Skip to content

feat(skills): add repo-scan skill#911

Merged
affaan-m merged 5 commits into
affaan-m:mainfrom
haibindev:main
Mar 29, 2026
Merged

feat(skills): add repo-scan skill#911
affaan-m merged 5 commits into
affaan-m:mainfrom
haibindev:main

Conversation

@haibindev

@haibindev haibindev commented Mar 25, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds repo-scan, a cross-stack source code asset audit skill for Claude Code.

  • Scans C/C++, Java/Android, iOS, and Web projects in one unified pass
  • Classifies every file as project code, third-party, or build artifact
  • Auto-detects 50+ embedded libraries (FFmpeg, Boost, OpenSSL…) with version extraction
  • Delivers four-level verdicts per module: Core Asset / Extract & Merge / Rebuild / Deprecate
  • Generates interactive HTML reports with drill-down navigation
  • Token-efficient: three-layer analysis (filename inference → key file → quality sampling)

Tested on: 50,000+ file C++ monorepo — identified legacy FFmpeg 2.x, 3x duplicated SDK wrappers, and 636 MB committed build artifacts.

Repository: https://github.com/haibindev/repo-scan

Checklist

  • Skill includes a SKILL.md with proper frontmatter
  • Follows the existing skill format conventions
  • Repository is publicly accessible
  • MIT licensed

Summary by cubic

Add repo-scan, a cross-stack source code audit skill for C/C++, Java/Android, iOS, and Web with interactive HTML reports; installation is now pinned and shallow-fetched for reproducible, safer installs.

  • New Features

    • Classifies files as project code, third-party, or build artifacts
    • Detects 50+ embedded libraries and extracts versions
    • Outputs module verdicts: Core Asset / Extract & Merge / Rebuild / Deprecate
    • Supports configurable scan depth: fast, standard, deep, full
  • Bug Fixes

    • Tighten install flow in SKILL.md: shallow fetch and copy only a pinned commit
    • Fix frontmatter and rename sections per review feedback

Written for commit dcc4d91. Summary will update on new commits.

Summary by CodeRabbit

  • Documentation
    • Added comprehensive documentation for a new repo-scan skill: cross-stack source-code auditing, file classification, detection and version extraction for many third-party libraries, per-module four-level verdicting, interactive dark-themed HTML reports with drill-down and monorepo summaries, four analysis depth modes (fast/standard/deep/full), end-to-end workflow, installation/activation steps, examples and best-practice guidance.

@coderabbitai

coderabbitai Bot commented Mar 25, 2026

Copy link
Copy Markdown
Contributor

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 91315810-9ec3-4c37-9c1a-f461062fd2f6

📥 Commits

Reviewing files that changed from the base of the PR and between 57e9983 and dcc4d91.

📒 Files selected for processing (1)
  • skills/repo-scan/SKILL.md

📝 Walkthrough

Walkthrough

Added a new documentation file skills/repo-scan/SKILL.md describing the repo-scan skill: a cross-stack source-code audit that classifies files, detects embedded third-party libraries (50+ with version extraction), assigns per-module four-level verdicts, supports monorepos, multiple analysis depths, and generates interactive dark-themed HTML reports.

Changes

Cohort / File(s) Summary
Repo-Scan Skill Documentation
skills/repo-scan/SKILL.md
New comprehensive skill documentation: purpose & scope, capabilities (cross-stack scanning, file classification, third-party library detection with version extraction), four-level per-module verdicting, monorepo support, analysis depth modes (fast/standard/deep/full), end-to-end workflow (classification → embedded lib detection → scoring → HTML report), installation steps with pinned commit, examples and best practices.

Sequence Diagram(s)

sequenceDiagram
    participant User as User / Orchestrator
    participant Scanner as RepoScanner
    participant LibDB as Library DB
    participant AI as AI Analyzer
    participant Reporter as Report Generator
    participant Output as HTML Report

    User->>Scanner: Start scan (repo, mode)
    Scanner->>LibDB: Lookup signatures & known libs
    LibDB-->>Scanner: Matches + versions
    Scanner->>AI: Emit modules, file classifications, metadata
    AI->>AI: Analyze, detect embedded libs, assign verdicts
    AI-->>Reporter: Findings + per-module verdicts
    Reporter->>Output: Generate interactive dark-themed HTML (summary + drills)
    Output-->>User: Deliver report
Loading

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

Poem

🐰 I hopped through folders, sniffed each line,
Found hidden gems and versions fine,
From quick to full I gave my say,
Dark HTML lights the way,
A rabbit’s scan — concise and kind. 🥕🔍

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'feat(skills): add repo-scan skill' clearly and concisely summarizes the primary change: adding a new skill documentation for repo-scan to the skills directory.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file


Since this is your first cubic review, here's how it works:

  • cubic automatically reviews your code and comments on bugs and improvements
  • Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
  • Add one-off context when rerunning by tagging @cubic-dev-ai with guidance or docs links (including llms.txt)
  • Ask questions if you need clarification on any suggestion

@greptile-apps

greptile-apps Bot commented Mar 25, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR adds a new community skill repo-scan that wraps an external cross-stack source-code audit tool. The SKILL.md correctly follows the repo's frontmatter conventions (origin: community) and provides a useful overview of capabilities, depth levels, and best practices. However, the installation script has a concrete usability defect that will affect every new user.

Key findings:

  • P1 — Install script leaves temp directory, breaks on re-run: git init repo-scan + cd repo-scan creates a persistent directory in the user's CWD that is never cleaned up, and the git remote add origin step will error on re-execution.
  • P2 — .git/ copied to skill destination: cp -r . ~/.claude/skills/repo-scan copies the full git metadata alongside skill content, adding unnecessary overhead.
  • P2 — Abbreviated SHA 2742664: Only 7 characters; the full 40-character SHA should be used for guaranteed reproducibility.
  • P2 — Examples show findings, not invocation patterns: Per the CONTRIBUTING.md checklist, skills should include practical examples of how to invoke them, not just what they discovered on a sample project.

Confidence Score: 4/5

Safe to merge after fixing the install script cleanup issue; the P1 defect affects every user's first install experience.

One P1 finding (install script leaves temp directory and is not idempotent) should be addressed before merge. The remaining P2 issues are improvements to install script quality and documentation completeness that don't block core functionality.

skills/repo-scan/SKILL.md — specifically the Installation bash block (lines 21-28)

Important Files Changed

Filename Overview
skills/repo-scan/SKILL.md New community skill wrapping an external repo-scan tool; the install script leaves a temp directory behind, copies .git/ to the destination, uses an abbreviated SHA, and is not idempotent — all of which impact the user experience.

Sequence Diagram

sequenceDiagram
    participant User
    participant CWD as Current Working Dir
    participant GH as GitHub (haibindev/repo-scan)
    participant Dest as ~/.claude/skills/repo-scan

    User->>CWD: mkdir -p ~/.claude/skills/repo-scan
    User->>CWD: git init repo-scan (creates temp dir)
    User->>CWD: cd repo-scan
    User->>GH: git fetch --depth 1 origin 2742664
    GH-->>CWD: commit contents
    User->>CWD: git checkout --detach FETCH_HEAD
    User->>Dest: cp -r . (copies files + .git/)
    Note over CWD: temp repo-scan/ never deleted
    Note over Dest: .git/ dir included unnecessarily
    User->>User: Session left inside repo-scan/ dir
Loading

Comments Outside Diff (1)

  1. skills/repo-scan/SKILL.md, line 21-28 (link)

    Install script leaves temp directory behind and is not idempotent

    The install script runs git init repo-scan and cd repo-scan in the user's CWD, but never cleans up that temporary directory after copying. After the script completes the user is:

    1. Stranded inside the temporary repo-scan/ directory (due to cd repo-scan).
    2. Left with a permanent repo-scan/ directory in whatever folder they ran the script from.

    Additionally, re-running the script will fail at git remote add origin because the remote already exists, making the installation non-idempotent.

    A self-contained approach using a mktemp-based temp directory and automatic cleanup would be more robust:

    mkdir -p ~/.claude/skills/repo-scan
    TMPDIR=$(mktemp -d)
    git clone --depth 1 https://github.com/haibindev/repo-scan.git "$TMPDIR/repo-scan"
    cd "$TMPDIR/repo-scan"
    git fetch --depth 1 origin 2742664
    git checkout --detach FETCH_HEAD
    cp -r . ~/.claude/skills/repo-scan
    cd -
    rm -rf "$TMPDIR"

Reviews (4): Last reviewed commit: "fix(skills): tighten repo-scan install f..." | Re-trigger Greptile

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@skills/repo-scan/SKILL.md`:
- Line 58: Rename the section header "Real-World Example" to "Examples" in the
SKILL.md so the document follows the required skill documentation format; locate
the header string "Real-World Example" and replace it with "Examples", ensuring
the surrounding sections remain 'When to Use' and 'How It Works' and that any
internal references to the old header are updated accordingly.
- Line 52: The section header "## Workflow" in SKILL.md should be renamed to "##
How It Works" to conform to the skill documentation standard; locate the header
string "## Workflow" in skills/repo-scan/SKILL.md and replace it with "## How It
Works" so the file uses the required 'When to Use', 'How It Works', and
'Examples' section naming convention.
- Line 15: Rename the section header "When to Activate" to "When to Use" in the
SKILL.md content; update the heading text exactly from "When to Activate" to
"When to Use" and verify the Skills file follows the required sections sequence
('When to Use', 'How It Works', 'Examples') so formatting and section names
match the coding guidelines.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f7906626-8a60-4239-8bed-a337018b7512

📥 Commits

Reviewing files that changed from the base of the PR and between 4105a2f and d952a07.

📒 Files selected for processing (1)
  • skills/repo-scan/SKILL.md

Comment thread skills/repo-scan/SKILL.md Outdated
Comment thread skills/repo-scan/SKILL.md Outdated
Comment thread skills/repo-scan/SKILL.md Outdated

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 1 file (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="skills/repo-scan/SKILL.md">

<violation number="1" location="skills/repo-scan/SKILL.md:26">
P1: Installation instructions clone unpinned code from an external repository, creating supply-chain and reproducibility risk.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.

Comment thread skills/repo-scan/SKILL.md Outdated
@affaan-m

Copy link
Copy Markdown
Owner

thanks, queued for review. if there are user-facing behavior changes or docs impacts, please add a short note in the PR body.

@affaan-m affaan-m merged commit 70b98f3 into affaan-m:main Mar 29, 2026
2 of 3 checks passed

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 1 file (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="skills/repo-scan/SKILL.md">

<violation number="1" location="skills/repo-scan/SKILL.md:26">
P2: Installation instructions use `git fetch` with a raw commit hash refspec, which fails (`couldn't find remote ref`) and can break the documented install flow.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.

Comment thread skills/repo-scan/SKILL.md
git init repo-scan
cd repo-scan
git remote add origin https://github.com/haibindev/repo-scan.git
git fetch --depth 1 origin 2742664

@cubic-dev-ai cubic-dev-ai Bot Mar 29, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Installation instructions use git fetch with a raw commit hash refspec, which fails (couldn't find remote ref) and can break the documented install flow.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At skills/repo-scan/SKILL.md, line 26:

<comment>Installation instructions use `git fetch` with a raw commit hash refspec, which fails (`couldn't find remote ref`) and can break the documented install flow.</comment>

<file context>
@@ -17,12 +17,16 @@ origin: community
+git init repo-scan
+cd repo-scan
+git remote add origin https://github.com/haibindev/repo-scan.git
+git fetch --depth 1 origin 2742664
+git checkout --detach FETCH_HEAD
+cp -r . ~/.claude/skills/repo-scan
</file context>
Fix with Cubic

peiking88 pushed a commit to peiking88/everything-claude-code that referenced this pull request Apr 4, 2026
feat(skills): add repo-scan skill
FrancescoRosciano pushed a commit to FRosciano-Mambo/everything-claude-code that referenced this pull request Jun 1, 2026
feat(skills): add repo-scan skill
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants