This site is private. Enter the password to continue.
The audit evaluates your package across six dimensions. Each dimension has a maximum score. D1–D5 are static analysis (free). D6 requires Claude (full audit only).
| Dimension | Points | Mode |
|---|---|---|
| D1 Structure | 20 | Static |
| D2 Security | 20 | Static |
| D3 Code Quality | 20 | Static |
| D4 Completeness | 15 | Static |
| D5 Robustness | 15 | Static |
| D6 Value | 10 | Full (Claude) |
Validates the package organization and manifest.
| Check | Points |
|---|---|
| ark.json exists and is valid JSON | 4 |
| All required fields present in ark.json | 4 |
| version follows semver format | 2 |
| Installer script exists at declared path | 4 |
| Installer is executable (chmod +x) | 2 |
| Package name matches directory name | 2 |
| No unexpected top-level files (clean structure) | 2 |
Checks for common security issues. A perfect D2 score is achievable by all packages that follow basic hygiene.
| Check | Points |
|---|---|
| No API keys, tokens, or passwords in any file | 6 |
| .gitignore present (excludes sensitive files) | 3 |
| No sudo in installer scripts | 4 |
| No command injection patterns (eval, $(), unsafe quoting) | 4 |
| No writes outside ~/.ark/ or ~/.claude/ | 3 |
Evaluates the quality of bash scripts and documentation.
| Check | Points |
|---|---|
| bash -n passes (no syntax errors) | 5 |
| CLAUDE.md exists and has content | 4 |
| set -euo pipefail in bash scripts | 3 |
| Error handling (if/fi blocks, exit codes) | 4 |
| Meaningful comments in scripts | 2 |
| Consistent indentation and formatting | 2 |
Checks that all declared components are present and documented.
| Check | Points |
|---|---|
| README.md exists | 3 |
| README covers installation and usage | 3 |
| structure fields in ark.json match actual files | 4 |
| All slash commands documented in CLAUDE.md | 3 |
| Changelog or version notes present | 2 |
Tests whether the installer handles edge cases gracefully.
| Check | Points |
|---|---|
| Verify script (bin/verify.sh) exists | 4 |
| Installer is idempotent (safe to run twice) | 4 |
| Handles missing directories (mkdir -p pattern) | 3 |
| Requirements validation before install | 2 |
| Graceful failure messages (not just exit 1) | 2 |
A Claude evaluation of the package's actual usefulness. This is subjective and qualitative — designed to reward genuine expertise and originality.
| Check | Points |
|---|---|
| Solves a real, specific problem (not generic) | 4 |
| Domain expertise evident in prompts/CLAUDE.md | 3 |
| Documentation quality and clarity | 2 |
| Originality (not a trivial wrapper) | 1 |