healthcheck
Installation
SKILL.md
Health Check & Security Audit
Overview
Audit the development environment and project for security issues, misconfigurations, and best practices compliance.
Safety
- Require explicit approval before any state-changing action.
- Prefer reversible changes with a rollback plan.
- Never modify SSH, firewall, or auth configs without confirmation.
Workflow
1. Environment Check
buddy doctor # Run Code Buddy diagnostics
2. Project Security Scan
Dependencies
npm audit # Check for known vulnerabilities
npm outdated # Find outdated packages
npx license-checker --summary # Check license compliance
Secrets Detection
# Check for hardcoded secrets
rg -i "(api_key|apikey|secret|password|token)\s*[:=]" src/ --type ts --type js
rg -i "-----BEGIN.*PRIVATE KEY" .
# Check .env is gitignored
git check-ignore .env
Code Quality
npm run lint # Linting issues
npx tsc --noEmit # Type errors
npm test # Test suite
3. Git Security
# Check for large files in history
git rev-list --objects --all | git cat-file --batch-check='%(objecttype) %(objectname) %(objectsize) %(rest)' | sort -k3 -n -r | head -20
# Check for sensitive files tracked
git ls-files | rg -i '(\.env|\.pem|\.key|credentials|secret)'
# Verify .gitignore covers sensitive patterns
cat .gitignore | rg '(\.env|node_modules|dist|\.key|\.pem)'
4. Production Readiness
- Environment variables documented in
.env.example - No
console.logdebugging left in production code - Error handling on all external API calls
- Rate limiting on public endpoints
- CORS configured explicitly (not
*) - Authentication on sensitive routes
- Input validation at system boundaries
- Dependencies pinned or lockfile committed
Output Format
## Security Audit Report
### Environment: OK / WARN / FAIL
- Node.js: v22.x ✅
- Dependencies: 2 vulnerabilities ⚠️
- ...
### Secrets: OK / WARN / FAIL
- No hardcoded secrets found ✅
- .env is gitignored ✅
- ...
### Code Quality: OK / WARN / FAIL
- Lint: 0 errors ✅
- Types: 0 errors ✅
- Tests: 45 passing ✅
### Recommendations
1. Fix 2 moderate npm vulnerabilities: `npm audit fix`
2. ...
Related skills
More from phuetz/code-buddy
blender
Blender 3D modeling, animation, and rendering automation via Python bpy scripting and CLI
19figma
Automate Figma design workflows via REST API, Plugin API, and MCP integration
3github
Interact with GitHub using the gh CLI for issues, PRs, CI runs, releases, and API queries
3gif-search
Search and download GIFs from Tenor and Giphy APIs
3ableton-live
Ableton Live music production automation via OSC protocol, MIDI, and Max for Live
3gitlab
GitLab DevOps platform with CI/CD pipelines, API automation, and glab CLI control
3