review_skill

This skill audits a repository for openness, scanning secrets, docs, licenses, and metadata to prepare a public release.
  • JavaScript

30

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

3 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill 2389-research/claude-plugins --skill review

  • SKILL.md5.4 KB

Overview

This skill audits a repository for openness before a public release. It focuses on secrets, personal data, licensing, documentation, gitignore, CI/CD, and metadata gaps. Run it any time; it is re-runnable and produces prioritized findings with an offer to fix items.

How this skill works

I detect the project ecosystem from top-level files (package.json, pyproject.toml, Cargo.toml, go.mod, etc.) and run targeted checks. I scan for leaked secrets, committed sensitive files, personal info, license mismatches, missing docs, gitignore gaps, CI absence, and incomplete metadata. Findings are grouped by severity (Critical, Recommended, Nice-to-have) with concise explanations and an offer to remediate.

When to use it

  • Before making a repository public or transferring ownership
  • When preparing a release or open-source contribution
  • After adding new credentials, services, or CI configs
  • When auditing third-party or forked code before publishing

Best practices

  • Run the audit early and re-run after significant merges
  • Mark each checklist item in_progress before scanning and completed after
  • Keep .env and secret files out of the repo and ensure .gitignore excludes them
  • Maintain a clear LICENSE and keep package metadata consistent with it
  • Include README install/usage and add CONTRIBUTING.md and SECURITY.md for external contributors

Example use cases

  • Scan a Node.js project for committed .env or API keys before public release
  • Verify license consistency across LICENSE, package.json, and README
  • Check that .gitignore covers node_modules, .env, and build artifacts for the detected ecosystem
  • Validate presence of CI workflows or recommend adding basic CI and Dependabot config
  • Identify hardcoded emails or usernames that should be removed or replaced

FAQ

I search for common patterns like sk_live/sk_test, ghp_, AKIA, api_key, token=, password=, private key headers, .env files, and credential-like filenames (.pem, .key).

Will you comment on code quality or design?

No. This audit is strictly for openness and release readiness. It does not assess error handling, architecture, performance, or style.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational