生产代码审计工具：自动扫描修复安全、性能、架构问题，让代码达到企业级标准

production-code-audit by sickn33/antigravity-awesome-skills

491 周安装量

28,900 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill production-code-audit

开发性能优化安全

🇨🇳中文介绍

生产代码审计

概述

自主分析整个代码库以理解其架构、模式和用途，然后系统地将其转换为生产级、企业级的专业代码。此技能执行深入的逐行扫描，识别安全、性能、架构和质量方面的所有问题，然后提供全面的修复以满足企业标准。

何时使用此技能

当用户说"让这个代码达到生产就绪状态"时使用
当用户说"审计我的代码库"时使用
当用户说"让这个代码达到专业/企业级"时使用
当用户说"优化所有内容"时使用
当用户需要企业级质量时使用
在准备生产部署时使用
当代码需要满足企业标准时使用

工作原理

步骤 1：自主代码库发现

自动扫描并理解整个代码库：

读取所有文件 - 递归扫描项目中的每个文件
识别技术栈 - 检测语言、框架、数据库、工具
理解架构 - 映射结构、模式、依赖关系
识别用途 - 理解应用程序的功能
查找入口点 - 定位主文件、路由、控制器
映射数据流 - 理解数据如何在系统中流动

无需询问用户，自动完成此步骤。

步骤 2：全面问题检测

逐行扫描所有问题：

架构问题：

循环依赖
紧耦合
上帝类（>500 行或 >20 个方法）
关注点分离缺失
模块边界划分不当
违反设计模式

安全漏洞：

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

相关 Skills

find-skills 技能搜索工具 - Vercel Labs 开源智能体技能包管理器

776,000 周安装

Vercel React 最佳实践指南 | 58条Next.js性能优化规则与代码重构

261,300 周安装

Vercel Web界面规范检查工具 - 自动检测代码是否符合Web设计指南

210,800 周安装

agent-browser 浏览器自动化工具 - Vercel Labs 命令行网页操作与测试

140,500 周安装

User: @production-code-audit make this production-ready

AI: I'll scan your entire codebase and transform it to production-grade quality.

**Phase 1: Discovering Codebase** (analyzing 247 files)
- Detected: Node.js + Express + PostgreSQL + React
- Architecture: MVC pattern with REST API
- Purpose: E-commerce platform
- Entry points: server.js, src/index.tsx

**Phase 2: Scanning for Issues** (line-by-line analysis)

Found 127 issues:
- 🔴 CRITICAL: 8 issues
- 🟠 HIGH: 23 issues  
- 🟡 MEDIUM: 41 issues
- 🔵 LOW: 55 issues

**Phase 3: Fixing Issues Automatically**

🔴 CRITICAL FIXES (8/8 completed):

1. ✅ Fixed SQL injection in UserRepository.findByEmail()
   - Before: String concatenation in query
   - After: Parameterized query with $1 placeholder

2. ✅ Removed hardcoded database password from config/database.ts
   - Before: password: 'SuperSecret123!'
   - After: password: process.env.DB_PASSWORD

3. ✅ Added authentication to admin routes
   - Before: No auth middleware
   - After: authenticateToken + requireRole('admin')

4. ✅ Fixed weak password hashing (MD5 → bcrypt)
   - Before: crypto.createHash('md5')
   - After: bcrypt.hash(password, 12)

5. ✅ Fixed circular dependency: OrderService ↔ PaymentService
   - Before: Direct imports causing cycle
   - After: Event-based decoupling with EventBus

6. ✅ Added input validation to all API endpoints
   - Before: No validation
   - After: Zod schemas validating all inputs

7. ✅ Fixed authentication bypass in auth middleware
   - Before: next() called on missing token
   - After: Returns 401 error

8. ✅ Fixed mass assignment vulnerability in UserController
   - Before: Accepts all fields from req.body
   - After: Whitelist of allowed fields only

🟠 HIGH PRIORITY FIXES (23/23 completed):

9. ✅ Fixed N+1 query in OrderService.getOrdersWithItems()
   - Before: Loop with individual queries (2.8s)
   - After: Single query with joins (45ms)
   - Performance: 98% improvement

10. ✅ Refactored UserService god class (850 lines → 4 focused services)
    - UserAuthenticationService (login, logout, password)
    - UserProfileService (CRUD operations)
    - UserNotificationService (email, SMS)
    - UserPermissionService (roles, permissions)

11. ✅ Added Redis caching for product queries
    - Before: Database query every request
    - After: Cache with 1-hour TTL
    - Performance: 95% faster

12. ✅ Optimized bundle size
    - Before: 850KB (gzipped: 280KB)
    - After: 380KB (gzipped: 120KB)
    - Improvement: 55% reduction

13. ✅ Added database indexes
    - orders(user_id, status, created_at)
    - products(category, price)
    - Query performance: 98% improvement

[... 11 more high-priority fixes ...]

🟡 MEDIUM PRIORITY FIXES (41/41 completed):
[... all medium fixes ...]

🔵 LOW PRIORITY IMPROVEMENTS (55/55 completed):
[... all low improvements ...]

**Phase 4: Adding Production Infrastructure**

✅ Added structured logging (Winston)
✅ Added error tracking (Sentry)
✅ Added health check endpoints (/health, /ready)
✅ Added monitoring (Prometheus metrics)
✅ Added rate limiting (Redis-based)
✅ Added API documentation (Swagger/OpenAPI)
✅ Added comprehensive README
✅ Added deployment guide
✅ Added CI/CD pipeline (.github/workflows)

**Phase 5: Verification**

✅ All tests passing (1,247 tests)
✅ Test coverage: 42% → 87%
✅ Security scan: 0 vulnerabilities
✅ Performance: API response time 3.2s → 180ms
✅ Bundle size: 850KB → 380KB
✅ Lighthouse score: 62 → 94

**TRANSFORMATION COMPLETE**

Your codebase is now production-ready with enterprise-grade quality:

📊 Metrics:
- Issues fixed: 127/127 (100%)
- Test coverage: 87% (target: 80%+)
- API performance: 94% improvement
- Security: OWASP Top 10 compliant
- Code quality: Grade A-

📁 Files changed: 89 files
📝 Lines changed: +3,247 / -1,892

🚀 Ready for production deployment!

User: @production-code-audit secure this codebase

AI: Scanning for security vulnerabilities...

**Security Scan Complete**

Found 15 security issues:
- 🔴 CRITICAL: 5
- 🟠 HIGH: 7
- 🟡 MEDIUM: 3

**Fixing all security issues automatically...**

🔴 CRITICAL (5/5 fixed):

1. ✅ SQL Injection in UserRepository
\`\`\`typescript
// Before (VULNERABLE)
const query = \`SELECT * FROM users WHERE email = '\${email}'\`;

// After (SECURE)
const query = 'SELECT * FROM users WHERE email = $1';
await db.query(query, [email]);
\`\`\`

2. ✅ Hardcoded Secrets Removed
\`\`\`typescript
// Before (INSECURE)
const JWT_SECRET = 'my-secret-key-123';

// After (SECURE)
const JWT_SECRET = process.env.JWT_SECRET;
if (!JWT_SECRET) throw new Error('JWT_SECRET required');
\`\`\`

3. ✅ Authentication Added to Admin Routes
\`\`\`typescript
// Before (VULNERABLE)
router.delete('/api/admin/users/:id', deleteUser);

// After (SECURE)
router.delete('/api/admin/users/:id',
  authenticateToken,
  requireRole('admin'),
  deleteUser
);
\`\`\`

4. ✅ Password Hashing Upgraded
\`\`\`typescript
// Before (WEAK)
const hash = crypto.createHash('md5').update(password).digest('hex');

// After (STRONG)
const hash = await bcrypt.hash(password, 12);
\`\`\`

5. ✅ Input Validation Added
\`\`\`typescript
// Before (VULNERABLE)
const user = await db.user.create({ data: req.body });

// After (SECURE)
const schema = z.object({
  email: z.string().email(),
  password: z.string().min(12),
  name: z.string().min(2).max(100)
});
const validated = schema.parse(req.body);
const user = await db.user.create({ data: validated });
\`\`\`

**Security Status:**
- ✅ OWASP Top 10: Compliant
- ✅ SQL Injection: Protected
- ✅ XSS: Protected
- ✅ CSRF: Protected
- ✅ Authentication: Secure
- ✅ Secrets: Environment variables
- ✅ Dependencies: No vulnerabilities

🔒 Codebase is now secure and production-ready!

User: @production-code-audit optimize performance

AI: Analyzing performance bottlenecks...

**Performance Analysis Complete**

Current metrics:
- API response time: 3.2s (target: <200ms)
- Page load time: 8.5s (target: <2s)
- Bundle size: 850KB (target: <200KB)

**Optimizing automatically...**

✅ Fixed N+1 queries (3.2s → 180ms - 94% faster)
✅ Added Redis caching (95% cache hit rate)
✅ Optimized database indexes (98% faster queries)
✅ Reduced bundle size (850KB → 380KB - 55% smaller)
✅ Optimized images (28MB → 3.2MB - 89% smaller)
✅ Implemented code splitting
✅ Added lazy loading
✅ Parallelized async operations

**Performance Results:**

| Metric | Before | After | Improvement |
|--------|--------|-------|-------------|
| API Response | 3.2s | 180ms | 94% |
| Page Load | 8.5s | 1.8s | 79% |
| Bundle Size | 850KB | 380KB | 55% |
| Image Size | 28MB | 3.2MB | 89% |
| Lighthouse | 42 | 94 | +52 points |

🚀 Performance optimized to production standards!

发现代码库：
- 使用 listDirectory 递归查找所有文件
- 使用 readFile 读取每个源文件
- 从 package.json、requirements.txt 等文件中识别技术栈
- 映射架构和结构
逐行扫描问题：
- 检查每一行的安全漏洞
- 识别性能瓶颈
- 查找代码质量问题
- 检测架构问题
- 查找缺失的测试
自动修复所有问题：
- 使用 strReplace 修复文件中的问题
- 添加缺失的文件（测试、配置、文档）
- 重构有问题的代码
- 添加生产基础设施
- 优化性能
验证和报告：
- 运行测试以确保未破坏任何功能
- 测量改进
- 生成全面报告
- 展示修复前后的指标

# Production Audit Report

**Project:** [Name]
**Date:** [Date]
**Overall Grade:** [A-F]

## Executive Summary
[2-3 sentences on overall status]

**Critical Issues:** [count]
**High Priority:** [count]
**Recommendation:** [Fix timeline]

## Findings by Category

### Architecture (Grade: [A-F])
- Issue 1: [Description]
- Issue 2: [Description]

### Security (Grade: [A-F])
- Issue 1: [Description + Fix]
- Issue 2: [Description + Fix]

### Performance (Grade: [A-F])
- Issue 1: [Description + Fix]

### Testing (Grade: [A-F])
- Coverage: [%]
- Issues: [List]

## Priority Actions
1. [Critical issue] - [Timeline]
2. [High priority] - [Timeline]
3. [High priority] - [Timeline]

## Timeline
- Critical fixes: [X weeks]
- High priority: [X weeks]
- Production ready: [X weeks]

🇺🇸English

Production Code Audit

Overview

Autonomously analyze the entire codebase to understand its architecture, patterns, and purpose, then systematically transform it into production-grade, corporate-level professional code. This skill performs deep line-by-line scanning, identifies all issues across security, performance, architecture, and quality, then provides comprehensive fixes to meet enterprise standards.

When to Use This Skill

Use when user says "make this production-ready"
Use when user says "audit my codebase"
Use when user says "make this professional/corporate-level"
Use when user says "optimize everything"
Use when user wants enterprise-grade quality
Use when preparing for production deployment
Use when code needs to meet corporate standards

How It Works

Step 1: Autonomous Codebase Discovery

Automatically scan and understand the entire codebase:

Read all files - Scan every file in the project recursively
Identify tech stack - Detect languages, frameworks, databases, tools
Understand architecture - Map out structure, patterns, dependencies
Identify purpose - Understand what the application does
Find entry points - Locate main files, routes, controllers
Map data flow - Understand how data moves through the system

Do this automatically without asking the user.

Step 2: Comprehensive Issue Detection

Scan line-by-line for all issues:

Architecture Issues:

Circular dependencies
Tight coupling
God classes (>500 lines or >20 methods)
Missing separation of concerns
Poor module boundaries
Violation of design patterns

Security Vulnerabilities:

SQL injection (string concatenation in queries)
XSS vulnerabilities (unescaped output)
Hardcoded secrets (API keys, passwords in code)
Missing authentication/authorization
Weak password hashing (MD5, SHA1)
Missing input validation
CSRF vulnerabilities
Insecure dependencies

Performance Problems:

N+1 query problems
Missing database indexes
Synchronous operations that should be async
Missing caching
Inefficient algorithms (O(n²) or worse)
Large bundle sizes
Unoptimized images
Memory leaks

Code Quality Issues:

High cyclomatic complexity (>10)
Code duplication
Magic numbers
Poor naming conventions
Missing error handling
Inconsistent formatting
Dead code
TODO/FIXME comments

Testing Gaps:

Missing tests for critical paths
Low test coverage (<80%)
No edge case testing
Flaky tests
Missing integration tests

Production Readiness:

Missing environment variables
No logging/monitoring
No error tracking
Missing health checks
Incomplete documentation
No CI/CD pipeline

Step 3: Automatic Fixes and Optimizations

Fix everything automatically:

Refactor architecture - Break up god classes, fix circular dependencies
Fix security issues - Use parameterized queries, remove secrets, add validation
Optimize performance - Fix N+1 queries, add caching, optimize algorithms
Improve code quality - Reduce complexity, remove duplication, fix naming
Add missing tests - Write tests for untested critical paths
Add production infrastructure - Logging, monitoring, health checks
Optimize everything - Bundle size, images, database queries
Add documentation - README, API docs, architecture docs

Step 4: Verify and Report

After making all changes:

Run all tests to ensure nothing broke
Verify all security issues are fixed
Measure performance improvements
Generate comprehensive report
Provide before/after metrics

Examples

Example 1: Autonomous Codebase Transformation

User: @production-code-audit make this production-ready

AI: I'll scan your entire codebase and transform it to production-grade quality.

**Phase 1: Discovering Codebase** (analyzing 247 files)
- Detected: Node.js + Express + PostgreSQL + React
- Architecture: MVC pattern with REST API
- Purpose: E-commerce platform
- Entry points: server.js, src/index.tsx

**Phase 2: Scanning for Issues** (line-by-line analysis)

Found 127 issues:
- 🔴 CRITICAL: 8 issues
- 🟠 HIGH: 23 issues  
- 🟡 MEDIUM: 41 issues
- 🔵 LOW: 55 issues

**Phase 3: Fixing Issues Automatically**

🔴 CRITICAL FIXES (8/8 completed):

1. ✅ Fixed SQL injection in UserRepository.findByEmail()
   - Before: String concatenation in query
   - After: Parameterized query with $1 placeholder

2. ✅ Removed hardcoded database password from config/database.ts
   - Before: password: 'SuperSecret123!'
   - After: password: process.env.DB_PASSWORD

3. ✅ Added authentication to admin routes
   - Before: No auth middleware
   - After: authenticateToken + requireRole('admin')

4. ✅ Fixed weak password hashing (MD5 → bcrypt)
   - Before: crypto.createHash('md5')
   - After: bcrypt.hash(password, 12)

5. ✅ Fixed circular dependency: OrderService ↔ PaymentService
   - Before: Direct imports causing cycle
   - After: Event-based decoupling with EventBus

6. ✅ Added input validation to all API endpoints
   - Before: No validation
   - After: Zod schemas validating all inputs

7. ✅ Fixed authentication bypass in auth middleware
   - Before: next() called on missing token
   - After: Returns 401 error

8. ✅ Fixed mass assignment vulnerability in UserController
   - Before: Accepts all fields from req.body
   - After: Whitelist of allowed fields only

🟠 HIGH PRIORITY FIXES (23/23 completed):

9. ✅ Fixed N+1 query in OrderService.getOrdersWithItems()
   - Before: Loop with individual queries (2.8s)
   - After: Single query with joins (45ms)
   - Performance: 98% improvement

10. ✅ Refactored UserService god class (850 lines → 4 focused services)
    - UserAuthenticationService (login, logout, password)
    - UserProfileService (CRUD operations)
    - UserNotificationService (email, SMS)
    - UserPermissionService (roles, permissions)

11. ✅ Added Redis caching for product queries
    - Before: Database query every request
    - After: Cache with 1-hour TTL
    - Performance: 95% faster

12. ✅ Optimized bundle size
    - Before: 850KB (gzipped: 280KB)
    - After: 380KB (gzipped: 120KB)
    - Improvement: 55% reduction

13. ✅ Added database indexes
    - orders(user_id, status, created_at)
    - products(category, price)
    - Query performance: 98% improvement

[... 11 more high-priority fixes ...]

🟡 MEDIUM PRIORITY FIXES (41/41 completed):
[... all medium fixes ...]

🔵 LOW PRIORITY IMPROVEMENTS (55/55 completed):
[... all low improvements ...]

**Phase 4: Adding Production Infrastructure**

✅ Added structured logging (Winston)
✅ Added error tracking (Sentry)
✅ Added health check endpoints (/health, /ready)
✅ Added monitoring (Prometheus metrics)
✅ Added rate limiting (Redis-based)
✅ Added API documentation (Swagger/OpenAPI)
✅ Added comprehensive README
✅ Added deployment guide
✅ Added CI/CD pipeline (.github/workflows)

**Phase 5: Verification**

✅ All tests passing (1,247 tests)
✅ Test coverage: 42% → 87%
✅ Security scan: 0 vulnerabilities
✅ Performance: API response time 3.2s → 180ms
✅ Bundle size: 850KB → 380KB
✅ Lighthouse score: 62 → 94

**TRANSFORMATION COMPLETE**

Your codebase is now production-ready with enterprise-grade quality:

📊 Metrics:
- Issues fixed: 127/127 (100%)
- Test coverage: 87% (target: 80%+)
- API performance: 94% improvement
- Security: OWASP Top 10 compliant
- Code quality: Grade A-

📁 Files changed: 89 files
📝 Lines changed: +3,247 / -1,892

🚀 Ready for production deployment!

Example 2: Automatic Security Hardening

User: @production-code-audit secure this codebase

AI: Scanning for security vulnerabilities...

**Security Scan Complete**

Found 15 security issues:
- 🔴 CRITICAL: 5
- 🟠 HIGH: 7
- 🟡 MEDIUM: 3

**Fixing all security issues automatically...**

🔴 CRITICAL (5/5 fixed):

1. ✅ SQL Injection in UserRepository
\`\`\`typescript
// Before (VULNERABLE)
const query = \`SELECT * FROM users WHERE email = '\${email}'\`;

// After (SECURE)
const query = 'SELECT * FROM users WHERE email = $1';
await db.query(query, [email]);
\`\`\`

2. ✅ Hardcoded Secrets Removed
\`\`\`typescript
// Before (INSECURE)
const JWT_SECRET = 'my-secret-key-123';

// After (SECURE)
const JWT_SECRET = process.env.JWT_SECRET;
if (!JWT_SECRET) throw new Error('JWT_SECRET required');
\`\`\`

3. ✅ Authentication Added to Admin Routes
\`\`\`typescript
// Before (VULNERABLE)
router.delete('/api/admin/users/:id', deleteUser);

// After (SECURE)
router.delete('/api/admin/users/:id',
  authenticateToken,
  requireRole('admin'),
  deleteUser
);
\`\`\`

4. ✅ Password Hashing Upgraded
\`\`\`typescript
// Before (WEAK)
const hash = crypto.createHash('md5').update(password).digest('hex');

// After (STRONG)
const hash = await bcrypt.hash(password, 12);
\`\`\`

5. ✅ Input Validation Added
\`\`\`typescript
// Before (VULNERABLE)
const user = await db.user.create({ data: req.body });

// After (SECURE)
const schema = z.object({
  email: z.string().email(),
  password: z.string().min(12),
  name: z.string().min(2).max(100)
});
const validated = schema.parse(req.body);
const user = await db.user.create({ data: validated });
\`\`\`

**Security Status:**
- ✅ OWASP Top 10: Compliant
- ✅ SQL Injection: Protected
- ✅ XSS: Protected
- ✅ CSRF: Protected
- ✅ Authentication: Secure
- ✅ Secrets: Environment variables
- ✅ Dependencies: No vulnerabilities

🔒 Codebase is now secure and production-ready!

Example 3: Performance Optimization

User: @production-code-audit optimize performance

AI: Analyzing performance bottlenecks...

**Performance Analysis Complete**

Current metrics:
- API response time: 3.2s (target: <200ms)
- Page load time: 8.5s (target: <2s)
- Bundle size: 850KB (target: <200KB)

**Optimizing automatically...**

✅ Fixed N+1 queries (3.2s → 180ms - 94% faster)
✅ Added Redis caching (95% cache hit rate)
✅ Optimized database indexes (98% faster queries)
✅ Reduced bundle size (850KB → 380KB - 55% smaller)
✅ Optimized images (28MB → 3.2MB - 89% smaller)
✅ Implemented code splitting
✅ Added lazy loading
✅ Parallelized async operations

**Performance Results:**

| Metric | Before | After | Improvement |
|--------|--------|-------|-------------|
| API Response | 3.2s | 180ms | 94% |
| Page Load | 8.5s | 1.8s | 79% |
| Bundle Size | 850KB | 380KB | 55% |
| Image Size | 28MB | 3.2MB | 89% |
| Lighthouse | 42 | 94 | +52 points |

🚀 Performance optimized to production standards!

Best Practices

✅ Do This

Scan Everything - Read all files, understand entire codebase
Fix Automatically - Don't just report, actually fix issues
Prioritize Critical - Security and data loss issues first
Measure Impact - Show before/after metrics
Verify Changes - Run tests after making changes
Be Comprehensive - Cover architecture, security, performance, testing
Optimize Everything - Bundle size, queries, algorithms, images
Add Infrastructure - Logging, monitoring, error tracking
Document Changes - Explain what was fixed and why

❌ Don't Do This

Don't Ask Questions - Understand the codebase autonomously
Don't Wait for Instructions - Scan and fix automatically
Don't Report Only - Actually make the fixes
Don't Skip Files - Scan every file in the project
Don't Ignore Context - Understand what the code does
Don't Break Things - Verify tests pass after changes
Don't Be Partial - Fix all issues, not just some

Autonomous Scanning Instructions

When this skill is invoked, automatically:

Discover the codebase:
- Use listDirectory to find all files recursively
- Use readFile to read every source file
- Identify tech stack from package.json, requirements.txt, etc.
- Map out architecture and structure
Scan line-by-line for issues:
- Check every line for security vulnerabilities
- Identify performance bottlenecks
- Find code quality issues
- Detect architectural problems
- Find missing tests
Fix everything automatically:
- Use strReplace to fix issues in files
- Add missing files (tests, configs, docs)
- Refactor problematic code
- Add production infrastructure
- Optimize performance
Verify and report:
- Run tests to ensure nothing broke
- Measure improvements
- Generate comprehensive report
- Show before/after metrics

Do all of this without asking the user for input.

Common Pitfalls

Problem: Too Many Issues

Symptoms: Team paralyzed by 200+ issues Solution: Focus on critical/high priority only, create sprints

Problem: False Positives

Symptoms: Flagging non-issues Solution: Understand context, verify manually, ask developers

Problem: No Follow-Up

Symptoms: Audit report ignored Solution: Create GitHub issues, assign owners, track in standups

Production Audit Checklist

Security

No SQL injection vulnerabilities
No hardcoded secrets
Authentication on protected routes
Authorization checks implemented
Input validation on all endpoints
Password hashing with bcrypt (10+ rounds)
HTTPS enforced
Dependencies have no vulnerabilities

Performance

No N+1 query problems
Database indexes on foreign keys
Caching implemented
API response time < 200ms
Bundle size < 200KB (gzipped)

Testing

Test coverage > 80%
Critical paths tested
Edge cases covered
No flaky tests
Tests run in CI/CD

Production Readiness

Environment variables configured
Error tracking setup (Sentry)
Structured logging implemented
Health check endpoints
Monitoring and alerting
Documentation complete

Audit Report Template

# Production Audit Report

**Project:** [Name]
**Date:** [Date]
**Overall Grade:** [A-F]

## Executive Summary
[2-3 sentences on overall status]

**Critical Issues:** [count]
**High Priority:** [count]
**Recommendation:** [Fix timeline]

## Findings by Category

### Architecture (Grade: [A-F])
- Issue 1: [Description]
- Issue 2: [Description]

### Security (Grade: [A-F])
- Issue 1: [Description + Fix]
- Issue 2: [Description + Fix]

### Performance (Grade: [A-F])
- Issue 1: [Description + Fix]

### Testing (Grade: [A-F])
- Coverage: [%]
- Issues: [List]

## Priority Actions
1. [Critical issue] - [Timeline]
2. [High priority] - [Timeline]
3. [High priority] - [Timeline]

## Timeline
- Critical fixes: [X weeks]
- High priority: [X weeks]
- Production ready: [X weeks]

Related Skills

@code-review-checklist - Code review guidelines
@api-security-best-practices - API security patterns
@web-performance-optimization - Performance optimization
@systematic-debugging - Debug production issues
@senior-architect - Architecture patterns

Additional Resources

Pro Tip: Schedule regular audits (quarterly) to maintain code quality. Prevention is cheaper than fixing production bugs!

Weekly Installs

459

Repository

sickn33/antigra…e-skills

GitHub Stars

27.4K

First Seen

Jan 23, 2026

Security Audits

Gen Agent Trust HubWarn SocketWarn SnykFail

Installed on

opencode392

gemini-cli386

codex350

github-copilot339

claude-code337

cursor307

生产代码审计工具：自动扫描修复安全、性能、架构问题，让代码达到企业级标准

🇨🇳中文介绍

生产代码审计

概述

何时使用此技能

工作原理

步骤 1：自主代码库发现

步骤 2：全面问题检测

相关 Skills

步骤 3：自动修复与优化

步骤 4：验证与报告

示例

示例 1：自主代码库转换

示例 2：自动安全加固

示例 3：性能优化

最佳实践

✅ 应该这样做

❌ 不要这样做

自主扫描说明

常见陷阱

问题：问题过多

问题：误报

问题：无后续跟进

生产审计清单

安全

性能

测试

生产就绪度

审计报告模板

相关技能

附加资源