Agent skill

static-code-analyzer

Deep static analysis of codebases for quality, complexity, and migration readiness assessment

View SKILL.md on GitHub Repository
Stars 514
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/code-migration-modernization/skills/static-code-analyzer

SKILL.md

Static Code Analyzer Skill

Performs comprehensive static analysis of codebases to assess code quality, complexity metrics, and migration readiness. This skill integrates with industry-standard tools to provide actionable insights for migration planning.

Purpose

Enable deep static analysis of codebases for:

  • Code quality assessment
  • Complexity measurement
  • Migration readiness evaluation
  • Technical debt quantification
  • Security vulnerability scanning (SAST)

Capabilities

1. Cyclomatic Complexity Measurement

  • Analyze control flow complexity
  • Identify high-complexity functions/methods
  • Generate complexity reports by module/package
  • Track complexity trends over time

2. Code Duplication Detection (Clone Detection)

  • Detect exact code clones
  • Identify near-duplicates and structural clones
  • Calculate duplication percentage
  • Map clone relationships

3. Dead Code Identification

  • Find unreachable code paths
  • Identify unused functions/methods
  • Detect orphaned imports and exports
  • Flag obsolete feature flags

4. Security Vulnerability Scanning (SAST)

  • Scan for common security anti-patterns
  • Identify injection vulnerabilities
  • Check for hardcoded secrets
  • Assess authentication/authorization patterns

5. Maintainability Index Calculation

  • Calculate composite maintainability scores
  • Assess code readability metrics
  • Evaluate documentation coverage
  • Measure API surface complexity

6. Coding Standards Compliance

  • Check against language-specific style guides
  • Validate naming conventions
  • Verify structural patterns
  • Assess best practices adherence

Tool Integrations

This skill can leverage the following external tools when available:

Tool Purpose Integration Method
SonarQube Comprehensive code quality MCP Server / API
CodeClimate Quality metrics API
ESLint JavaScript/TypeScript linting CLI
PMD Java static analysis CLI
FindBugs/SpotBugs Java bug detection CLI
Checkstyle Java code standards CLI
ast-grep AST-based pattern matching MCP Server / CLI
Semgrep Security-focused SAST CLI

Usage

Basic Analysis

bash
# Invoke skill for basic analysis
# The skill will auto-detect language and apply appropriate analyzers

# Expected inputs:
# - targetPath: Path to codebase or directory to analyze
# - analysisScope: 'full' | 'quick' | 'security' | 'quality'
# - outputFormat: 'json' | 'markdown' | 'html'

Analysis Workflow

  1. Discovery Phase

    • Detect programming languages present
    • Identify project structure and build systems
    • Check for existing configuration files

  2. Tool Selection

    • Select appropriate analyzers based on languages
    • Configure tool-specific settings
    • Validate tool availability

  3. Analysis Execution

    • Run selected analyzers
    • Collect metrics and findings
    • Aggregate results

  4. Report Generation

    • Consolidate findings
    • Calculate composite scores
    • Generate actionable recommendations

Output Schema

json
{
  "analysisId": "string",
  "timestamp": "ISO8601",
  "target": {
    "path": "string",
    "languages": ["string"],
    "filesAnalyzed": "number",
    "linesOfCode": "number"
  },
  "metrics": {
    "complexity": {
      "average": "number",
      "max": "number",
      "distribution": {}
    },
    "duplication": {
      "percentage": "number",
      "cloneCount": "number",
      "duplicatedLines": "number"
    },
    "maintainability": {
      "index": "number",
      "grade": "A-F"
    },
    "technicalDebt": {
      "estimatedHours": "number",
      "ratio": "number"
    }
  },
  "findings": [
    {
      "type": "string",
      "severity": "critical|high|medium|low|info",
      "file": "string",
      "line": "number",
      "message": "string",
      "rule": "string",
      "recommendation": "string"
    }
  ],
  "migrationReadiness": {
    "score": "number (0-100)",
    "blockers": [],
    "risks": [],
    "recommendations": []
  }
}

Integration with Migration Processes

This skill integrates with the following Code Migration/Modernization processes:

  • legacy-codebase-assessment: Primary tool for initial codebase evaluation
  • code-refactoring: Identifies refactoring targets
  • technical-debt-remediation: Quantifies and prioritizes debt

Configuration

Skill Configuration File

Create .static-analyzer.json in the project root:

json
{
  "excludePaths": ["node_modules", "dist", "build", ".git"],
  "severityThreshold": "medium",
  "enabledChecks": {
    "complexity": true,
    "duplication": true,
    "security": true,
    "standards": true
  },
  "customRules": [],
  "reportFormats": ["json", "markdown"]
}

MCP Server Integration

When SonarQube MCP Server is available:

javascript
// Example MCP tool invocation
{
  "tool": "sonarqube_analyze",
  "arguments": {
    "project_key": "my-project",
    "sources": "./src",
    "language": "javascript"
  }
}

When ast-grep MCP Server is available:

javascript
// Example AST pattern search
{
  "tool": "ast_grep_search",
  "arguments": {
    "pattern": "console.log($$$)",
    "language": "javascript",
    "path": "./src"
  }
}

Best Practices

  1. Incremental Analysis: For large codebases, use incremental analysis to reduce time
  2. Baseline Establishment: Create baseline metrics before migration
  3. Threshold Configuration: Set appropriate thresholds for your team's standards
  4. Trend Tracking: Track metrics over time to measure improvement
  5. Integration Testing: Validate analysis results against known issues

Related Skills

  • code-smell-detector: Specialized smell detection
  • technical-debt-quantifier: Debt measurement and prioritization
  • test-coverage-analyzer: Coverage gap identification

Related Agents

  • legacy-system-archaeologist: Uses this skill for codebase exploration
  • migration-readiness-assessor: Uses this skill for readiness scoring
  • technical-debt-auditor: Uses this skill for debt assessment

References

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

a5c-ai/babysitter

gsd-tools

Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).

514 31
Explore
a5c-ai/babysitter

model-profile-resolution

Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.

514 31
Explore
a5c-ai/babysitter

verification-suite

Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.

514 31
Explore
a5c-ai/babysitter

state-management

STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.

514 31
Explore
a5c-ai/babysitter

git-integration

Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.

514 31
Explore
a5c-ai/babysitter

frontmatter-parsing

YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.

514 31
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results