nm-pensive-tiered-auditAudit a codebase using three escalation tiers: git history analysis, targeted deep-dives, and full codebase review with gating
Install via ClawdBot CLI:
clawdbot install athola/nm-pensive-tiered-auditGrade Limited — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Calls external URL not in known-safe list
https://github.com/athola/claude-night-market/tree/master/plugins/pensiveAudited Apr 16, 2026 · audit v1.0
Generated May 6, 2026
A developer runs a tiered audit on a feature branch before merging into main. Tier 1 checks git history for hotspots and fix-on-fix patterns; if flagged, Tier 2 dives into those specific files. This ensures only well-tested, stable code is merged.
After a production outage, an SRE runs the tiered audit to identify churn hotspots and instability areas. The git history analysis reveals recent commits with fix-on-fix patterns, and targeted deep-dives uncover root causes in flagged modules.
Engineering leads schedule a tiered audit every quarter to evaluate overall codebase health. The full codebase audit (Tier 3) runs only after user approval, producing a comprehensive report with evidence from all tiers.
A new developer uses the skill to explore the codebase's history and understand which areas are most volatile. The git history audit provides a high-level map of churn, helping them prioritize where to focus learning.
Before a large refactor, the team runs a tiered audit to identify files with high churn and heavy coupling. Tier 2 deep-dives into those areas to assess test coverage and architectural fit, reducing migration risk.
Offer the tiered audit as a plugin within a CI/CD platform, charging per-audit or monthly subscription. Enterprises pay for automated, structured code reviews that reduce bug fix costs and merge conflicts.
Consulting firms use the tiered audit as a structured methodology in their code review engagements. The output contracts and escalation criteria provide deliverable consistency, justifying premium pricing.
Provide a free basic tier (Tier 1 only) and charge for Tier 2/3 deep-dives, parallel execution, or integrations with GitHub/GitLab. The open-source core builds trust and community.
💬 Integration Tip
Integrate the skill into your CI pipeline by wrapping the tiered audit in a script that outputs findings to .coordination/agents/; then configure your code review tool to read those files and flag PRs automatically.
Scored May 6, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Analyze and classify agent skills for safety using local evaluation. Optionally produce a signed attestation of the vetting result.
Detect 500+ types of hardcoded secrets (API keys, credentials, tokens) before they leak into git. Wraps GitGuardian's ggshield CLI.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.