code-hardcode-audit
40
总安装量
14
周安装量
#9463
全站排名
安装命令
npx skills add https://github.com/terrylica/cc-skills --skill code-hardcode-audit
Agent 安装分布
claude-code
12
opencode
10
codex
7
gemini-cli
7
antigravity
7
cursor
7
Skill 文档
Code Hardcode Audit
When to Use This Skill
Use this skill when the user mentions:
- “hardcoded values”, “hardcodes”, “magic numbers”
- “constant detection”, “find constants”
- “duplicate constants”, “DRY violations”
- “code audit”, “hardcode audit”
- “PLR2004”, “semgrep”, “jscpd”, “gitleaks”
- “secret scanning”, “leaked secrets”, “API keys”
- “passwords in code”, “credential leaks”
Quick Start
# Full audit (all tools, both outputs)
uv run --script scripts/audit_hardcodes.py -- src/
# Python magic numbers only (fastest)
uv run --script scripts/run_ruff_plr.py -- src/
# Pattern-based detection (URLs, ports, paths)
uv run --script scripts/run_semgrep.py -- src/
# Copy-paste detection
uv run --script scripts/run_jscpd.py -- src/
# Secret scanning (API keys, tokens, passwords)
uv run --script scripts/run_gitleaks.py -- src/
Tool Overview
| Tool | Detection Focus | Language Support | Speed |
|---|---|---|---|
| Ruff PLR2004 | Magic value comparisons | Python | Fast |
| Semgrep | URLs, ports, paths, credentials | Multi-language | Medium |
| jscpd | Duplicate code blocks | Multi-language | Slow |
| gitleaks | Secrets, API keys, passwords | Any (file-based) | Fast |
Output Formats
JSON (–output json)
{
"summary": {
"total_findings": 42,
"by_tool": { "ruff": 15, "semgrep": 20, "jscpd": 7 },
"by_severity": { "high": 5, "medium": 25, "low": 12 }
},
"findings": [
{
"id": "MAGIC-001",
"tool": "ruff",
"rule": "PLR2004",
"file": "src/config.py",
"line": 42,
"column": 8,
"message": "Magic value used in comparison: 8123",
"severity": "medium",
"suggested_fix": "Extract to named constant"
}
],
"refactoring_plan": [
{
"priority": 1,
"action": "Create constants/ports.py",
"finding_ids": ["MAGIC-001", "MAGIC-003"]
}
]
}
Compiler-like Text (–output text)
src/config.py:42:8: PLR2004 Magic value used in comparison: 8123 [ruff]
src/probe.py:15:1: hardcoded-url Hardcoded URL detected [semgrep]
src/client.py:20-35: Clone detected (16 lines, 95% similarity) [jscpd]
Summary: 42 findings (ruff: 15, semgrep: 20, jscpd: 7)
CLI Options
--output {json,text,both} Output format (default: both)
--tools {all,ruff,semgrep,jscpd,gitleaks} Tools to run (default: all)
--severity {all,high,medium,low} Filter by severity (default: all)
--exclude PATTERN Glob pattern to exclude (repeatable)
--parallel Run tools in parallel (default: true)
References
- Tool Comparison – Detailed tool capabilities
- Output Schema – JSON schema specification
- Troubleshooting – Common issues and fixes
Related
- ADR-0046: Semantic Constants Abstraction
- ADR-0047: Code Hardcode Audit Skill
code-clone-assistant– PMD CPD-based clone detection (DRY focus)
Troubleshooting
| Issue | Cause | Solution |
|---|---|---|
| Ruff PLR2004 not found | Ruff not installed or old | uv tool install ruff or upgrade |
| Semgrep timeout | Large codebase scan | Use --exclude to limit scope |
| jscpd memory error | Too many files | Increase Node heap: NODE_OPTIONS=--max-old-space-size=4096 |
| gitleaks false positives | Test data flagged | Add patterns to .gitleaks.toml allowlist |
| No findings in output | Wrong directory specified | Verify path exists and contains source files |
| JSON parse error | Tool output malformed | Run tool individually with --output text |
| Missing tool in PATH | Tool not installed globally | Install via mise, homebrew, or npm |
| Severity filter empty | No findings at that level | Use --severity all to see all findings |