project-health▌
jezweb/claude-skills · updated Apr 8, 2026
MDX-style export adds YAML metadata + attribution linking explainx.ai and this canonical listing URL.
Comprehensive project setup, auditing, and configuration management for Claude Code environments.
- ›Detects project type from file indicators (Node.js, Python, Rust, Go, Docker, Cloudflare, etc.) and auto-generates .claude/settings.local.json , CLAUDE.md , and .gitignore with appropriate permission presets
- ›Audits existing projects via parallel sub-agents: Permission Auditor scans for leaked secrets, stale MCP servers, permission gaps, and legacy syntax; Context Auditor checks CLAUDE.md qu
Project Health
One skill for everything about your project's Claude Code configuration. Run it at the start, middle, or end of a project — it figures out what's needed.
Goal: Zero permission prompts, well-organised context files, no cruft.
When to Use
| You say... | What happens |
|---|---|
| "project health" / "check project" | Full audit: permissions + context + docs |
| "setup project" / "kickoff" / "bootstrap" | New project setup from scratch |
| "tidy permissions" / "clean settings" | Fix permissions file only |
| "capture learnings" / "update CLAUDE.md" | Save session discoveries |
| "add python" / "add docker permissions" | Add a preset to existing settings |
| "audit context" / "audit memory" | Context-focused audit only |
Architecture: Sub-Agents
Heavy analysis runs in sub-agents to keep the main conversation clean. The main agent orchestrates; sub-agents do the scanning and return summaries.
Agent 1: Permission Auditor
Launched with Task(subagent_type: "general-purpose"). Prompt:
Read .claude/settings.local.json.
**Discover connected MCP servers**: Use ToolSearch (search "mcp") and extract unique
server prefixes from tool names (e.g. mcp__vault__secret_list → vault).
**Discover installed skills**: Use the Skill tool or ToolSearch to list available skills.
For each skill that has scripts/ in its directory, note what Bash patterns it needs
(python3, env var prefixes like GEMINI_API_KEY=*, etc.). Check the SKILL.md for any
MCP tools the skill references (e.g. mcp__vault__secret_get).
Report:
1. MCP servers connected but NOT in settings (missing)
2. MCP servers in settings but NOT connected (stale)
3. Skill permissions: Bash patterns and MCP tools that installed skills need but aren't approved
4. File access: check for Read/Edit/Write patterns for .claude/** and //tmp/**
in project settings, and ~/Documents/**/~/.claude/** in global settings
5. Leaked secrets: entries containing API keys, tokens, bearer strings, hex >20 chars, base64 >20 chars
6. Legacy colon syntax: entries like Bash(git:*) instead of Bash(git *)
7. Junk entries: shell fragments (Bash(do), Bash(fi), Bash(then), Bash(else), Bash(done)),
__NEW_LINE_* artefacts, loop body fragments (Bash(break), Bash(continue), Bash(echo *))
8. Duplicates: entries covered by a broader pattern (e.g. Bash(git add *) redundant if Bash(git *) exists)
9. Missing presets: based on files present, suggest presets from [permission-presets.md]
Prefer Read/Glob/Grep tools over Bash. If you need to scan multiple files or
run 3+ commands for one analysis, write a Python script to .jez/scripts/
and run it once (mkdir -p .jez/scripts first).
Return a structured summary, not raw data.
Agent 2: Context Auditor
Launched with Task(subagent_type: "general-purpose"). Prompt:
Audit the project context landscape at [repo-path]:
1. Find all CLAUDE.md files. For each:
- Count lines (target: root 50-150, subdirs 15-50)
- Score quality on 6 criteria (see quality-criteria.md)
- Check for stale file/path references
- Flag oversized files
2. Find .claude/rules/ topic files. Check sizes (target: 20-80 lines).
3. Detect project type from files present (see project-types.md).
Check expected docs exist (ARCHITECTURE.md, DATABASE_SCHEMA.md, etc.)
4. Find public markdown (README.md, LICENSE, CONTRIBUTING.md).
Check for overlap with CLAUDE.md content.
5. Check auto-memory at ~/.claude/projects/*/memory/MEMORY.md
6. If Cloudflare project: find all wrangler.jsonc/wrangler.toml files.
Check each has "observability": { "enabled": true }. Flag any missing it.
Prefer Read/Glob/Grep tools over Bash. If you need to scan many files or
aggregate data across the repo, write a Python script to .jez/scripts/
and run it once rather than running many individual bash commands
(mkdir -p .jez/scripts first).
Return: project type, quality scores, missing docs, stale refs, overlaps,
size violations, observability gaps, and total markdown footprint.
Parallel Execution
For a full health check, launch both agents in parallel:
Task(subagent_type: "general-purpose", name: "permission-audit", prompt: "...")
Task(subagent_type: "general-purpose", name: "context-audit", prompt: "...")
Both return summaries. The main agent combines them into one report and proposes fixes.
Mode 1: Full Health Check
The default. Run this anytime.
Steps
-
Launch Permission Auditor and Context Auditor agents in parallel
-
Combine findings into a single report:
## Project Health Report **Project type**: [detected type] **CLAUDE.md quality**: [score]/100 ([grade]) ### Permissions - Missing MCP servers: [list] - Leaked secrets: [count] found - Legacy syntax: [count] entries - Missing presets: [list] ### Context - Oversized files: [list] - Stale references: [list] - Missing docs: [list] - Overlaps: [list] ### Recommended Fixes 1. [fix 1] 2. [fix 2] ... -
Apply fixes after single yes/no confirmation
Mode 2: New Project Setup
When: No .claude/settings.local.json exists, or user says "setup" / "kickoff".
Steps
-
Detect project type from files present:
Indicator Type Preset wrangler.jsoncorwrangler.tomlcloudflare-worker JS/TS + Cloudflare vercel.jsonornext.config.*vercel-app JS/TS + Vercel astro.config.*astro JS/TS + Static Sites package.json(no deploy target)javascript-typescript JS/TS pyproject.tomlorsetup.pyorrequirements.txtpython Python Cargo.tomlrust Rust go.modgo Go GemfileorRakefileruby Ruby composer.jsonorwp-config.phpphp PHP pom.xmlorbuild.gradle*java Java/JVM *.slnor*.csprojdotnet .NET mix.exselixir Elixir Package.swiftswift Swift + macOS pubspec.yamlflutter Mobile Dockerfileordocker-compose.ymldocker Docker fly.tomlorrailway.jsonornetlify.tomlhosted-app Hosting Platforms supabase/config.tomlsupabase Hosting + Database .claude/agents/or operational scriptsops-admin — Empty directory Ask the user — Types stack (e.g. cloudflare-worker + javascript-typescript).
-
Generate
.claude/settings.local.json:- Read references/permission-presets.md
- Always include Universal Base (includes file access for
.claude/**,//tmp/**) - Add detected language + deployment presets
- Check if global
~/.claude/settings.local.jsonhas home-relative file access patterns (~/Documents/**,~/.claude/**). If not, suggest adding them there (NOT in the project file — home paths belong in global settings only) - Launch Permission Auditor agent to discover MCP servers and add per-server wildcards
- Always include
WebSearch,WebFetch - Always include explicit
ghsubcommands (workaround forBash(gh *)bug) - Write with
//comment groups
-
Generate
CLAUDE.md:- Read references/templates.md
- Use project-type-appropriate template
-
Generate
.gitignore:- Read references/templates.md
- Always include
.claude/settings.local.json,.claude/plans/,.jez/screenshots/,.jez/artifacts/ - Do NOT gitignore
.jez/scripts/— generated scripts are worth keeping
-
Optionally (ask first):
git init+gh repo create -
Warn: "Project settings.local.json SHADOWS global settings (does not merge). Session restart needed."
Mode 3: Tidy Permissions
When: User says "tidy permissions" or health check found permission issues.
Launch the Permission Auditor agent, then apply its recommended fixes.
Mode 4: Capture Learnings
When: End of session, "capture learnings", "save what we learned".
This runs in the main context (not a sub-agent) because it needs access to the conversation history.
- Review conversation for discoveries worth preserving
- Decide placement:
Applies to all projects? ├── YES → ~/.claude/rules/<topic>.md └── NO → Specific to a subdirectory? ├── YES → <dir>/CLAUDE.md └── NO → Reference or operational? ├── Reference → docs/ or ARCHITECTURE.md └── Operational → ./CLAUDE.md (root) - Draft all changes as diffs in a single batch
- Apply after single yes/no confirmation
Keep it concise: one line per concept.
Mode 5: Add Preset
When: "add python permissions", "add docker", "add MCP servers".
- Read the preset from references/permission-presets.md
- Read existing
.claude/settings.local.json - Merge without duplicating
- Remind: session restart required
Mode 6: Restructure Context
When: Root CLAUDE.md over 200 lines, "restructure memory".
- Launch Context Auditor agent first
- Based on findings:
- Split oversized CLAUDE.md into
.claude/rules/<topic>.md - Extract directory-specific content to sub-directory CLAUDE.md
- Move reference material to
docs/ - Resolve overlaps
- Create missing docs for project type
- Split oversized CLAUDE.md into
- Present plan, apply after approval
Size Targets
| File | Target | Maximum |
|---|---|---|
| Root CLAUDE.md | 50-150 lines | 200 |
| Sub-directory CLAUDE.md | 15-50 lines | 80 |
| Rules topic file | 20-80 lines | 120 |
Permission Syntax Quick Reference
| Pattern | Meaning |
|---|---|
Bash(git *) |
Preferred — space before * = word boundary |
Bash(nvidia-smi) |
Exact match, no arguments |
WebFetch |
Blanket web fetch |
WebSearch |
Blanket web search |
mcp__servername__* |
All tools on one MCP server |
What Does NOT Work
| Pattern | Why |
|---|---|
mcp__* |
Wildcard doesn't cross __ boundary |
mcp__*__* |
Still doesn't work |
Bash(git:*) |
Deprecated colon syntax (works but prefer space) |
Important Behaviours
- Not hot-reloaded:
settings.local.jsonedits need session restart - "Don't ask again" injects at runtime (no restart) using colon format — normal
- Shadows, not merges: Project settings completely replace global
ghbug:Bash(gh *)sometimes misses subcommands — include explicitBash(gh issue *)etc.
Autonomy
- Just do it: Detect project type, launch audit agents, discover MCP servers
- Brief confirmation: Write/update files (single batch yes/no)
- Ask first: git init, GitHub repo, delete existing content, major restructures
Reference Files
| When | Read |
|---|---|
| Building permission presets | references/permission-presets.md |
| Generating CLAUDE.md, .gitignore | references/templates.md |
| Scoring CLAUDE.md quality | references/quality-criteria.md |
| Detecting project type + expected docs | references/project-types.md |
| Setting up commit capture hook | references/commit-hook.md |
How to use project-health on Cursor
AI-first code editor with Composer
Prerequisites
Before installing skills in Cursor, ensure your development environment meets these requirements:
- ›Cursor installed and configured on your development machine
- ›Node.js version 16.0+ with npm package manager (verify with
node --version) - ›Active project directory or workspace where you want to add project-health
Execute installation command
Execute the skills CLI command in your project's root directory to begin installation:
The skills CLI fetches project-health from GitHub repository jezweb/claude-skills and configures it for Cursor.
Select Cursor when prompted
The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor:
Verify installation
Confirm successful installation by checking the skill directory location:
Reload or restart Cursor to activate project-health. Access the skill through slash commands (e.g., /project-health) or your agent's skill management interface.
Security & Verification Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment.
List & Monetize Your Skill
Submit your Claude Code skill and start earning
Use Cases▌
User Story & Requirements Generation
Create detailed user stories, acceptance criteria, and feature specs
Example
Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios
Reduce spec writing time by 50%, ensure comprehensive coverage
Competitive Analysis
Research competitors, compare features, identify gaps
Example
Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities
Complete competitive research in 2 hours instead of 2 days
Roadmap Prioritization
Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs
Example
Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale
Make data-driven prioritization decisions faster
Stakeholder Communication
Draft PRDs, status updates, and stakeholder presentations
Example
Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement
Save 3-5 hours/week on communication overhead
Implementation Guide▌
Prerequisites
- ›Claude Desktop or compatible AI client
- ›Access to product documentation and roadmap tools (Jira, Notion, etc.)
- ›Understanding of product management frameworks (RICE, Jobs-to-be-Done, etc.)
- ›Stakeholder contact information and communication channels
Time Estimate
30-60 minutes to see productivity improvements
Installation Steps
- 1.Install product management skill
- 2.Start with user story generation for known feature
- 3.Progress to competitive analysis: research 2-3 competitors
- 4.Use for roadmap prioritization: apply RICE/ICE scoring
- 5.Draft stakeholder communications and refine based on feedback
- 6.Build template library for recurring PM tasks
- 7.Share effective prompts with product team
Common Pitfalls
- ⚠Not validating competitive research—verify facts before sharing
- ⚠Accepting user stories without involving engineering team
- ⚠Over-relying on frameworks without qualitative judgment
- ⚠Not customizing outputs to company culture and communication style
- ⚠Skipping stakeholder validation of generated requirements
Best Practices▌
✓ Do
- +Validate research and competitive analysis with real data
- +Collaborate with engineering when generating technical requirements
- +Customize frameworks and templates to your company context
- +Use skill for first drafts, refine with stakeholder input
- +Document successful prompt patterns for PM tasks
- +Combine AI efficiency with human judgment and intuition
✗ Don't
- −Don't publish competitive analysis without fact-checking
- −Don't finalize user stories without engineering review
- −Don't make prioritization decisions solely on AI scoring
- −Don't skip customer validation of generated requirements
- −Don't ignore company-specific context and culture
💡 Pro Tips
- ★Provide context: company goals, constraints, customer feedback
- ★Ask for alternatives: 'Show 3 ways to prioritize this roadmap'
- ★Request stakeholder-specific formatting: 'Executive summary vs. engineering spec'
- ★Use skill for 70% generation + 30% customization to company needs
When to Use This▌
✓ Use When
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
✗ Avoid When
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
Learning Path▌
- 1Basic: user stories, feature specs, status updates
- 2Intermediate: competitive analysis, prioritization frameworks, PRDs
- 3Advanced: product strategy, go-to-market planning, OKR setting
- 4Expert: product vision, market positioning, business model innovation
Discussion
Product Hunt–style comments (not star reviews)- No comments yet — start the thread.
Ratings
4.5★★★★★45 reviews- ★★★★★Meera Agarwal· Dec 24, 2024
We added project-health from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- ★★★★★Chaitanya Patil· Dec 8, 2024
Keeps context tight: project-health is the kind of skill you can hand to a new teammate without a long onboarding doc.
- ★★★★★Camila Khanna· Dec 8, 2024
Solid pick for teams standardizing on skills: project-health is focused, and the summary matches what you get after install.
- ★★★★★Pratham Ware· Dec 4, 2024
project-health fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- ★★★★★Soo Smith· Dec 4, 2024
project-health is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- ★★★★★Piyush G· Nov 27, 2024
project-health has been reliable in day-to-day use. Documentation quality is above average for community skills.
- ★★★★★Diego Shah· Nov 27, 2024
project-health is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- ★★★★★Meera Desai· Nov 23, 2024
Solid pick for teams standardizing on skills: project-health is focused, and the summary matches what you get after install.
- ★★★★★Mateo Chawla· Nov 11, 2024
project-health fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- ★★★★★Shikha Mishra· Oct 18, 2024
Solid pick for teams standardizing on skills: project-health is focused, and the summary matches what you get after install.
showing 1-10 of 45