What tools does this skill use for auditing?

It integrates four specialized tools: Ruff (for Python magic numbers), Semgrep (for pattern-based detection), jscpd (for copy-paste detection), and Gitleaks (for secret scanning).

Can it detect leaked API keys and passwords?

Yes, the skill uses Gitleaks to scan files for credentials, API tokens, and passwords to prevent accidental exposure in your version control system.

Is this skill limited to Python code?

While the Ruff component is specific to Python, the other tools like Semgrep, jscpd, and Gitleaks provide multi-language support for a wide range of file types.

How does it help with code refactoring?

The skill provides a detailed refactoring plan in its output, grouping related findings and suggesting where to create centralized constants to replace hardcoded values.

Code Hardcode Audit

Name: Code Hardcode Audit
Author: terrylica

byterrylica

•

Seguridad y Pruebas

Audits codebases for hardcoded values, magic numbers, duplicate constants, and potential secret leaks using industry-standard scanning tools.

Acerca de

The Code Hardcode Audit skill provides a comprehensive safety net for your codebase by integrating Ruff, Semgrep, jscpd, and Gitleaks into a unified workflow. It helps developers identify anti-patterns like magic numbers and DRY violations while simultaneously scanning for critical security risks such as hardcoded API keys or credentials. Whether you are preparing for a production release or performing routine technical debt cleanup, this skill generates actionable refactoring plans and detailed reports to help move configuration into constants and keep sensitive data out of version control.

Características Principales

Identification of duplicate code blocks and DRY violations
Detailed refactoring plans with JSON and compiler-like text output
Automated detection of magic numbers and hardcoded URLs or ports
Multi-tool auditing using Ruff, Semgrep, jscpd, and Gitleaks
2 GitHub stars
Security scanning for leaked API keys, tokens, and passwords

Casos de Uso

Cleaning up technical debt by identifying and merging duplicate code segments
Conducting a pre-release security audit to ensure no secrets are committed to the repository
Refactoring magic numbers and hardcoded strings into named constants for better maintainability

Acerca de

Características Principales

Identification of duplicate code blocks and DRY violations
Detailed refactoring plans with JSON and compiler-like text output
Automated detection of magic numbers and hardcoded URLs or ports
Multi-tool auditing using Ruff, Semgrep, jscpd, and Gitleaks
2 GitHub stars
Security scanning for leaked API keys, tokens, and passwords

Casos de Uso

Cleaning up technical debt by identifying and merging duplicate code segments
Conducting a pre-release security audit to ensure no secrets are committed to the repository
Refactoring magic numbers and hardcoded strings into named constants for better maintainability