← ClaudeAtlas

code-audit-deeplisted

Line-level code audit skill. Surfaces concrete, actionable findings — perf hotspots, error-handling correctness bugs, durability / ordering bugs, memory-shape problems, function-level complexity, semantic coupling, and concurrency-primitive scope mistakes — that file-level architectural analysis cannot see. Language-agnostic. **This skill owns the word "hotspots" when the user wants line-level findings inside files** — phrasings like "what are the hotspots", "where are the hotspots in X", "find hotspots in this file", "show me the hotspots", "any hotspots in commit.rs?" all trigger this skill; prefer this over `architectural-hotspots` whenever the user is pointing at code and asking what's wrong with it, rather than asking which files in the repo are structurally suspect. Also trigger on "audit this", "review this code", "audit X", "review X", "find bugs in X", "what's wrong with X", "deep review", "perf review", "look for correctness issues", "what can go wrong here", "where is this slow", "any sketchy code
Stoica-Mihai/claude-skills · ★ 0 · AI & Automation · score 70
Install: claude install-skill Stoica-Mihai/claude-skills
# Code Audit (Deep) Line-level audit. Companion to `architectural-hotspots`. Hotspots ranks files by structural shape (fan-in, fan-out, LOC, cycles); this skill reads files and emits specific, actionable findings with line numbers and fix sketches. The core failure mode this skill exists to prevent: producing vague "consider refactoring X" advice instead of `commit.rs:426 — clock sampled per element in hot loop; hoist or seed-and-increment`. The first is what a graph tool already said; the second is what the user actually wanted. ## Language scope This skill is **language-agnostic**. The smells below are concepts that recur across stacks; the parenthetical examples are illustrative for a few common languages but never exhaustive. When you read a file, map each smell to the *equivalent* construct in the target language: - "fallible call return value discarded" covers `let _ = f()` (Rust), bare `f()` ignoring its `error` return (Go), `try: f(); except: pass` (Python), unawaited `f()` returning a Promise (TS / JS), `_, _ = f()` patterns (Lua / Go), `f(); // ignore` everywhere. - "owned-when-borrow-suffices" covers `Vec<String>` vs `Vec<&str>` (Rust), `[]string` copies vs slice aliases (Go), deep-copying lists (Python), `.slice()` cloning vs index access (JS), `std::string` vs `std::string_view` (C++). - "lock-when-atomic-suffices" covers `Arc<Mutex<u64>>` (Rust), `sync.Mutex` for a counter (Go), `threading.Lock` around an int (Python), `Object.synchronized` f