ModuleChecker is a code quality and security linter built into the CMSMS admin panel. It scans any installed module and reports findings across three categories: security, general compliance, and best practices.

Features:

• PHP check classes covering permissions, SQL injection, XSS, deprecated code, file hygiene, naming conventions, and more
• JSON pattern rules with automatic update support from GitHub
• Scoring system (0 to 100) with pass/warning/fail verdicts
• Report saving with unique tokens for sharing
• Email reports directly to module authors
• Source code viewer for flagged files
• Optional AI audit reports and refactoring plans via OpenAI
• Respects .distignore and .gitignore for file exclusions
• Fully read-only. Never modifies scanned modules.

Designed for module developers who want to validate their work before submitting to Forge, and for site administrators who want to audit third-party modules.