Audit repository assets, detect third-party code, and generate module-level verdict reports.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "repo-scan" skill from askskill: 1. Download https://raw.githubusercontent.com/affaan-m/ECC/main/skills/repo-scan/SKILL.md 2. Save it as ~/.claude/skills/repo-scan/SKILL.md 3. Reload skills and tell me it's ready
Please scan all files in this code repository, classify each file by type, detect embedded third-party libraries, and provide four-level verdicts for each module: safe, watch, risky, and high risk. Finally, generate an interactive HTML report with issue locations, evidence, and remediation suggestions.
A repository asset audit containing file classification, third-party library detection, module-level risk verdicts, and an interactive HTML report.
Analyze each module in this legacy project, find copied, embedded, or pasted third-party code, determine which components have unclear origins, outdated versions, or maintenance risks, and output a prioritized list using four-level verdicts.
A legacy-risk-focused list showing suspicious third-party components, risk levels, affected modules, and prioritized remediation advice.
Run a full source asset audit before release, count file types, identify the distribution of third-party libraries, and provide four-level verdicts plus remediation advice for each module. Output an HTML report suitable for team review.
A pre-release source audit report showing asset distribution, third-party library findings, module verdicts, and remediation recommendations.
Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.
# Fetch only the pinned commit for reproducibility
mkdir -p ~/.claude/skills/repo-scan
git init repo-scan
cd repo-scan
git remote add origin https://github.com/haibindev/repo-scan.git
git fetch --depth 1 origin 2742664
git checkout --detach FETCH_HEAD
cp -r . ~/.claude/skills/repo-scan
Review the source before installing any agent skill.
| Capability | Description |
|---|---|
| Cross-stack scanning | C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass |
| File classification | Every file tagged as project code, third-party, or build artifact |
| Library detection | 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction |
| Four-level verdicts | Core Asset / Extract & Merge / Rebuild / Deprecate |
| HTML reports | Interactive dark-theme pages with drill-down navigation |
| Monorepo support | Hierarchical scanning with summary + sub-project reports |
| Level | Files Read | Use Case |
|---|---|---|
fast | 1-2 per module | Quick inventory of huge directories |
standard | 2-5 per module | Default audit with full dependency + architecture checks |
deep | 5-10 per module | Adds thread safety, memory management, API consistency |
full | All files | Pre-merge comprehensive review |
On a 50,000-file C++ monorepo:
standard depth for first-time auditsfast for monorepos with 100+ modules to get a quick inventorydeep incrementally on modules flagged for refactoringPlan a reliable home or homelab network with practical setup guidance.
Query genomic databases, run sequence searches, and log reproducible bioinformatics evidence.
Write, fix, and improve tests for React components, hooks, and pages.
Review prediction-market workflows for compliance, safety, privacy, and execution risks.
Understand Swift 6.2 concurrency changes and apply them safely in code.
Create project guideline examples to align team workflows and documentation.
Scan Python projects and GitHub repos for vulnerabilities, secrets, and AI risk insights.
Scan project risks and quality issues with a health score and fixes.
Scan repos and smart contracts for quantum-vulnerable ECDSA and RSA usage.
Scan AI-generated code for injections, secrets, SSRF, and risky patterns.
Clone GitHub repos, audit code, scan security issues, and explain code intelligently.
Scan Claude Code configs for vulnerabilities, misconfigurations, and prompt injection risks.