feat: add codebase-audit-pre-push skill and sync generated files

2026-03-05 16:10:31 +01:00
parent 8c42024a29
commit f358ad2c4d
6 changed files with 369 additions and 7 deletions
--- a/CATALOG.md
+++ b/CATALOG.md
@@ -2,7 +2,7 @@
 Generated at: 2026-02-08T00:00:00.000Z
-Total skills: 1002
+Total skills: 1006
 ## architecture (69)
@@ -136,7 +136,7 @@ calculations | startup, business, analyst, market, opportunity | startup, busine
 | `startup-financial-modeling` | This skill should be used when the user asks to \\\"create financial projections", "build a financial model", "forecast revenue", "calculate burn rate", "est... | startup, financial, modeling | startup, financial, modeling, skill, should, used, user, asks, projections, model, forecast, revenue |
 | `whatsapp-automation` | Automate WhatsApp Business tasks via Rube MCP (Composio): send messages, manage templates, upload media, and handle contacts. Always search tools first for c... | whatsapp | whatsapp, automation, automate, business, tasks, via, rube, mcp, composio, send, messages, upload |
-## data-ai (181)
+## data-ai (182)
 | Skill | Description | Tags | Triggers |
 | --- | --- | --- | --- |
@@ -241,6 +241,7 @@ calculations | startup, business, analyst, market, opportunity | startup, busine
 | `dbt-transformation-patterns` | Master dbt (data build tool) for analytics engineering with model organization, testing, documentation, and incremental strategies. Use when building data tr... | dbt, transformation | dbt, transformation, data, analytics, engineering, model, organization, testing, documentation, incremental, building, transformations |
 | `documentation-generation-doc-generate` | You are a documentation expert specializing in creating comprehensive, maintainable documentation from code. Generate API docs, architecture diagrams, user g... | documentation, generation, doc, generate | documentation, generation, doc, generate, specializing, creating, maintainable, code, api, docs, architecture, diagrams |
 | `documentation-templates` | Documentation templates and structure guidelines. README, API docs, code comments, and AI-friendly documentation. | documentation | documentation, structure, guidelines, readme, api, docs, code, comments, ai, friendly |
 | `drizzle-orm-expert` | Expert in Drizzle ORM for TypeScript — schema design, relational queries, migrations, and serverless database integration. Use when building type-safe databa... | drizzle, orm | drizzle, orm, typescript, schema, relational, queries, migrations, serverless, database, integration, building, type |
 | `embedding-strategies` | Select and optimize embedding models for semantic search and RAG applications. Use when choosing embedding models, implementing chunking strategies, or optim... | embedding, strategies | embedding, strategies, select, optimize, models, semantic, search, rag, applications, choosing, implementing, chunking |
 | `fal-audio` | Text-to-speech and speech-to-text using fal.ai audio models | fal, audio | fal, audio, text, speech, ai, models |
 | `fal-generate` | Generate images and videos using fal.ai AI models | fal, generate | fal, generate, images, videos, ai, models |
@@ -810,7 +811,7 @@ scripts. | bash | bash, pro, defensive, scripting, automation, ci, cd, pipelines
 | `workflow-automation` | Workflow automation is the infrastructure that makes AI agents reliable. Without durable execution, a network hiccup during a 10-step payment flow means lost... |  | automation, infrastructure, makes, ai, agents, reliable, without, durable, execution, network, hiccup, during |
 | `x-twitter-scraper` | X (Twitter) data platform skill — tweet search, user lookup, follower extraction, engagement metrics, giveaway draws, monitoring, webhooks, 19 extraction too... | [twitter, x-api, scraping, mcp, social-media, data-extraction, giveaway, monitoring, webhooks] | [twitter, x-api, scraping, mcp, social-media, data-extraction, giveaway, monitoring, webhooks], twitter, scraper, data |
-## security (118)
+## security (121)
 | Skill | Description | Tags | Triggers |
 | --- | --- | --- | --- |
@@ -838,6 +839,7 @@ scripts. | bash | bash, pro, defensive, scripting, automation, ci, cd, pipelines
 | `clerk-auth` | Expert patterns for Clerk auth implementation, middleware, organizations, webhooks, and user sync Use when: adding authentication, clerk auth, user authentic... | clerk, auth | clerk, auth, middleware, organizations, webhooks, user, sync, adding, authentication, sign, up |
 | `cloud-penetration-testing` | This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exp... | cloud, penetration | cloud, penetration, testing, skill, should, used, user, asks, perform, assess, azure, aws |
 | `code-review-checklist` | Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability | code, checklist | code, checklist, review, conducting, thorough, reviews, covering, functionality, security, performance, maintainability |
 | `codebase-audit-pre-push` | Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness. | codebase, audit, pre, push | codebase, audit, pre, push, deep, before, github, removes, junk, files, dead, code |
 | `codebase-cleanup-deps-audit` | You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for ... | codebase, cleanup, deps, audit | codebase, cleanup, deps, audit, dependency, security, specializing, vulnerability, scanning, license, compliance, supply |
 | `convex` | Convex reactive backend expert: schema design, TypeScript functions, real-time subscriptions, auth, file storage, scheduling, and deployment. | convex | convex, reactive, backend, schema, typescript, functions, real, time, subscriptions, auth, file, storage |
 | `crypto-bd-agent` | Autonomous crypto business development patterns — multi-chain token discovery, 100-point scoring with wallet forensics, x402 micropayments, ERC-8004 on-chain... | crypto, bd, agent | crypto, bd, agent, autonomous, business, development, multi, chain, token, discovery, 100, point |
@@ -850,6 +852,8 @@ scripts. | bash | bash, pro, defensive, scripting, automation, ci, cd, pipelines
 | `docker-expert` | Docker containerization expert with deep knowledge of multi-stage builds, image optimization, container security, Docker Compose orchestration, and productio... | docker | docker, containerization, deep, knowledge, multi, stage, image, optimization, container, security, compose, orchestration |
 | `dotnet-backend` | Build ASP.NET Core 8+ backend services with EF Core, auth, background jobs, and production API patterns. | dotnet, backend | dotnet, backend, asp, net, core, ef, auth, background, jobs, api |
 | `ethical-hacking-methodology` | This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct secur... | ethical, hacking, methodology | ethical, hacking, methodology, skill, should, used, user, asks, learn, understand, penetration, testing |
 | `fda-food-safety-auditor` | Expert AI auditor for FDA Food Safety (FSMA), HACCP, and PCQI compliance. Reviews food facility records and preventive controls. | fda, food, safety, auditor | fda, food, safety, auditor, ai, fsma, haccp, pcqi, compliance, reviews, facility, records |
 | `fda-medtech-compliance-auditor` | Expert AI auditor for Medical Device (SaMD) compliance, IEC 62304, and 21 CFR Part 820. Reviews DHFs, technical files, and software validation. | fda, medtech, compliance, auditor | fda, medtech, compliance, auditor, ai, medical, device, samd, iec, 62304, 21, cfr |
 | `find-bugs` | Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit ... | find, bugs | find, bugs, security, vulnerabilities, code, quality, issues, local, branch, changes, asked, review |
 | `firebase` | Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules a... | firebase | firebase, gives, complete, backend, minutes, auth, database, storage, functions, hosting, ease, setup |
 | `firmware-analyst` | Expert firmware analyst specializing in embedded systems, IoT security, and hardware reverse engineering. | firmware, analyst | firmware, analyst, specializing, embedded, iot, security, hardware, reverse, engineering |
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
-# 🌌 Antigravity Awesome Skills: 179+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More
+# 🌌 Antigravity Awesome Skills: 1006+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More
-> **The Ultimate Collection of 179+ Universal Agentic Skills for AI Coding Assistants — Claude Code, Gemini CLI, Codex CLI, Antigravity IDE, GitHub Copilot, Cursor, OpenCode**
+> **The Ultimate Collection of 1006+ Universal Agentic Skills for AI Coding Assistants — Claude Code, Gemini CLI, Codex CLI, Antigravity IDE, GitHub Copilot, Cursor, OpenCode**
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Claude Code](https://img.shields.io/badge/Claude%20Code-Anthropic-purple)](https://claude.ai)
@@ -11,7 +11,7 @@
 [![OpenCode](https://img.shields.io/badge/OpenCode-CLI-gray)](https://github.com/opencode-ai/opencode)
 [![Antigravity](https://img.shields.io/badge/Antigravity-DeepMind-red)](https://github.com/anthropics/antigravity)
-**Antigravity Awesome Skills** is a curated, battle-tested library of **179 high-performance agentic skills** designed to work seamlessly across all major AI coding assistants:
+**Antigravity Awesome Skills** is a curated, battle-tested library of **1006 high-performance agentic skills** designed to work seamlessly across all major AI coding assistants:
 - 🟣 **Claude Code** (Anthropic CLI)
 - 🔵 **Gemini CLI** (Google DeepMind)
--- a/data/bundles.json
+++ b/data/bundles.json
@@ -279,6 +279,7 @@
        "clerk-auth",
        "cloud-penetration-testing",
        "code-review-checklist",
        "codebase-audit-pre-push",
        "codebase-cleanup-deps-audit",
        "convex",
        "customs-trade-compliance",
--- a/data/catalog.json
+++ b/data/catalog.json
@@ -1,6 +1,6 @@
 {
  "generatedAt": "2026-02-08T00:00:00.000Z",
-  "total": 1002,
+  "total": 1006,
  "skills": [
    {
      "id": "00-andruia-consultant",
@@ -7314,6 +7314,33 @@
      ],
      "path": "skills/code-reviewer/SKILL.md"
    },
    {
      "id": "codebase-audit-pre-push",
      "name": "codebase-audit-pre-push",
      "description": "Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness.",
      "category": "security",
      "tags": [
        "codebase",
        "audit",
        "pre",
        "push"
      ],
      "triggers": [
        "codebase",
        "audit",
        "pre",
        "push",
        "deep",
        "before",
        "github",
        "removes",
        "junk",
        "files",
        "dead",
        "code"
      ],
      "path": "skills/codebase-audit-pre-push/SKILL.md"
    },
    {
      "id": "codebase-cleanup-deps-audit",
      "name": "codebase-cleanup-deps-audit",
@@ -9871,6 +9898,31 @@
      ],
      "path": "skills/dotnet-backend-patterns/SKILL.md"
    },
    {
      "id": "drizzle-orm-expert",
      "name": "drizzle-orm-expert",
      "description": "Expert in Drizzle ORM for TypeScript — schema design, relational queries, migrations, and serverless database integration. Use when building type-safe database layers with Drizzle.",
      "category": "data-ai",
      "tags": [
        "drizzle",
        "orm"
      ],
      "triggers": [
        "drizzle",
        "orm",
        "typescript",
        "schema",
        "relational",
        "queries",
        "migrations",
        "serverless",
        "database",
        "integration",
        "building",
        "type"
      ],
      "path": "skills/drizzle-orm-expert/SKILL.md"
    },
    {
      "id": "dropbox-automation",
      "name": "dropbox-automation",
@@ -10676,6 +10728,60 @@
      ],
      "path": "skills/fastapi-templates/SKILL.md"
    },
    {
      "id": "fda-food-safety-auditor",
      "name": "fda-food-safety-auditor",
      "description": "Expert AI auditor for FDA Food Safety (FSMA), HACCP, and PCQI compliance. Reviews food facility records and preventive controls.",
      "category": "security",
      "tags": [
        "fda",
        "food",
        "safety",
        "auditor"
      ],
      "triggers": [
        "fda",
        "food",
        "safety",
        "auditor",
        "ai",
        "fsma",
        "haccp",
        "pcqi",
        "compliance",
        "reviews",
        "facility",
        "records"
      ],
      "path": "skills/fda-food-safety-auditor/SKILL.md"
    },
    {
      "id": "fda-medtech-compliance-auditor",
      "name": "fda-medtech-compliance-auditor",
      "description": "Expert AI auditor for Medical Device (SaMD) compliance, IEC 62304, and 21 CFR Part 820. Reviews DHFs, technical files, and software validation.",
      "category": "security",
      "tags": [
        "fda",
        "medtech",
        "compliance",
        "auditor"
      ],
      "triggers": [
        "fda",
        "medtech",
        "compliance",
        "auditor",
        "ai",
        "medical",
        "device",
        "samd",
        "iec",
        "62304",
        "21",
        "cfr"
      ],
      "path": "skills/fda-medtech-compliance-auditor/SKILL.md"
    },
    {
      "id": "ffuf-claude-skill",
      "name": "ffuf-claude-skill",
--- a/skills/codebase-audit-pre-push/SKILL.md
+++ b/skills/codebase-audit-pre-push/SKILL.md
@@ -0,0 +1,241 @@
 ---
 name: codebase-audit-pre-push
 description: "Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness."
 category: development
 risk: safe
 source: community
 date_added: "2026-03-05"
 ---
 # Pre-Push Codebase Audit
 As a senior engineer, you're doing the final review before pushing this code to GitHub. Check everything carefully and fix problems as you find them.  
 ## When to Use This Skill  
 - User requests "audit the codebase" or "review before push"  
 - Before making the first push to GitHub  
 - Before making a repository public  
 - Pre-production deployment review  
 - User asks to "clean up the code" or "optimize everything"  
 ## Your Job  
 Review the entire codebase file by file. Read the code carefully. Fix issues right away. Don't just note problems—make the necessary changes.  
 ## Audit Process  
 ### 1. Clean Up Junk Files  
 Start by looking for files that shouldn't be on GitHub:  
 **Delete these immediately:**  
 - OS files: `.DS_Store`, `Thumbs.db`, `desktop.ini`  
 - Logs: `*.log`, `npm-debug.log*`, `yarn-error.log*`  
 - Temp files: `*.tmp`, `*.temp`, `*.cache`, `*.swp`  
 - Build output: `dist/`, `build/`, `.next/`, `out/`, `.cache/`  
 - Dependencies: `node_modules/`, `vendor/`, `__pycache__/`, `*.pyc`  
 - IDE files: `.idea/`, `.vscode/` (ask user first), `*.iml`, `.project`  
 - Backup files: `*.bak`, `*_old.*`, `*_backup.*`, `*_copy.*`  
 - Test artifacts: `coverage/`, `.nyc_output/`, `test-results/`  
 - Personal junk: `TODO.txt`, `NOTES.txt`, `scratch.*`, `test123.*`  
 **Critical - Check for secrets:**  
 - `.env` files (should never be committed)  
 - Files containing: `password`, `api_key`, `token`, `secret`, `private_key`  
 - `*.pem`, `*.key`, `*.cert`, `credentials.json`, `serviceAccountKey.json`  
 If you find secrets in the code, mark it as a CRITICAL BLOCKER.  
 ### 2. Fix .gitignore  
 Check if the `.gitignore` file exists and is thorough. If it’s missing or not complete, update it to include all junk file patterns above. Ensure that `.env.example` exists with keys but no values.  
 ### 3. Audit Every Source File  
 Look through each code file and check:  
 **Dead Code (remove immediately):**  
 - Commented-out code blocks  
 - Unused imports/requires  
 - Unused variables (declared but never used)  
 - Unused functions (defined but never called)  
 - Unreachable code (after `return`, inside `if (false)`)  
 - Duplicate logic (same code in multiple places—combine)  
 **Code Quality (fix issues as you go):**  
 - Vague names: `data`, `info`, `temp`, `thing` → rename to be descriptive  
 - Magic numbers: `if (status === 3)` → extract to named constant  
 - Debug statements: remove `console.log`, `print()`, `debugger`  
 - TODO/FIXME comments: either resolve them or delete them  
 - TypeScript `any`: add proper types or explain why `any` is used  
 - Use `===` instead of `==` in JavaScript  
 - Functions longer than 50 lines: consider splitting  
 - Nested code greater than 3 levels: refactor with early returns  
 **Logic Issues (critical):**  
 - Missing null/undefined checks  
 - Array operations on potentially empty arrays  
 - Async functions that are not awaited  
 - Promises without `.catch()` or try/catch  
 - Possibilities for infinite loops  
 - Missing `default` in switch statements  
 ### 4. Security Check (Zero Tolerance)  
 **Secrets:** Search for hardcoded passwords, API keys, and tokens. They must be in environment variables.  
 **Injection vulnerabilities:**  
 - SQL: No string concatenation in queries—use parameterized queries only  
 - Command injection: No `exec()` with user-provided input  
 - Path traversal: No file paths from user input without validation  
 - XSS: No `innerHTML` or `dangerouslySetInnerHTML` with user data  
 **Auth/Authorization:**  
 - Passwords hashed with bcrypt/argon2 (never MD5 or plain text)  
 - Protected routes check for authentication  
 - Authorization checks on the server side, not just in the UI  
 - No IDOR: verify users own the resources they are accessing  
 **Data exposure:**  
 - API responses do not leak unnecessary information  
 - Error messages do not expose stack traces or database details  
 - Pagination is present on list endpoints  
 **Dependencies:**  
 - Run `npm audit` or an equivalent tool  
 - Flag critically outdated or vulnerable packages  
 ### 5. Scalability Check  
 **Database:**  
 - N+1 queries: loops with database calls inside → use JOINs or batch queries  
 - Missing indexes on WHERE/ORDER BY columns  
 - Unbounded queries: add LIMIT or pagination  
 - Avoid `SELECT *`: specify columns  
 **API Design:**  
 - Heavy operations (like email, reports, file processing) → move to a background queue  
 - Rate limiting on public endpoints  
 - Caching for data that is read frequently  
 - Timeouts on external calls  
 **Code:**  
 - No global mutable state  
 - Clean up event listeners (to avoid memory leaks)  
 - Stream large files instead of loading them into memory  
 ### 6. Architecture Check  
 **Organization:**  
 - Clear folder structure  
 - Files are in logical locations  
 - No "misc" or "stuff" folders  
 **Separation of concerns:**  
 - UI layer: only responsible for rendering  
 - Business logic: pure functions  
 - Data layer: isolated database queries  
 - No 500+ line "god files"  
 **Reusability:**  
 - Duplicate code → extract to shared utilities  
 - Constants defined once and imported  
 - Types/interfaces reused, not redefined  
 ### 7. Performance  
 **Backend:**  
 - Expensive operations do not block requests  
 - Batch database calls when possible  
 - Set cache headers correctly  
 **Frontend (if applicable):**  
 - Implement code splitting  
 - Optimize images  
 - Avoid massive dependencies for small utilities  
 - Use lazy loading for heavy components  
 ### 8. Documentation  
 **README.md must include:**  
 - Description of what the project does  
 - Instructions for installation and execution  
 - Required environment variables  
 - Guidance on running tests  
 **Code comments:**  
 - Explain WHY, not WHAT  
 - Provide explanations for complex logic  
 - Avoid comments that merely repeat the code  
 ### 9. Testing  
 - Critical paths should have tests (auth, payments, core features)  
 - No `test.only` or `fdescribe` should remain in the code  
 - Avoid `test.skip` without an explanation  
 - Tests should verify behavior, not implementation details  
 ### 10. Final Verification  
 After making all changes, run the app. Ensure nothing is broken. Check that:  
 - The app starts without errors  
 - Main features work  
 - Tests pass (if they exist)  
 - No regressions have been introduced  
 ## Output Format  
 After auditing, provide a report:  
 ```
 CODEBASE AUDIT COMPLETE  
 FILES REMOVED:  
 - node_modules/ (build artifact)  
 - .env (contained secrets)  
 - old_backup.js (unused duplicate)  
 CODE CHANGES:  
 [src/api/users.js]  
  ✂ Removed unused import: lodash  
  ✂ Removed dead function: formatOldWay()  
  🔧 Renamed 'data' → 'userData' for clarity  
  🛡 Added try/catch around API call (line 47)  
 [src/db/queries.js]  
  ⚡ Fixed N+1 query: now uses JOIN instead of loop  
 SECURITY ISSUES:  
 🚨 CRITICAL: Hardcoded API key in config.js (line 12) → moved to .env  
 ⚠️ HIGH: SQL injection risk in search.js (line 34) → fixed with parameterized query  
 SCALABILITY:  
 ⚡ Added pagination to /api/users endpoint  
 ⚡ Added index on users.email column  
 FINAL STATUS:  
 ✅ CLEAN - Ready to push to GitHub  
 Scores:  
 Security: 9/10 (one minor header missing)  
 Code Quality: 10/10  
 Scalability: 9/10  
 Overall: 9/10  
 ```  
 ## Key Principles  
 - Read the code thoroughly, don't skim  
 - Fix issues immediately, don’t just document them  
 - If uncertain about removing something, ask the user  
 - Test after making changes  
 - Be thorough but practical—focus on real problems  
 - Security issues are blockers—nothing should ship with critical vulnerabilities  
 ## Related Skills  
 - `@security-auditor` - Deeper security review  
 - `@systematic-debugging` - Investigate specific issues  
 - `@git-pushing` - Push code after audit  
--- a/skills_index.json
+++ b/skills_index.json
@@ -2959,6 +2959,16 @@
    "source": "community",
    "date_added": "2026-02-27"
  },
  {
    "id": "codebase-audit-pre-push",
    "path": "skills/codebase-audit-pre-push",
    "category": "development",
    "name": "codebase-audit-pre-push",
    "description": "Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness.",
    "risk": "safe",
    "source": "community",
    "date_added": "2026-03-05"
  },
  {
    "id": "codebase-cleanup-deps-audit",
    "path": "skills/codebase-cleanup-deps-audit",