self-audit
Dependencies
This skill requires Python 3.8+ and standard library only. No external packages needed.
To install this skill's dependencies:
pip-compile ./requirements.in
pip install -r ./requirements.txt
See ./requirements.txt for the dependency lockfile (currently empty — standard library only).
Self-Audit: Analyze the Analyzer
Run the analyze-plugin skill against the agent-plugin-analyzer itself and the test fixtures. This is a regression smoke test that verifies the analyzer produces consistent, expected results.
Execution Steps
-
Run inventory on self (security scanning is on by default):
python3 scripts/inventory_plugin.py --path plugins/agent-plugin-analyzer --format json -
Run scanner against test fixtures:
python3 scripts/inventory_plugin.py --path ./tests/gold-standard-plugin --format json python3 scripts/inventory_plugin.py --path ./tests/flawed-plugin --format json -
Validate deterministic scanner results:
Self-analysis scanner must confirm:
security_flags= [] (zero security findings in the analyzer itself)issues= [] (zero structural violations)
Gold-standard fixture scanner must confirm:
security_flags= [] (zero security findings)issues= [] (zero structural violations)warnings= [] (zero missing components)
Flawed fixture scanner must confirm:
security_flagscount ≥ 4 (network calls + env access; obfuscated credential is LLM-only)issuescount ≥ 1 (bash script violation)warningscount ≥ 2 (missing acceptance criteria + references)- See
./README.mdfor the full expected findings manifest
To run assertions programmatically:
python3 scripts/assert_audit.py --fixture flawed --json-output <path-to-scan-output.json> -
Run the full 6-phase analysis on each fixture:
tests/gold-standard-plugin/— should score maturity ≥ L2, zero Critical, at least 2 patterns identifiedtests/flawed-plugin/— LLM must additionally detect: missing README file tree, missing plugin manifest
-
Validate self-analysis (full 6-phase on the analyzer itself):
- Maturity Level ≥ L3
- Security score ≥ 4/5
- Structure score ≥ 4/5
- Pattern catalog governance model present with lifecycle states
-
Report deviations:
⚠️ SELF-AUDIT REGRESSION: [dimension] expected [X] got [Y] ✅ SELF-AUDIT PASSED: [N] scanner checks passed, [M] fixtures validated, [K] 6-phase checks passed
When to Run
- After any modification to the analyzer's own files
- Before creating a bundle for external review
- Before pattern catalog updates (to verify governance compliance)
More from richfrem/agent-plugins-skills
markdown-to-msword-converter
Converts Markdown files to one MS Word document per file using plugin-local scripts. V2 includes L5 Delegated Constraint Verification for strict binary artifact linting.
52excel-to-csv
>
32zip-bundling
Create technical ZIP bundles of code, design, and documentation for external review or context sharing. Use when you need to package multiple project files into a portable `.zip` archive instead of a single Markdown file.
29learning-loop
(Industry standard: Loop Agent / Single Agent) Primary Use Case: Self-contained research, content generation, and exploration where no inner delegation is required. Self-directed research and knowledge capture loop. Use when: starting a session (Orientation), performing research (Synthesis), or closing a session (Seal, Persist, Retrospective). Ensures knowledge survives across isolated agent sessions.
26ollama-launch
Start and verify the local Ollama LLM server. Use when Ollama is needed for RLM distillation, seal snapshots, embeddings, or any local LLM inference — and it's not already running. Checks if Ollama is running, starts it if not, and verifies the health endpoint.
26spec-kitty-checklist
A standard Spec-Kitty workflow routine.
26