dxkit-actionlisted

Read a dxkit report and execute fixes — prioritize findings by severity, plan the fix sequence, run the fix, verify the score moved, re-baseline if appropriate. Use when the user says "fix these findings", "act on the health report", "close out these vulnerabilities", or after dxkit-reports has surfaced something concrete.
vyuh-labs/dxkit · ★ 2 · Code & Development · score 68

Install: claude install-skill vyuh-labs/dxkit

# dxkit-action This skill takes a dxkit report and drives the fix loop with the user. Reach for it after `dxkit-reports` has surfaced concrete findings. ## The action loop ``` [1] Read the report → understand what's flagged [2] Prioritize → severity + reachability + blast radius + cost [3] Plan → ordered list of edits [4] Execute → fix one finding at a time [5] Verify → re-run the analyzer, confirm score moved [6] Decide on baseline → commit fix or accept-as-baseline ``` Don't skip [5]. Re-running the analyzer is the only way to confirm the fix landed correctly. For the richest input, read the **detailed** report with graph context attached: ```bash npx vyuh-dxkit vulnerabilities --detailed --graph-context # or test-gaps / quality ``` `--graph-context` adds a "Graph context" column (the module a finding lives in + its blast radius — how many files call into it) so you can plan the fix without separately discovering structure. It's a structural HINT, not ground truth — read "Graph context" below for how to use it safely. ## Priority order Walk findings in this order (highest to lowest): 1. **CRITICAL** secrets (leaked credentials) — these are public-internet-facing. Stop everything and rotate. 2. **CRITICAL / HIGH** SAST findings in primary-architecture paths (controllers/handlers/services for backend; components/pages for frontend). 3. **CRITICAL / HIGH** dep-vulns with known explo