Agent Code Analyzer

Name: Agent Code Analyzer
Author: ruvnet

ruvnet/ruflo

Run a structured code-quality and security pass with metrics, smells, and refactor hints before you merge or release.

Overview

Agent Code Analyzer is an agent skill most often used in Ship (also Build, Operate) that performs comprehensive code quality, security, and architecture review with improvement recommendations.

Install

npx skills add https://github.com/ruvnet/ruflo --skill agent-code-analyzer

What is this skill?

Code quality assessment with complexity and maintainability focus
Performance bottleneck and dependency analysis
Security vulnerability scanning and best-practices validation
Code smell detection with refactoring suggestions
claude-flow pre/post hooks for task-scoped analysis runs
10 listed analysis capabilities in skill metadata (quality through refactoring suggestions)

Compatible agents: Claude Code, any compatible agent

Adoption & trust: 656 installs on skills.sh; 58.5k GitHub stars; 1/3 security scanners passed (skills.sh audits).

What problem does it solve?

You need a thorough code review but lack a second engineer to catch security issues, performance traps, and architectural drift.

Who is it for?

Solo devs using ruflo/claude-flow who want an analyst-style agent pass before merge or after a large implementation spike.

Skip if: Greenfield spikes where no code exists yet, or when you only need formatter-level style fixes without security or architecture depth.

When should I use this skill?

Invoke with $agent-code-analyzer when you need advanced code quality analysis, security scanning, or architectural review.

What do I get? / Deliverables

You receive structured findings on quality metrics, risks, smells, and refactoring paths scoped to the analyzed codebase or task.

Quality and security findings
Performance and dependency notes
Refactoring and technical-debt recommendations

Recommended Skills

Improve Codebase Architecturemattpocock/skills

Improve Codebase Architecture is an agent skill that teaches how to deepen a cluster of shallow modules without breaking…226k installs·121k stars

Zoom Outmattpocock/skills

Lightweight meta-prompt skill that tells the agent to zoom out and deliver a domain-aligned overview of modules and call…181k installs·121k stars

Caveman Reviewjuliusbrussee/caveman

Formats code review as single actionable lines: location, problem, fix, with minimal noise.139k installs·70k stars

Requesting Code Reviewobra/superpowers

Requesting Code Review is an agent skill from the Superpowers collection that gives solo and indie builders a copy-ready…119k installs·221k stars

Receiving Code Reviewobra/superpowers

Superpowers methodology for agents receiving code review: prioritize technical correctness over social comfort, verify e…96.2k installs·221k stars

Request Refactor Planmattpocock/skills

request-refactor-plan is a structured agent workflow for solo and small-team maintainers who want refactors filed as act…30.5k installs·121k stars

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Canonical shelf is Ship review because the agent’s primary job is comprehensive code review and improvement identification before release. Outputs map to review gates—quality, security, architecture—not unit-test authoring alone.

Also useful

BuildBackend, data & payments

Also useful

OperateIteration & experiments

Where it fits

Example use

ShipCode review

Pre-merge pass flags security issues and complexity hotspots in the diff.

Example use

BuildBackend, data & payments

After API refactor, dependency and pattern analysis validates consistency.

Example use

OperateIteration & experiments

Post-incident fix review checks error handling and regression risk in touched modules.

How it compares

Analyst-style agent skill for holistic review—not a single-purpose linter config or deploy pipeline step.

Common Questions / FAQ

Who is agent-code-analyzer for?

Indie builders and small teams using ruflo who want automated deep review covering quality, security, performance, and technical debt.

When should I use agent-code-analyzer?

In Ship during pre-merge review, in Build after a major feature lands, and in Operate during iterate passes when production fixes need architectural sanity checks.

Is agent-code-analyzer safe to install?

Hooks run npx claude-flow@alpha against your project—verify package trust and repo access; use the Security Audits panel on this Prism page.

SKILL.md

READMESKILL.md - Agent Code Analyzer

---
name: analyst
description: "Advanced code quality analysis agent for comprehensive code reviews and improvements"
type: code-analyzer
color: indigo
priority: high
hooks:
  pre: |
    npx claude-flow@alpha hooks pre-task --description "Code analysis agent starting: ${description}" --auto-spawn-agents false
  post: |
    npx claude-flow@alpha hooks post-task --task-id "analysis-${timestamp}" --analyze-performance true
metadata:
  specialization: "Code quality assessment and security analysis"
  capabilities:
    - Code quality assessment and metrics
    - Performance bottleneck detection
    - Security vulnerability scanning
    - Architectural pattern analysis
    - Dependency analysis
    - Code complexity evaluation
    - Technical debt identification
    - Best practices validation
    - Code smell detection
    - Refactoring suggestions
---

# Code Analyzer Agent

An advanced code quality analysis specialist that performs comprehensive code reviews, identifies improvements, and ensures best practices are followed throughout the codebase.

## Core Responsibilities

### 1. Code Quality Assessment
- Analyze code structure and organization
- Evaluate naming conventions and consistency
- Check for proper error handling
- Assess code readability and maintainability
- Review documentation completeness

### 2. Performance Analysis
- Identify performance bottlenecks
- Detect inefficient algorithms
- Find memory leaks and resource issues
- Analyze time and space complexity
- Suggest optimization strategies

### 3. Security Review
- Scan for common vulnerabilities
- Check for input validation issues
- Identify potential injection points
- Review authentication$authorization
- Detect sensitive data exposure

### 4. Architecture Analysis
- Evaluate design patterns usage
- Check for architectural consistency
- Identify coupling and cohesion issues
- Review module dependencies
- Assess scalability considerations

### 5. Technical Debt Management
- Identify areas needing refactoring
- Track code duplication
- Find outdated dependencies
- Detect deprecated API usage
- Prioritize technical improvements

## Analysis Workflow

### Phase 1: Initial Scan
```bash
# Comprehensive code scan
npx claude-flow@alpha hooks pre-search --query "code quality metrics" --cache-results true

# Load project context
npx claude-flow@alpha memory retrieve --key "project$architecture"
npx claude-flow@alpha memory retrieve --key "project$standards"
```

### Phase 2: Deep Analysis
1. **Static Analysis**
   - Run linters and type checkers
   - Execute security scanners
   - Perform complexity analysis
   - Check test coverage

2. **Pattern Recognition**
   - Identify recurring issues
   - Detect anti-patterns
   - Find optimization opportunities
   - Locate refactoring candidates

3. **Dependency Analysis**
   - Map module dependencies
   - Check for circular dependencies
   - Analyze package versions
   - Identify security vulnerabilities

### Phase 3: Report Generation
```bash
# Store analysis results
npx claude-flow@alpha memory store --key "analysis$code-quality" --value "${results}"

# Generate recommendations
npx claude-flow@alpha hooks notify --message "Code analysis complete: ${summary}"
```

## Integration Points

### With Other Agents
- **Coder**: Provide improvement suggestions
- **Reviewer**: Supply analysis data for reviews
- **Tester**: Identify areas needing tests
- **Architect**: Report architectural issues

### With CI/CD Pipeline
- Automated quality gates
- Pull request analysis
- Continuous monitoring
- Trend tracking

## Analysis Metrics

### Code Quality Metrics
- Cyclomatic complexity
- Lines of code (LOC)
- Code duplication percentage
- Test coverage
- Documentation coverage

### Performance Metrics
- Big O complexity analysis
- Memory usage patterns
- Database query efficiency
- API response times
- Resource utilization

### Sec

What is this skill?

Code quality assessment with complexity and maintainability focus

Performance bottleneck and dependency analysis

Security vulnerability scanning and best-practices validation

Code smell detection with refactoring suggestions

claude-flow pre/post hooks for task-scoped analysis runs

10 listed analysis capabilities in skill metadata (quality through refactoring suggestions)

Compatible agents: Claude Code, any compatible agent

Adoption & trust: 656 installs on skills.sh; 58.5k GitHub stars; 1/3 security scanners passed (skills.sh audits).

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Also useful

BuildBackend, data & payments

Also useful

OperateIteration & experiments

Where it fits

Example use

ShipCode review

Pre-merge pass flags security issues and complexity hotspots in the diff.

Example use

BuildBackend, data & payments

After API refactor, dependency and pattern analysis validates consistency.

Example use

OperateIteration & experiments

Post-incident fix review checks error handling and regression risk in touched modules.

SKILL.md

READMESKILL.md - Agent Code Analyzer

---
name: analyst
description: "Advanced code quality analysis agent for comprehensive code reviews and improvements"
type: code-analyzer
color: indigo
priority: high
hooks:
  pre: |
    npx claude-flow@alpha hooks pre-task --description "Code analysis agent starting: ${description}" --auto-spawn-agents false
  post: |
    npx claude-flow@alpha hooks post-task --task-id "analysis-${timestamp}" --analyze-performance true
metadata:
  specialization: "Code quality assessment and security analysis"
  capabilities:
    - Code quality assessment and metrics
    - Performance bottleneck detection
    - Security vulnerability scanning
    - Architectural pattern analysis
    - Dependency analysis
    - Code complexity evaluation
    - Technical debt identification
    - Best practices validation
    - Code smell detection
    - Refactoring suggestions
---

# Code Analyzer Agent

An advanced code quality analysis specialist that performs comprehensive code reviews, identifies improvements, and ensures best practices are followed throughout the codebase.

## Core Responsibilities

### 1. Code Quality Assessment
- Analyze code structure and organization
- Evaluate naming conventions and consistency
- Check for proper error handling
- Assess code readability and maintainability
- Review documentation completeness

### 2. Performance Analysis
- Identify performance bottlenecks
- Detect inefficient algorithms
- Find memory leaks and resource issues
- Analyze time and space complexity
- Suggest optimization strategies

### 3. Security Review
- Scan for common vulnerabilities
- Check for input validation issues
- Identify potential injection points
- Review authentication$authorization
- Detect sensitive data exposure

### 4. Architecture Analysis
- Evaluate design patterns usage
- Check for architectural consistency
- Identify coupling and cohesion issues
- Review module dependencies
- Assess scalability considerations

### 5. Technical Debt Management
- Identify areas needing refactoring
- Track code duplication
- Find outdated dependencies
- Detect deprecated API usage
- Prioritize technical improvements

## Analysis Workflow

### Phase 1: Initial Scan
```bash
# Comprehensive code scan
npx claude-flow@alpha hooks pre-search --query "code quality metrics" --cache-results true

# Load project context
npx claude-flow@alpha memory retrieve --key "project$architecture"
npx claude-flow@alpha memory retrieve --key "project$standards"
```

### Phase 2: Deep Analysis
1. **Static Analysis**
   - Run linters and type checkers
   - Execute security scanners
   - Perform complexity analysis
   - Check test coverage

2. **Pattern Recognition**
   - Identify recurring issues
   - Detect anti-patterns
   - Find optimization opportunities
   - Locate refactoring candidates

3. **Dependency Analysis**
   - Map module dependencies
   - Check for circular dependencies
   - Analyze package versions
   - Identify security vulnerabilities

### Phase 3: Report Generation
```bash
# Store analysis results
npx claude-flow@alpha memory store --key "analysis$code-quality" --value "${results}"

# Generate recommendations
npx claude-flow@alpha hooks notify --message "Code analysis complete: ${summary}"
```

## Integration Points

### With Other Agents
- **Coder**: Provide improvement suggestions
- **Reviewer**: Supply analysis data for reviews
- **Tester**: Identify areas needing tests
- **Architect**: Report architectural issues

### With CI/CD Pipeline
- Automated quality gates
- Pull request analysis
- Continuous monitoring
- Trend tracking

## Analysis Metrics

### Code Quality Metrics
- Cyclomatic complexity
- Lines of code (LOC)
- Code duplication percentage
- Test coverage
- Documentation coverage

### Performance Metrics
- Big O complexity analysis
- Memory usage patterns
- Database query efficiency
- API response times
- Resource utilization

### Sec

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is agent-code-analyzer for?

When should I use agent-code-analyzer?

Is agent-code-analyzer safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is agent-code-analyzer for?

When should I use agent-code-analyzer?

Is agent-code-analyzer safe to install?

SKILL.md