playbooks

home / skills / greyhaven-ai / claude-code-config / code-quality-analysis

code-quality-analysis skill

/grey-haven-plugins/core/skills/code-quality-analysis

This skill performs security review, clarity refactoring, and synthesis analysis to improve code quality across files and pre-deployment checks.

npx playbooks add skill greyhaven-ai/claude-code-config --skill code-quality-analysis

Review the files below or copy the command above to add this skill to your agents.

Files (5)
SKILL.md
2.0 KB
---
name: grey-haven-code-quality-analysis
description: "Multi-mode code quality analysis covering security reviews (OWASP Top 10), clarity refactoring (readability rules), and synthesis analysis (cross-file issues). Supports team-mode parallel analysis when invoked from quality-pipeline. Use when reviewing code for security vulnerabilities, improving code readability, conducting quality audits, pre-deployment checks, or when user mentions 'code quality', 'code review', 'security review', 'refactoring', 'code smell', 'OWASP', 'code clarity', or 'quality audit'."
# v2.0.43: Skills to auto-load for quality analysis subagents
skills:
  - grey-haven-code-style
  - grey-haven-security-practices
  - grey-haven-documentation-alignment
# v2.0.74: Restrict tools for analysis-focused work
allowed-tools:
  - Read
  - Grep
  - Glob
  - TodoWrite
  - Write
  - Edit
  - Task
  - Teammate
  - SendMessage
  - TaskCreate
  - TaskUpdate
  - TaskList
  - TaskGet
---

# Code Quality Analysis Skill

Multi-mode code quality specialist with security review, clarity refactoring, and synthesis analysis.

## Description

Comprehensive code quality analysis including security vulnerability detection, readability improvements, and cross-file issue synthesis.

## What's Included

- **Examples**: Security reviews, refactoring patterns, quality improvements
- **Reference**: OWASP Top 10, code smells, refactoring catalog
- **Templates**: Code review templates, security audit structures
- **Checklists**: Quality verification, security compliance

## Modes

1. **Security Review** - Find vulnerabilities (OWASP Top 10)
2. **Clarity Refactoring** - Improve readability (10 rules)
3. **Synthesis Analysis** - Cross-file issues

## Use This Skill When

- Reviewing code for security issues
- Improving code readability
- Comprehensive quality audits
- Pre-deployment checks

## Related Agents

- `code-quality-analyzer` - Automated quality analysis
- `security-analyzer` - Deep security audits

---

**Skill Version**: 1.1

Overview

This skill performs multi-mode code quality analysis focused on security, readability, and cross-file synthesis. It combines OWASP Top 10-based security checks, clarity refactoring rules, and project-wide consistency scans to surface actionable issues. It supports a team-mode parallel workflow for integration into CI quality pipelines.

How this skill works

The skill inspects code in three modes: Security Review scans for OWASP Top 10 patterns and common vulnerability classes; Clarity Refactoring applies readability rules and suggests targeted rewrites; Synthesis Analysis correlates findings across files to identify systemic or supply-chain issues. When invoked from a quality-pipeline in team-mode, analyses run in parallel and aggregate results into structured reports and checklists for reviewers.

When to use it

  • Before deployment for pre-release security and quality gating
  • During pull request reviews to supplement manual code review
  • When addressing 'code quality', 'code review', or 'security review' requests
  • For scheduled quality audits and technical debt sprints
  • When planning refactoring or eliminating code smells

Best practices

  • Run Security Review against critical services and public-facing endpoints first
  • Combine automated clarity suggestions with a human reviewer to preserve intent
  • Use Synthesis Analysis to detect cross-file misuse of credentials, APIs, or data flows
  • Integrate the skill into CI as a parallel stage and fail builds only on high-confidence issues
  • Annotate fixes with references to the checklist entry and OWASP item for traceability

Example use cases

  • Scan a microservice repo for SQL injection, XSS, and insecure deserialization risks
  • Refactor legacy modules for naming consistency, function length, and comment clarity
  • Aggregate cross-file type mismatches and API contract violations across a codebase
  • Produce a pre-deploy quality report listing security severity, readability score, and remediation steps
  • Run team-mode parallel analysis during nightly quality pipelines to distribute workload

FAQ

Which languages are supported?

Primary implementation targets Python, but the checks focus on common patterns that can apply across languages; add adapters for other languages as needed.

How are findings prioritized?

Findings are categorized by confidence and impact: high (security-critical), medium (likely defects), and low (style/readability). High-confidence security issues get top priority for remediation.