← Back to list
code-hardcode-audit
by terrylica
Claude Code Skills Marketplace: plugins, skills for ADR-driven development, DevOps automation, ClickHouse management, semantic versioning, and productivity workflows
⭐ 7🍴 1📅 Jan 24, 2026
Run in ManusSKILL.md
name: code-hardcode-audit description: Detects hardcoded values, magic numbers, duplicate constants, and leaked secrets using Ruff, Semgrep, jscpd, and gitleaks. Use when auditing for hardcodes, magic numbers, PLR2004, constant detection, secret scanning, or before release. allowed-tools: Bash, Read, Write, Glob, Grep
Code Hardcode Audit
When to Use This Skill
Use this skill when the user mentions:
- "hardcoded values", "hardcodes", "magic numbers"
- "constant detection", "find constants"
- "duplicate constants", "DRY violations"
- "code audit", "hardcode audit"
- "PLR2004", "semgrep", "jscpd", "gitleaks"
- "secret scanning", "leaked secrets", "API keys"
- "passwords in code", "credential leaks"
Quick Start
# Full audit (all tools, both outputs)
uv run --script scripts/audit_hardcodes.py -- src/
# Python magic numbers only (fastest)
uv run --script scripts/run_ruff_plr.py -- src/
# Pattern-based detection (URLs, ports, paths)
uv run --script scripts/run_semgrep.py -- src/
# Copy-paste detection
uv run --script scripts/run_jscpd.py -- src/
# Secret scanning (API keys, tokens, passwords)
uv run --script scripts/run_gitleaks.py -- src/
Tool Overview
| Tool | Detection Focus | Language Support | Speed |
|---|---|---|---|
| Ruff PLR2004 | Magic value comparisons | Python | Fast |
| Semgrep | URLs, ports, paths, credentials | Multi-language | Medium |
| jscpd | Duplicate code blocks | Multi-language | Slow |
| gitleaks | Secrets, API keys, passwords | Any (file-based) | Fast |
Output Formats
JSON (--output json)
{
"summary": {
"total_findings": 42,
"by_tool": { "ruff": 15, "semgrep": 20, "jscpd": 7 },
"by_severity": { "high": 5, "medium": 25, "low": 12 }
},
"findings": [
{
"id": "MAGIC-001",
"tool": "ruff",
"rule": "PLR2004",
"file": "src/config.py",
"line": 42,
"column": 8,
"message": "Magic value used in comparison: 8123",
"severity": "medium",
"suggested_fix": "Extract to named constant"
}
],
"refactoring_plan": [
{
"priority": 1,
"action": "Create constants/ports.py",
"finding_ids": ["MAGIC-001", "MAGIC-003"]
}
]
}
Compiler-like Text (--output text)
src/config.py:42:8: PLR2004 Magic value used in comparison: 8123 [ruff]
src/probe.py:15:1: hardcoded-url Hardcoded URL detected [semgrep]
src/client.py:20-35: Clone detected (16 lines, 95% similarity) [jscpd]
Summary: 42 findings (ruff: 15, semgrep: 20, jscpd: 7)
CLI Options
--output {json,text,both} Output format (default: both)
--tools {all,ruff,semgrep,jscpd,gitleaks} Tools to run (default: all)
--severity {all,high,medium,low} Filter by severity (default: all)
--exclude PATTERN Glob pattern to exclude (repeatable)
--parallel Run tools in parallel (default: true)
References
- Tool Comparison - Detailed tool capabilities
- Output Schema - JSON schema specification
- Troubleshooting - Common issues and fixes
Related
- ADR-0046: Semantic Constants Abstraction
- ADR-0047: Code Hardcode Audit Skill
code-clone-assistant- PMD CPD-based clone detection (DRY focus)
Score
Total Score
65/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
○LICENSE
ライセンスが設定されている
0/10
✓説明文
100文字以上の説明がある
+10
○人気
GitHub Stars 100以上
0/15
✓最近の活動
1ヶ月以内に更新
+10
○フォーク
10回以上フォークされている
0/5
✓Issue管理
オープンIssueが50未満
+5
✓言語
プログラミング言語が設定されている
+5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
