SkillRepo
Sign InSign Up
Catalog
affaan-m/repo-scan

affaan-m

repo-scan

Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.

global
0installs0uses~886
v1.1Saved Apr 20, 2026

repo-scan

Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.

When to Use

  • Taking over a large legacy codebase and need a structural overview
  • Before major refactoring — identify what's core, what's duplicate, what's dead
  • Auditing third-party dependencies embedded directly in source (not declared in package managers)
  • Preparing architecture decision records for monorepo reorganization

Installation

# Fetch only the pinned commit for reproducibility
mkdir -p ~/.claude/skills/repo-scan
git init repo-scan
cd repo-scan
git remote add origin https://github.com/haibindev/repo-scan.git
git fetch --depth 1 origin 2742664
git checkout --detach FETCH_HEAD
cp -r . ~/.claude/skills/repo-scan

Review the source before installing any agent skill.

Core Capabilities

Capability Description
Cross-stack scanning C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass
File classification Every file tagged as project code, third-party, or build artifact
Library detection 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction
Four-level verdicts Core Asset / Extract & Merge / Rebuild / Deprecate
HTML reports Interactive dark-theme pages with drill-down navigation
Monorepo support Hierarchical scanning with summary + sub-project reports

Analysis Depth Levels

Level Files Read Use Case
fast 1-2 per module Quick inventory of huge directories
standard 2-5 per module Default audit with full dependency + architecture checks
deep 5-10 per module Adds thread safety, memory management, API consistency
full All files Pre-merge comprehensive review

How It Works

  1. Classify the repo surface: enumerate files, then tag each as project code, embedded third-party code, or build artifact.
  2. Detect embedded libraries: inspect directory names, headers, license files, and version markers to identify bundled dependencies and likely versions.
  3. Score each module: group files by module or subsystem, then assign one of the four verdicts based on ownership, duplication, and maintenance cost.
  4. Highlight structural risks: call out dead-weight artifacts, duplicated wrappers, outdated vendored code, and modules that should be extracted, rebuilt, or deprecated.
  5. Produce the report: return a concise summary plus the interactive HTML output with per-module drill-down so the audit can be reviewed asynchronously.

Examples

On a 50,000-file C++ monorepo:

  • Found FFmpeg 2.x (2015 vintage) still in production
  • Discovered the same SDK wrapper duplicated 3 times
  • Identified 636 MB of committed Debug/ipch/obj build artifacts
  • Classified: 3 MB project code vs 596 MB third-party

Best Practices

  • Start with standard depth for first-time audits
  • Use fast for monorepos with 100+ modules to get a quick inventory
  • Run deep incrementally on modules flagged for refactoring
  • Review the cross-module analysis for duplicate detection across sub-projects

Links

Files1
1 files · 1.0 KB

Select a file to preview

Overall Score

76/100

Grade

B

Good

Safety

82

Quality

73

Clarity

79

Completeness

65

Summary

repo-scan is a cross-stack source code audit tool that classifies files, detects embedded third-party libraries, and generates interactive HTML reports with four-level verdicts (Core Asset/Extract & Merge/Rebuild/Deprecate) for C++, Java, iOS, Web, and monorepo projects. It helps teams understand code ownership, identify dead weight, and prepare for refactoring.

Detected Capabilities

cross-language file classification (C++, Java, Android, iOS, Web)embedded library detection with version extraction (50+ known libraries)module-level scoring and verdict assignmentinteractive HTML report generation with drill-down navigationmonorepo hierarchical scanning with summary reportsconfigurable analysis depth (fast/standard/deep/full)

Trigger Keywords

Phrases that MCP clients use to match this skill to user intent.

audit codebase structureidentify third-party codedetect duplicate dependenciesmonorepo inventorylegacy code reviewrefactoring preparationlibrary version detection

Risk Signals

INFO

External GitHub repository clone and checkout during installation

Installation section, git commands
INFO

Tool operates on entire repository trees with no explicit scope boundaries documented

Core Capabilities and How It Works sections
WARNING

No documented guardrails on file read scope or maximum repo size handling

Analysis Depth Levels table and overall capability description

Referenced Domains

External domains referenced in skill content, detected by static analysis.

github.com

Use Cases

  • audit legacy codebase structure and code ownership distribution
  • identify embedded third-party libraries not declared in package managers
  • detect duplicate vendored dependencies across monorepos
  • prepare architecture decision records before major refactoring
  • inventory large codebases with 50,000+ files across multiple languages

Quality Notes

  • Excellent use of tables to organize depth levels, capabilities, and examples — structure is clear and actionable
  • Well-articulated problem statement in opening paragraph establishes clear motivation for the tool
  • Examples section provides concrete, quantified outcomes (636 MB artifacts found, FFmpeg version detected) that build credibility
  • Installation instructions include explicit review warning ('Review the source before installing') which is good practice
  • Best practices section provides practical guidance on depth selection and monorepo strategies
  • Missing: explicit documentation of maximum repo size, timeout behavior, or resource constraints
  • Missing: error handling guidance (what happens with unsupported file formats, encoding issues, symlinks, etc.)
  • Missing: output schema or sample HTML report structure — agents and users cannot predict report format
  • Missing: list of all 50+ detected libraries — only examples given (FFmpeg, Boost, OpenSSL)
  • Missing: clarification on what 'interactive dark-theme' report means in terms of agent interaction capability
Model: claude-haiku-4-5-20251001Analyzed: Apr 20, 2026

Reviews

Add this skill to your library to leave a review.

No reviews yet

Be the first to share your experience.

Version History

v1.1

Content updated

2026-04-20

Latest
v1.0

No changelog

2026-04-12

Add affaan-m/repo-scan to your library

Get Started Free

Command Palette

Search for a command to run...

affaan-m/repo-scan | SkillRepo