static-code-analysis
$
npx mdskill add aAAaqwq/AGI-Super-Team/static-code-analysisRun linters and scanners to catch bugs and security flaws.
- Detects style violations, security risks, and logic errors.
- Integrates with ESLint, TypeScript, and security plugins.
- Executes configured rules to flag violations in source code.
- Outputs detailed error reports for immediate developer review.
SKILL.md
.github/skills/static-code-analysisView on GitHub ↗
---
name: static-code-analysis
description: >
Implement static code analysis with linters, formatters, and security scanners
to catch bugs early. Use when enforcing code standards, detecting security
vulnerabilities, or automating code review.
---
# Static Code Analysis
## Table of Contents
- [Overview](#overview)
- [When to Use](#when-to-use)
- [Quick Start](#quick-start)
- [Reference Guides](#reference-guides)
- [Best Practices](#best-practices)
## Overview
Use automated tools to analyze code without executing it, catching bugs, security issues, and style violations early.
## When to Use
- Enforcing coding standards
- Security vulnerability detection
- Bug prevention
- Code review automation
- CI/CD pipelines
- Pre-commit hooks
- Refactoring assistance
## Quick Start
Minimal working example:
```javascript
// .eslintrc.js
module.exports = {
extends: [
"eslint:recommended",
"plugin:@typescript-eslint/recommended",
"plugin:security/recommended",
],
plugins: ["@typescript-eslint", "security", "import"],
rules: {
"no-console": ["warn", { allow: ["error", "warn"] }],
"no-unused-vars": "error",
"prefer-const": "error",
eqeqeq: ["error", "always"],
"no-eval": "error",
"security/detect-object-injection": "warn",
"security/detect-non-literal-regexp": "warn",
"@typescript-eslint/no-explicit-any": "warn",
"@typescript-eslint/explicit-function-return-type": "error",
"import/order": [
"error",
{
groups: [
"builtin",
"external",
"internal",
// ... (see reference guides for full implementation)
```
## Reference Guides
Detailed implementations in the `references/` directory:
| Guide | Contents |
|---|---|
| [ESLint Configuration](references/eslint-configuration.md) | ESLint Configuration |
| [Python Linting (pylint + mypy)](references/python-linting-pylint-mypy.md) | Python Linting (pylint + mypy) |
| [Pre-commit Hooks](references/pre-commit-hooks.md) | Pre-commit Hooks |
| [SonarQube Integration](references/sonarqube-integration.md) | SonarQube Integration |
| [Custom AST Analysis](references/custom-ast-analysis.md) | Custom AST Analysis |
| [Security Scanning](references/security-scanning.md) | Security Scanning |
## Best Practices
### ✅ DO
- Run linters in CI/CD
- Use pre-commit hooks
- Configure IDE integration
- Fix issues incrementally
- Document custom rules
- Share configuration across team
- Automate security scanning
### ❌ DON'T
- Ignore all warnings
- Skip linter setup
- Commit lint violations
- Use overly strict rules initially
- Skip security scans
- Disable rules without reason
More from aAAaqwq/AGI-Super-Team
- a-fund-monitor监控 A 股基金实时估值与盘后净值,自动判断交易日并生成提醒或分析。
- account-executive>
- add-leadAdd company/person/relationship to CRM
- adsComprehensive ad account analysis across all major platforms (Google, Meta
- ads-agentAI-агент для управления Facebook рекламой. Вызывай для анализа, оптимизации, создания кампаний и отчётов.
- afrexai-compliance-auditRun internal compliance audits against major governance and security
- afrexai-personal-financeComplete personal finance system — budgeting, debt payoff, investing, tax optimization, net worth tracking, and financial independence planning. Use when managing money, building wealth, paying off debt, planning retirement, or optimizing taxes. Zero dependencies.
- after-salesUse when managing post-purchase experience, building customer loyalty, or increasing repeat purchases
- agent-contactsAI agent contacts — add, list, remove MCP contacts. Use when someone gives an agent URL, or when you need to view/remove contacts.
- agent-model-switcher批量查看和切换子 agent 的模型配置,用于统一调整多 agent 的 provider/model 设置。