Key Principles + +- Read the code thoroughly, don't skim +- Fix issues immediately, don’t just document them +- If uncertain about removing something, ask the user +- Test after making changes +- Be thorough but practical—focus on real problems +- Security issues are blockers—nothing should ship with critical vulnerabilities + +## Related Skills + +- `@security-auditor` - Deeper security review +- `@systematic-debugging` - Investigate specific issues +- `@git-pushing` - Push code after audit + diff --git a/skills_index.json b/skills_index.json index 7a78e6e4..a54ff340 100644 --- a/skills_index.json +++ b/skills_index.json @@ -2959,6 +2959,16 @@ "source": "community", "date_added": "2026-02-27" }, + { + "id": "codebase-audit-pre-push", + "path": "skills/codebase-audit-pre-push", + "category": "development", + "name": "codebase-audit-pre-push", + "description": "Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness.", + "risk": "safe", + "source": "community", + "date_added": "2026-03-05" + }, { "id": "codebase-cleanup-deps-audit", "path": "skills/codebase-cleanup-deps-audit",