What tools does this skill use for auditing?

It integrates four specialized tools: Ruff (for Python magic numbers), Semgrep (for pattern-based detection), jscpd (for copy-paste detection), and Gitleaks (for secret scanning).

Can it detect leaked API keys and passwords?

Yes, the skill uses Gitleaks to scan files for credentials, API tokens, and passwords to prevent accidental exposure in your version control system.

Is this skill limited to Python code?

While the Ruff component is specific to Python, the other tools like Semgrep, jscpd, and Gitleaks provide multi-language support for a wide range of file types.

How does it help with code refactoring?

The skill provides a detailed refactoring plan in its output, grouping related findings and suggesting where to create centralized constants to replace hardcoded values.

Code Hardcode Audit

Name: Code Hardcode Audit
Author: terrylica

byterrylica

•

安全与测试

Audits codebases for hardcoded values, magic numbers, duplicate constants, and potential secret leaks using industry-standard scanning tools.

The Code Hardcode Audit skill provides a comprehensive safety net for your codebase by integrating Ruff, Semgrep, jscpd, and Gitleaks into a unified workflow. It helps developers identify anti-patterns like magic numbers and DRY violations while simultaneously scanning for critical security risks such as hardcoded API keys or credentials. Whether you are preparing for a production release or performing routine technical debt cleanup, this skill generates actionable refactoring plans and detailed reports to help move configuration into constants and keep sensitive data out of version control.

主要功能

01Identification of duplicate code blocks and DRY violations

02Detailed refactoring plans with JSON and compiler-like text output

03Automated detection of magic numbers and hardcoded URLs or ports

04Multi-tool auditing using Ruff, Semgrep, jscpd, and Gitleaks

052 GitHub stars

06Security scanning for leaked API keys, tokens, and passwords

使用场景

01Cleaning up technical debt by identifying and merging duplicate code segments

02Conducting a pre-release security audit to ensure no secrets are committed to the repository

03Refactoring magic numbers and hardcoded strings into named constants for better maintainability

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add terrylica/cc-skills code-hardcode-audit

For use in Claude.ai and ChatGPT

主要功能

01Identification of duplicate code blocks and DRY violations

02Detailed refactoring plans with JSON and compiler-like text output

03Automated detection of magic numbers and hardcoded URLs or ports

04Multi-tool auditing using Ruff, Semgrep, jscpd, and Gitleaks

052 GitHub stars

06Security scanning for leaked API keys, tokens, and passwords

使用场景

01Cleaning up technical debt by identifying and merging duplicate code segments

02Conducting a pre-release security audit to ensure no secrets are committed to the repository

03Refactoring magic numbers and hardcoded strings into named constants for better maintainability

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add terrylica/cc-skills code-hardcode-audit

For use in Claude.ai and ChatGPT