playbooks

home / skills / laurigates / claude-plugins / code-antipatterns

code-antipatterns skill

/code-quality-plugin/skills/code-antipatterns

This skill analyzes your codebase for anti-patterns using ast-grep, highlighting quality gaps and actionable fixes across languages.

npx playbooks add skill laurigates/claude-plugins --skill code-antipatterns

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
5.0 KB
---
model: opus
created: 2025-12-16
modified: 2026-02-03
reviewed: 2025-12-16
description: Analyze codebase for anti-patterns, code smells, and quality issues using ast-grep
allowed-tools: Read, Bash(sg *), Bash(rg *), Glob, Grep, TodoWrite, Task
argument-hint: "[PATH] [--focus <category>] [--severity <level>]"
name: code-antipatterns
---

## Context

- Analysis path: `$1` (defaults to current directory if not specified)
- JS/TS files: !`find . -type f \( -name "*.js" -o -name "*.ts" -o -name "*.jsx" -o -name "*.tsx" \) 2>/dev/null`
- Vue files: !`find . -name "*.vue" 2>/dev/null`
- Python files: !`find . -name "*.py" 2>/dev/null`

## Your Task

Perform comprehensive anti-pattern analysis using ast-grep and parallel agent delegation.

### Analysis Categories

Based on the detected languages, analyze for these categories:

1. **JavaScript/TypeScript Anti-patterns**
   - Callbacks, magic values, empty catch blocks, console.logs
   - var usage, deprecated patterns

2. **Async/Promise Patterns**
   - Unhandled promises, nested callbacks, missing error handling
   - Promise constructor anti-pattern

3. **Framework-Specific** (if detected)
   - **Vue 3**: Props mutation, reactivity issues, Options vs Composition API mixing
   - **React**: Missing deps in hooks, inline functions, prop drilling

4. **TypeScript Quality** (if .ts files present)
   - Excessive `any` types, non-null assertions, type safety issues

5. **Code Complexity**
   - Long functions (>50 lines), deep nesting (>4 levels), large parameter lists

6. **Security Concerns**
   - eval usage, innerHTML XSS, hardcoded secrets, injection risks

7. **Memory & Performance**
   - Event listeners without cleanup, setInterval leaks, inefficient patterns

8. **Python Anti-patterns** (if detected)
   - Mutable default arguments, bare except, global variables

### Execution Strategy

**CRITICAL: Use parallel agent delegation for efficiency.**

Launch multiple specialized agents simultaneously:

```markdown
## Agent 1: Language Detection & Setup (Explore - quick)
Detect project stack, identify file patterns, establish analysis scope

## Agent 2: JavaScript/TypeScript Analysis (code-analysis)
- Use ast-grep for structural pattern matching
- Focus on: empty catch, magic values, var usage, deprecated patterns

## Agent 3: Async/Promise Analysis (code-analysis)
- Unhandled promises, nested callbacks, floating promises
- Promise constructor anti-pattern

## Agent 4: Framework-Specific Analysis (code-analysis)
- Vue: props mutation, reactivity issues
- React: hooks dependencies, inline functions

## Agent 5: Security Analysis (security-audit)
- eval, innerHTML, hardcoded secrets, injection risks
- Use OWASP context

## Agent 6: Complexity Analysis (code-analysis)
- Function length, nesting depth, parameter counts
- Cyclomatic complexity indicators
```

### ast-grep Pattern Examples

Use these patterns during analysis:

```bash
# Empty catch blocks
ast-grep -p 'try { $$$ } catch ($E) { }' --lang js

# Magic numbers
ast-grep -p 'if ($VAR > 100)' --lang js

# Console statements
ast-grep -p 'console.log($$$)' --lang js

# var usage
ast-grep -p 'var $VAR = $$$' --lang js

# TypeScript any
ast-grep -p ': any' --lang ts
ast-grep -p 'as any' --lang ts

# Vue props mutation
ast-grep -p 'props.$PROP = $VALUE' --lang js

# Security: eval
ast-grep -p 'eval($$$)' --lang js

# Security: innerHTML
ast-grep -p '$ELEM.innerHTML = $$$' --lang js

# Python: mutable defaults
ast-grep -p 'def $FUNC($ARG=[])' --lang py
```

### Output Format

Consolidate findings into this structure:

```markdown
## Anti-pattern Analysis Report

### Summary
- Total issues: X
- Critical: X | High: X | Medium: X | Low: X
- Categories with most issues: [list]

### Critical Issues (Fix Immediately)
| File | Line | Issue | Category |
|------|------|-------|----------|
| ... | ... | ... | ... |

### High Priority Issues
| File | Line | Issue | Category |
|------|------|-------|----------|
| ... | ... | ... | ... |

### Medium Priority Issues
[Similar table]

### Low Priority / Style Issues
[Similar table or summary count]

### Recommendations
1. [Prioritized fix recommendations]
2. [...]

### Category Breakdown
- **Security**: X issues (details)
- **Async/Promises**: X issues (details)
- **Code Complexity**: X issues (details)
- [...]
```

### Optional Flags

- `--focus <category>`: Focus on specific category (security, async, complexity, framework)
- `--severity <level>`: Minimum severity to report (critical, high, medium, low)
- `--fix`: Attempt automated fixes where safe

### Post-Analysis

After consolidating findings:
1. Prioritize issues by impact and effort
2. Suggest which issues can be auto-fixed with ast-grep
3. Identify patterns that indicate systemic problems
4. Recommend process improvements (linting rules, pre-commit hooks)

## See Also

- **Skill**: `code-antipatterns-analysis` - Pattern library and detailed guidance
- **Skill**: `ast-grep-search` - ast-grep usage reference
- **Command**: `/code:review` - Comprehensive code review
- **Agent**: `security-audit` - Deep security analysis
- **Agent**: `code-refactoring` - Automated refactoring

Overview

This skill analyzes a codebase for anti-patterns, code smells, and quality issues using ast-grep and parallel agent delegation. It detects JS/TS, Vue, and Python patterns, ranks severity, and produces prioritized remediation guidance. The goal is fast, actionable findings that can be partly auto-fixed with ast-grep scripts.

How this skill works

The skill launches multiple specialized agents in parallel to speed analysis: quick project detection, JS/TS scanning, async/promise checks, framework-specific rules, security auditing, and complexity metrics. Each agent runs targeted ast-grep patterns and aggregates matches into a consolidated report with severity tiers and file locations. The output includes counts, prioritized tables, and recommendations for automated fixes and process improvements.

When to use it

  • Before major refactors to find hidden risks
  • During CI checks to surface regressions early
  • When onboarding to understand code quality hotspots
  • Prioritizing technical debt remediation sprints
  • Auditing third-party contributions or pull requests

Best practices

  • Run full analysis locally or in CI with the project path set (defaults to current directory)
  • Combine with linters and type-checkers for broader coverage
  • Treat security and uncaught-promise findings as immediate priorities
  • Use ast-grep rules as codified checks in pre-commit hooks
  • Iterate: fix high-impact items first, then re-run to confirm improvements

Example use cases

  • Detect empty catch blocks, var usage, console.log leaks across JS/TS code
  • Find unhandled promises, nested callbacks, and Promise-constructor anti-patterns
  • Spot Vue-specific issues like mutated props or mixing Options and Composition APIs
  • Flag TypeScript type-safety problems such as excessive any or non-null assertions
  • Identify Python anti-patterns: mutable defaults, bare excepts, and globals

FAQ

What languages are supported?

JavaScript, TypeScript, Vue single-file components, and Python are the primary targets for the included patterns.

How are issues prioritized?

Findings are classified into critical, high, medium, and low based on safety, runtime risk, and maintainability impact.

Can the skill auto-fix issues?

Some low-risk style fixes can be automated with ast-grep replace rules; critical fixes should be manual and reviewed.