{"id":"ee758da7-d6ca-4426-bac1-c86d87dd0465","shortId":"TDcx27","kind":"skill","title":"plc-code-analysis","tagline":"Standalone skill for multi-perspective PLC code security and quality analysis. Triggers on: \"review\", \"audit\", \"analyze\", \"security check\", \"vulnerability scan\", \"code review\", \"check this code\", \"is this safe\", \"find issues\" when combined with PLC, SCL, ST, LAD, FBD, Structured ","description":"# plc-code-analysis\n\n## Goal\n\nPerform structured, multi-perspective security and quality analysis of PLC code,\nproducing a severity-ranked findings report. Acts as an automated \"second pair of eyes\"\nfor automation engineers.\n\n## Independence from tia-openness-roadmap\n\nThis skill is NOT routed by `tia-openness-roadmap`. It has its own trigger patterns and\noperates independently. The Openness roadmap handles engineering automation (create, modify,\nimport/export via API). This skill handles analysis and review of existing code.\n\nThe skill CAN consume code retrieved via MCP tools or Python/C# Openness exports, but it\ndoes not depend on them.\n\n## Input recognition\n\nClaude receives PLC code in one of three ways. Identify which applies before starting analysis.\n\n### Format 1 — Raw SCL / Structured Text\n\nThe user pastes or uploads `.scl`, `.st`, or plain-text PLC code. This is the simplest case.\nParse directly as text. Look for FUNCTION_BLOCK, FUNCTION, ORGANIZATION_BLOCK, DATA_BLOCK\nheaders to identify block boundaries.\n\n### Format 2 — SimaticML XML (exported LAD/FBD/SCL)\n\nThe user provides `.xml` files exported from TIA Portal. These follow the SimaticML schema.\nKey navigation points:\n\n- `<SW.Blocks.FB>`, `<SW.Blocks.FC>`, `<SW.Blocks.OB>`, `<SW.Blocks.DB>` — block type\n- `<Interface>` → `<Section Name=\"Input|Output|InOut|Static|Temp|Constant\">` — variable declarations\n- `<ObjectList>` → `<CompileUnit>` — individual networks\n- `<FlgNet>` inside CompileUnit — LAD/FBD network logic as a directed graph\n- `<Access>` elements — variable references with scope and UID\n- `<Part>` elements — instructions (contacts, coils, function calls)\n- `<Wire>` elements — connections between parts (data/signal flow)\n- `<StructuredText>` — inline SCL within LAD/FBD networks\n- `<Comment>` — block and network comments (valuable for process context)\n- Block attributes in root element: `BlockType`, `Number`, `Programming language`,\n  `MemoryLayout` (Optimized/Standard), `HeaderAuthor`, `HeaderVersion`\n\nFor LAD/FBD analysis, reconstruct the logic flow from the `<FlgNet>` graph:\nParts are nodes, Wires are edges. Follow Powerrail → Contact chain → Coil/Function to\nunderstand each network's behavior.\n\n### Format 3 — MCP-assisted retrieval\n\nIf the TIA Portal MCP server is available, context retrieval is required before issuing\nsecurity findings. Use the current Totally Integrated Claude MCP tools:\n\n1. `browse_project_tree` — map PLCs, block folders, block names, and execution entry points\n2. `get_block_content` — retrieve SIMATIC SD YAML for each block under review\n3. `list_tag_tables` — retrieve PLC tags, user constants, and externally writable names\n4. `read_cross_references` — inspect call paths, unused blocks, and variable references\n5. `read_hardware_config` — retrieve CPU, network, IP, subnet, and interface settings\n6. `compile_check` — record compile errors/warnings when the user asks for remediation\n\nLegacy source documents may name equivalent operations as `GetBlocksWithHierarchy`,\n`ExportBlock`, `GetBlockInfo`, `GetTypes` / `GetTypeInfo`, or `GetHardwareConfig`.\nTreat those as conceptual aliases, not callable tool names.\n\nIf MCP is unavailable or a required context item cannot be retrieved, continue only as a\nlimited review. The final report must include a context manifest and mark affected findings\nas inference-based where missing declarations, UDTs, call paths, tag tables, or hardware\nmapping prevent confirmation.\n\n## Analysis workflow\n\nThe analysis is performed in sequential passes. Each pass loads one reference file,\nanalyzes the code through that specific lens, and produces findings.\n\n**Critical instruction:** After each pass, Claude summarizes the findings from that pass\nin a compact internal list before loading the next reference. This prevents token pressure\nfrom accumulating raw analysis across all passes.\n\n### Pass order\n\n| Pass | Reference file | Focus |\n|------|---------------|-------|\n| 1 | `references/process-architect.md` | Physical plausibility and process context |\n| 2 | `references/security-practices.md` | Top 20 Secure PLC Coding Practices + communication hardening |\n| 3 | `references/threat-mapping.md` | MITRE ATT&CK for ICS technique identification |\n| 4 | `references/compiler-critic.md` | Siemens platform bugs, CWE memory safety, safety boundary |\n| 5 | `references/hardware-reviewer.md` | Hardware config, access settings, network security |\n\n**Pass order rationale:** Process context comes first because understanding what the code\nphysically controls determines the severity of all subsequent findings. A missing range\ncheck on a status indicator is Low; the same flaw on a chemical dosing pump is Critical.\n\n### Per-pass procedure\n\nBefore starting the passes, build a compact context manifest:\n\n- **Code:** pasted/exported blocks, block names, language, line/network references\n- **Declarations:** VAR_INPUT, VAR_OUTPUT, VAR_IN_OUT, VAR_STATIC, VAR_TEMP, constants\n- **Types:** UDTs, arrays, structures, optimized vs standard access metadata when known\n- **Flows:** call tree, cross references, external write sources, HMI/SCADA inputs\n- **Hardware:** CPU, communication settings, network interfaces, safety-related mapping\n- **Verification:** baseline compile status if available, and whether simulation was run\n\nFor each pass:\n\n1. Load the reference file\n2. Work through every checklist item against the provided code\n3. Record each finding with: severity, category tag, location, evidence, inference level,\n   description, impact, remediation, and verification requirement\n4. Produce a compact summary of findings from this pass\n5. Proceed to next pass\n\nAfter all passes, run a final verification synthesis:\n\n- Challenge high/critical findings against the context manifest\n- Downgrade or label findings that depend on missing UDTs, call paths, or hardware mapping\n- Flag any proposed remediation that requires `compile_check`, simulation, or safety review\n- Do not present generated PLC code as deployable without compile and engineering validation\n\n### Hardware reviewer conditionality\n\nIf no hardware configuration data is available (user only provided code, no HW config,\nno MCP access), the Hardware Reviewer pass still runs but produces a single finding:\n\n```\n#### [INFO] Hardware configuration not available\n- **Category:** HW-REVIEW\n- **Description:** No hardware configuration data was provided or retrievable.\n  The following checks could not be performed: PUT/GET access status, web server\n  settings, communication protocol security, access level configuration,\n  protection level status.\n- **Evidence:** No `read_hardware_config` result or hardware export was available.\n- **Inference level:** Confirmed limitation\n- **Verification required:** Provide hardware export or enable MCP hardware retrieval.\n- **Remediation:** Provide hardware configuration export or enable MCP server\n  access for a complete security assessment.\n```\n\n## Output format\n\nAfter all passes complete, merge findings, deduplicate (same issue found by multiple passes\ngets the highest severity assigned and cross-references both categories), and sort by severity.\n\n```markdown\n## PLC Code Analysis Report\n\n**Analyzed:** [block names / file names]\n**Input format:** SCL / SimaticML XML (LAD) / SimaticML XML (FBD)\n**Analysis date:** [date]\n**Passes completed:** Process Architect, Security Practices, Threat Mapping,\n                      Compiler Critic, Hardware Reviewer, Verification Synthesis\n\n### Context Manifest\n\n| Context item | Status | Source |\n|--------------|--------|--------|\n| Block logic | Provided / Retrieved / Missing | Paste / file / `get_block_content` |\n| Variable declarations | Complete / Partial / Missing | block interface / XML / YAML |\n| UDT and array definitions | Complete / Partial / Missing | source / `get_block_content` |\n| Call tree and cross references | Complete / Partial / Missing | `browse_project_tree` / `read_cross_references` |\n| Tag tables and external inputs | Complete / Partial / Missing | `list_tag_tables` |\n| Hardware and network config | Complete / Partial / Missing | `read_hardware_config` / export |\n| Compile baseline | Clean / Warnings / Errors / Not run | `compile_check` / not available |\n\n### Summary\n\n| Severity | Count |\n|----------|-------|\n| CRITICAL | N |\n| HIGH     | N |\n| MEDIUM   | N |\n| LOW      | N |\n| INFO     | N |\n\n### Findings\n\n#### [CRITICAL] Finding title\n- **Category:** TOP20-P08 / CWE-787 / T0836 / HW-PUTGET (one or more)\n- **Location:** FB_MixerControl, Line 47 / Network 3\n- **Evidence:** Direct source evidence or retrieved MCP context supporting the finding\n- **Inference level:** Confirmed / Probable / Suspicious / Context-limited\n- **Confidence:** High / Medium / Low\n- **Description:** Clear explanation of the issue\n- **Impact:** What could happen if this is exploited or left unaddressed\n- **Remediation:** Specific, actionable fix with code example where applicable\n- **Verification required:** compile_check / simulation / safety review / hardware review\n- **References:** Relevant standard or practice citation\n\n---\n\n[... next finding ...]\n```\n\n### Severity definitions\n\n| Severity | Criteria |\n|----------|----------|\n| CRITICAL | Direct risk to physical safety, process integrity, or enables remote code execution. Immediate action required. |\n| HIGH | Significant security gap exploitable by network-level attacker, or logic flaw affecting process control under fault conditions. |\n| MEDIUM | Violation of secure coding practice that increases attack surface or reduces defense-in-depth, but requires additional conditions to exploit. |\n| LOW | Code quality or style issue that indirectly weakens security posture. Best-practice deviation without immediate risk. |\n| INFO | Observation, recommendation, or note about missing context that prevented a complete check. |\n\n## Limitations and honest reporting\n\nClaude must NOT:\n\n- Invent findings to fill the report — if a pass finds nothing, report \"No issues identified\"\n- Speculate about code behavior without evidence from the provided source\n- Claim certainty about runtime behavior that depends on CPU configuration not provided\n- Hallucinate variable names, block numbers, or line references\n\nClaude MUST:\n\n- Clearly state when a finding is based on inference vs. direct evidence\n- Note when analysis is limited by missing context (e.g., UDT definitions not provided)\n- Distinguish between confirmed violations and suspicious patterns worth investigating","tags":["plc","code","analysis","totally","integrated","claude","czarnak","agent-skills","claude-code","claude-code-plugin","claude-skills","codex"],"capabilities":["skill","source-czarnak","skill-plc-code-analysis","topic-agent-skills","topic-claude-code","topic-claude-code-plugin","topic-claude-skills","topic-codex","topic-codex-cli","topic-codex-plugin","topic-gemini","topic-gemini-cli","topic-gemini-cli-extension","topic-gemini-extension","topic-mcp"],"categories":["totally-integrated-claude"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/Czarnak/totally-integrated-claude/plc-code-analysis","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add Czarnak/totally-integrated-claude","source_repo":"https://github.com/Czarnak/totally-integrated-claude","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 9 github stars · SKILL.md body (10,469 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:08:29.624Z","embedding":null,"createdAt":"2026-05-18T13:13:57.510Z","updatedAt":"2026-05-18T19:08:29.624Z","lastSeenAt":"2026-05-18T19:08:29.624Z","tsv":"'-787':1103 '1':163,344,555,719 '2':205,358,562,724 '20':565 '3':315,371,572,734,1117 '4':384,581,752 '47':1115 '5':396,591,762 '6':408 'access':595,681,840,878,886,926 'accumul':543 'across':546 'act':69 'action':1160,1202 'addit':1241 'affect':472,1217 'alias':439 'analysi':4,16,48,58,119,161,289,491,494,545,965,981,1344 'analyz':21,506,967 'api':115 'appli':158 'applic':1166 'architect':987 'array':676,1025 'ask':417 'assess':931 'assign':951 'assist':318 'att':575 'attack':1213,1231 'attribut':275 'audit':20 'autom':72,78,110 'avail':327,710,830,856,902,1080 'base':477,1336 'baselin':706,1071 'behavior':313,1301,1312 'best':1257 'best-practic':1256 'block':193,196,198,202,227,266,274,350,352,360,368,392,655,656,968,1004,1012,1019,1032,1323 'blocktyp':279 'boundari':203,590 'brows':345,1042 'bug':585 'build':648 'call':254,389,482,686,791,1034 'callabl':441 'cannot':453 'case':185 'categori':740,857,957,1098 'certainti':1309 'chain':306 'challeng':775 'check':23,28,410,623,803,872,1078,1170,1275 'checklist':728 'chemic':635 'citat':1181 'ck':576 'claim':1308 'claud':147,341,521,1280,1328 'clean':1072 'clear':1142,1330 'code':3,12,26,30,47,61,124,129,150,180,508,568,610,653,733,813,834,964,1163,1199,1227,1246,1300 'coil':252 'coil/function':307 'combin':37 'come':604 'comment':269 'communic':570,697,883 'compact':530,650,755 'compil':409,412,707,802,817,992,1070,1077,1169 'compileunit':234 'complet':929,937,985,1016,1027,1039,1053,1063,1274 'conceptu':438 'condit':823,1222,1242 'confid':1137 'config':399,594,837,896,1062,1068 'configur':827,854,864,888,920,1317 'confirm':490,905,1131,1357 'connect':256 'constant':379,673 'consum':128 'contact':251,305 'content':361,1013,1033 'context':273,328,451,468,561,603,651,780,998,1000,1125,1135,1270,1349 'context-limit':1134 'continu':456 'control':612,1219 'could':873,1149 'count':1083 'cpu':401,696,1316 'creat':111 'criteria':1187 'critic':516,639,993,1084,1095,1188 'cross':386,688,954,1037,1046 'cross-refer':953 'current':338 'cwe':586,1102 'data':197,828,865 'data/signal':259 'date':982,983 'declar':230,480,661,1015 'dedupl':940 'defens':1236 'defense-in-depth':1235 'definit':1026,1185,1352 'depend':142,787,1314 'deploy':815 'depth':1238 'descript':746,861,1141 'determin':613 'deviat':1259 'direct':187,240,1119,1189,1340 'distinguish':1355 'document':422 'dose':636 'downgrad':782 'e.g':1350 'edg':302 'element':242,249,255,278 'enabl':913,923,1197 'engin':79,109,819 'entri':356 'equival':425 'error':1074 'errors/warnings':413 'everi':727 'evid':743,892,1118,1121,1303,1341 'exampl':1164 'execut':355,1200 'exist':123 'explan':1143 'exploit':1154,1208,1244 'export':137,208,215,900,911,921,1069 'exportblock':429 'extern':381,690,1051 'eye':76 'fault':1221 'fb':1112 'fbd':43,980 'file':214,505,553,723,970,1010 'fill':1286 'final':463,772 'find':34,67,335,473,515,524,619,737,758,777,785,851,939,1094,1096,1128,1183,1284,1292,1334 'first':605 'fix':1161 'flag':796 'flaw':632,1216 'flow':260,293,685 'focus':554 'folder':351 'follow':220,303,871 'format':162,204,314,933,973 'found':943 'function':192,194,253 'gap':1207 'generat':811 'get':359,947,1011,1031 'getblockinfo':430 'getblockswithhierarchi':428 'gethardwareconfig':434 'gettyp':431 'gettypeinfo':432 'goal':49 'graph':241,296 'hallucin':1320 'handl':108,118 'happen':1150 'harden':571 'hardwar':398,487,593,695,794,821,826,842,853,863,895,899,910,915,919,994,1059,1067,1174 'header':199 'headerauthor':285 'headervers':286 'high':1086,1138,1204 'high/critical':776 'highest':949 'hmi/scada':693 'honest':1278 'hw':836,859,1106 'hw-putget':1105 'hw-review':858 'ic':578 'identif':580 'identifi':156,201,1297 'immedi':1201,1261 'impact':747,1147 'import/export':113 'includ':466 'increas':1230 'independ':80,104 'indic':627 'indirect':1252 'individu':231 'infer':476,744,903,1129,1338 'inference-bas':475 'info':852,1092,1263 'inlin':261 'input':145,663,694,972,1052 'insid':233 'inspect':388 'instruct':250,517 'integr':340,1195 'interfac':406,700,1020 'intern':531 'invent':1283 'investig':1363 'ip':403 'issu':35,333,942,1146,1250,1296 'item':452,729,1001 'key':224 'known':684 'label':784 'lad':42,977 'lad/fbd':235,264,288 'lad/fbd/scl':209 'languag':282,658 'left':1156 'legaci':420 'len':512 'level':745,887,890,904,1130,1212 'limit':460,906,1136,1276,1346 'line':1114,1326 'line/network':659 'list':372,532,1056 'load':502,534,720 'locat':742,1111 'logic':237,292,1005,1215 'look':190 'low':629,1090,1140,1245 'manifest':469,652,781,999 'map':348,488,704,795,991 'mark':471 'markdown':962 'may':423 'mcp':132,317,324,342,445,839,914,924,1124 'mcp-assist':316 'medium':1088,1139,1223 'memori':587 'memorylayout':283 'merg':938 'metadata':682 'miss':479,621,789,1008,1018,1029,1041,1055,1065,1269,1348 'mitr':574 'mixercontrol':1113 'modifi':112 'multi':9,53 'multi-perspect':8,52 'multipl':945 'must':465,1281,1329 'n':1085,1087,1089,1091,1093 'name':353,383,424,443,657,969,971,1322 'navig':225 'network':232,236,265,268,311,402,597,699,1061,1116,1211 'network-level':1210 'next':536,765,1182 'node':299 'note':1267,1342 'noth':1293 'number':280,1324 'observ':1264 'one':152,503,1108 'open':84,94,106,136 'oper':103,426 'optim':678 'optimized/standard':284 'order':550,600 'organ':195 'output':665,932 'p08':1101 'pair':74 'pars':186 'part':258,297 'partial':1017,1028,1040,1054,1064 'pass':499,501,520,527,548,549,551,599,642,647,718,761,766,769,844,936,946,984,1291 'past':170,1009 'pasted/exported':654 'path':390,483,792 'pattern':101,1361 'per':641 'per-pass':640 'perform':50,496,876 'perspect':10,54 'physic':557,611,1192 'plain':177 'plain-text':176 'platform':584 'plausibl':558 'plc':2,11,39,46,60,149,179,376,567,812,963 'plc-code-analysi':1,45 'plcs':349 'point':226,357 'portal':218,323 'postur':1255 'powerrail':304 'practic':569,989,1180,1228,1258 'present':810 'pressur':541 'prevent':489,539,1272 'probabl':1132 'procedur':643 'proceed':763 'process':272,560,602,986,1194,1218 'produc':62,514,753,848 'program':281 'project':346,1043 'propos':798 'protect':889 'protocol':884 'provid':212,732,833,867,909,918,1006,1306,1319,1354 'pump':637 'put/get':877 'putget':1107 'python/c':135 'qualiti':15,57,1247 'rang':622 'rank':66 'rational':601 'raw':164,544 'read':385,397,894,1045,1066 'receiv':148 'recognit':146 'recommend':1265 'reconstruct':290 'record':411,735 'reduc':1234 'refer':244,387,395,504,537,552,660,689,722,955,1038,1047,1176,1327 'references/compiler-critic.md':582 'references/hardware-reviewer.md':592 'references/process-architect.md':556 'references/security-practices.md':563 'references/threat-mapping.md':573 'relat':703 'relev':1177 'remedi':419,748,799,917,1158 'remot':1198 'report':68,464,966,1279,1288,1294 'requir':331,450,751,801,908,1168,1203,1240 'result':897 'retriev':130,319,329,362,375,400,455,869,916,1007,1123 'review':19,27,121,370,461,807,822,843,860,995,1173,1175 'risk':1190,1262 'roadmap':85,95,107 'root':277 'rout':90 'run':715,770,846,1076 'runtim':1311 'safe':33 'safeti':588,589,702,806,1172,1193 'safety-rel':701 'scan':25 'schema':223 'scl':40,165,173,262,974 'scope':246 'sd':364 'second':73 'secur':13,22,55,334,566,598,885,930,988,1206,1226,1254 'sequenti':498 'server':325,881,925 'set':407,596,698,882 'sever':65,615,739,950,961,1082,1184,1186 'severity-rank':64 'siemen':583 'signific':1205 'simat':363 'simaticml':206,222,975,978 'simplest':184 'simul':713,804,1171 'singl':850 'skill':6,87,117,126 'skill-plc-code-analysis' 'sort':959 'sourc':421,692,1003,1030,1120,1307 'source-czarnak' 'specif':511,1159 'specul':1298 'st':41,174 'standalon':5 'standard':680,1178 'start':160,645 'state':1331 'static':670 'status':626,708,879,891,1002 'still':845 'structur':44,51,166,677 'style':1249 'subnet':404 'subsequ':618 'summar':522 'summari':756,1081 'support':1126 'surfac':1232 'suspici':1133,1360 'synthesi':774,997 't0836':1104 'tabl':374,485,1049,1058 'tag':373,377,484,741,1048,1057 'techniqu':579 'temp':672 'text':167,178,189 'threat':990 'three':154 'tia':83,93,217,322 'tia-openness-roadmap':82,92 'titl':1097 'token':540 'tool':133,343,442 'top':564 'top20':1100 'top20-p08':1099 'topic-agent-skills' 'topic-claude-code' 'topic-claude-code-plugin' 'topic-claude-skills' 'topic-codex' 'topic-codex-cli' 'topic-codex-plugin' 'topic-gemini' 'topic-gemini-cli' 'topic-gemini-cli-extension' 'topic-gemini-extension' 'topic-mcp' 'total':339 'treat':435 'tree':347,687,1035,1044 'trigger':17,100 'type':228,674 'udt':481,675,790,1023,1351 'uid':248 'unaddress':1157 'unavail':447 'understand':309,607 'unus':391 'upload':172 'use':336 'user':169,211,378,416,831 'valid':820 'valuabl':270 'var':662,664,666,669,671 'variabl':229,243,394,1014,1321 'verif':705,750,773,907,996,1167 'via':114,131 'violat':1224,1358 'vs':679,1339 'vulner':24 'warn':1073 'way':155 'weaken':1253 'web':880 'whether':712 'wire':300 'within':263 'without':816,1260,1302 'work':725 'workflow':492 'worth':1362 'writabl':382 'write':691 'xml':207,213,976,979,1021 'yaml':365,1022","prices":[{"id":"8d11474d-2687-420c-8322-a0094511e3fd","listingId":"ee758da7-d6ca-4426-bac1-c86d87dd0465","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"Czarnak","category":"totally-integrated-claude","install_from":"skills.sh"},"createdAt":"2026-05-18T13:13:57.510Z"}],"sources":[{"listingId":"ee758da7-d6ca-4426-bac1-c86d87dd0465","source":"github","sourceId":"Czarnak/totally-integrated-claude/plc-code-analysis","sourceUrl":"https://github.com/Czarnak/totally-integrated-claude/tree/main/skills/plc-code-analysis","isPrimary":false,"firstSeenAt":"2026-05-18T13:13:57.510Z","lastSeenAt":"2026-05-18T19:08:29.624Z"}],"details":{"listingId":"ee758da7-d6ca-4426-bac1-c86d87dd0465","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"Czarnak","slug":"plc-code-analysis","github":{"repo":"Czarnak/totally-integrated-claude","stars":9,"topics":["agent-skills","claude-code","claude-code-plugin","claude-skills","codex","codex-cli","codex-plugin","gemini","gemini-cli","gemini-cli-extension","gemini-extension","mcp","mcp-server","siemens","skills","tia-openness","tia-portal"],"license":"mit","html_url":"https://github.com/Czarnak/totally-integrated-claude","pushed_at":"2026-05-08T03:14:15Z","description":"A Claude Code plugin for Siemens TIA Portal engineering automation.","skill_md_sha":"e7f209329974271796266e5be30aefb222011035","skill_md_path":"skills/plc-code-analysis/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/Czarnak/totally-integrated-claude/tree/main/skills/plc-code-analysis"},"layout":"multi","source":"github","category":"totally-integrated-claude","frontmatter":{"name":"plc-code-analysis","description":"Standalone skill for multi-perspective PLC code security and quality analysis. Triggers on: \"review\", \"audit\", \"analyze\", \"security check\", \"vulnerability scan\", \"code review\", \"check this code\", \"is this safe\", \"find issues\" when combined with PLC, SCL, ST, LAD, FBD, Structured Text, or block context. Also triggers when the user pastes PLC code and asks for feedback, or uploads exported SimaticML XML files. This skill is independent of tia-openness-roadmap — it does not perform engineering automation. It analyzes code that has already been exported, pasted, or is accessible via the TIA Portal MCP server."},"skills_sh_url":"https://skills.sh/Czarnak/totally-integrated-claude/plc-code-analysis"},"updatedAt":"2026-05-18T19:08:29.624Z"}}