- Home
- Skills
- Lukeslp
- Dreamer Skills
- Quality Audit
quality-audit_skill
- Python
2
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill lukeslp/dreamer-skills --skill quality-audit- SKILL.md3.2 KB
Overview
This skill runs real quality analysis tools inside a sandboxed environment and generates actionable JSON reports for a project. It executes dependency audits, security scanners, linters, accessibility checks, and performance probes rather than just offering guidelines. Reports are stored per-project for programmatic consumption and human triage.
How this skill works
The audit script auto-detects project type from manifest files (package.json, requirements.txt, Cargo.toml, go.mod) and installs missing tools as needed. It runs domain-specific tools (npm audit, pip-audit, bandit, eslint, ruff, etc.), captures structured output, and writes JSON reports to <project>/.audit-reports/. The console summary highlights PASS/WARN/FAIL and the reports include severity metadata to prioritize fixes.
When to use it
- Before a release to catch security and dependency issues
- During sprint planning to prioritize technical debt and accessibility work
- When onboarding a codebase to quickly assess health across security, deps, perf, and a11y
- For CI or periodic checks to generate reproducible, machine-readable audit reports
- When evaluating a monorepo or multiple packages (combine with parallel-run workflows)
Best practices
- Run a full audit first, then use domain flags (security, deps, perf, a11y) for targeted rechecks
- Keep .audit-reports/ under version control or upload to artifact storage for traceability
- Triage findings by severity: fix critical/exposed secrets immediately, schedule medium/low items in sprints
- Run audits in CI agents with caching for installed tools to speed repeated runs
- For large projects, split packages and run audits in parallel to reduce overall time
Example use cases
- Perform a one-off security sweep before public release and produce JSON for ticket generation
- Automate dependency health checks in CI to block builds with critical CVEs
- Audit accessibility on static HTML bundles to locate missing alt attributes, lang tags, and heading issues
- Run bundle size and file size scans to find heavy assets and large dependencies
- Integrate with a parallel-run workflow to compare health across monorepo packages
FAQ
Results are written as JSON files to <project>/.audit-reports/ for each domain and a summary is printed to the console.
Can I run only one domain of checks?
Yes. Use the --domain flag with values like security, deps, perf, or a11y to run a targeted audit.
Does the script install tools automatically?
Yes. The script attempts to install missing tools (pip3, npx, etc.) in the sandbox before running each analyzer.