Repo Scan

Name: Repo Scan
Author: affaan-m

affaan-m/everything-claude-code

Scan a messy multi-language repo once, classify every file, flag embedded third-party code, and export four-level module verdicts with an HTML report.

Overview

repo-scan is an agent skill most often used in Ship (also Validate scope, Operate iterate) that audits cross-stack source trees with per-module verdicts and HTML reports.

Install

npx skills add https://github.com/affaan-m/everything-claude-code --skill repo-scan

What is this skill?

Cross-stack scan in one pass: C/C++, Java/Android, iOS (ObjC/Swift), Web (TS/JS/Vue)
Every file classified as project code, third-party, or build artifact
50+ known embedded libraries detected (e.g. FFmpeg, Boost) beyond package managers
Four-level actionable verdict per module plus interactive HTML reporting
50+ known libraries in detection set
Four-level verdict per module
Cross-stack coverage: C/C++, Java/Android, iOS, Web

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 3.5k installs on skills.sh; 210k GitHub stars; 2/3 security scanners passed (skills.sh audits).

What problem does it solve?

You inherited a large mixed C++, mobile, and web repo and cannot tell how much code is yours, what is vendored, or what to delete safely.

Who is it for?

Builders taking over legacy monorepos or planning major refactors who need a single structural map across stacks.

Skip if: Greenfield single-package repos already well described by one lockfile, or teams needing live production telemetry instead of static source audit.

When should I use this skill?

Taking over a large legacy codebase, before major refactoring, auditing embedded third-party source, or preparing architecture decision records.

What do I get? / Deliverables

You receive a classified inventory, embedded-library findings, and four-level module verdicts in an interactive HTML report to drive refactor and ADR decisions.

Per-file classification (project, third-party, artifact)
Four-level module verdicts with actionable guidance
Interactive HTML audit report

Recommended Skills

Improve Codebase Architecturemattpocock/skills

Improve Codebase Architecture is an agent skill that teaches how to deepen a cluster of shallow modules without breaking…226k installs·121k stars

Zoom Outmattpocock/skills

Lightweight meta-prompt skill that tells the agent to zoom out and deliver a domain-aligned overview of modules and call…181k installs·121k stars

Caveman Reviewjuliusbrussee/caveman

Formats code review as single actionable lines: location, problem, fix, with minimal noise.139k installs·70k stars

Requesting Code Reviewobra/superpowers

Requesting Code Review is an agent skill from the Superpowers collection that gives solo and indie builders a copy-ready…119k installs·221k stars

Receiving Code Reviewobra/superpowers

Superpowers methodology for agents receiving code review: prioritize technical correctness over social comfort, verify e…96.2k installs·221k stars

Request Refactor Planmattpocock/skills

request-refactor-plan is a structured agent workflow for solo and small-team maintainers who want refactors filed as act…30.5k installs·121k stars

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Ship review is the canonical shelf for pre-refactor and pre-release structural audits where you need verdicts on what is yours versus vendored versus dead weight. Review subphase fits asset-level classification and module verdicts—not runtime monitoring (Operate) or initial idea research.

Also useful

ValidateScope & plan

Also useful

OperateIteration & experiments

Where it fits

Example use

ValidateScope & plan

Estimate rewrite vs wrap strategy after seeing how much of the tree is FFmpeg or other embedded libs.

Example use

ShipCode review

Produce an HTML module map for contractors before a six-month refactor program.

Example use

OperateIteration & experiments

Re-scan after deleting duplicate vendored copies to confirm verdict upgrades.

Example use

BuildProject management & tracking

Attach classification stats to an architecture decision record for monorepo split.

How it compares

Cross-stack source asset auditor with HTML deliverable—not an MCP dependency server or a CI vulnerability scanner.

Common Questions / FAQ

Who is repo-scan for?

Solo founders and indie teams onboarding to large multi-language codebases who need classification and verdicts before restructuring.

When should I use repo-scan?

At Validate scope when sizing takeover work; at Ship review before a big refactor; at Operate iterate when cleaning embedded third-party trees; when writing architecture decision records.

Is repo-scan safe to install?

Install only from the pinned commit after reviewing upstream source and the Security Audits panel on this Prism page—skills run with your agent’s filesystem access.

SKILL.md

READMESKILL.md - Repo Scan

# repo-scan



> Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.



## When to Use



- Taking over a large legacy codebase and need a structural overview

- Before major refactoring — identify what's core, what's duplicate, what's dead

- Auditing third-party dependencies embedded directly in source (not declared in package managers)

- Preparing architecture decision records for monorepo reorganization



## Installation



```bash
# Fetch only the pinned commit for reproducibility
mkdir -p ~/.claude/skills/repo-scan
git init repo-scan
cd repo-scan
git remote add origin https://github.com/haibindev/repo-scan.git
git fetch --depth 1 origin 2742664
git checkout --detach FETCH_HEAD
cp -r . ~/.claude/skills/repo-scan
```


> Review the source before installing any agent skill.



## Core Capabilities



| Capability | Description |

|---|---|

| **Cross-stack scanning** | C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass |

| **File classification** | Every file tagged as project code, third-party, or build artifact |

| **Library detection** | 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction |

| **Four-level verdicts** | Core Asset / Extract & Merge / Rebuild / Deprecate |

| **HTML reports** | Interactive dark-theme pages with drill-down navigation |

| **Monorepo support** | Hierarchical scanning with summary + sub-project reports |



## Analysis Depth Levels



| Level | Files Read | Use Case |

|---|---|---|

| `fast` | 1-2 per module | Quick inventory of huge directories |

| `standard` | 2-5 per module | Default audit with full dependency + architecture checks |

| `deep` | 5-10 per module | Adds thread safety, memory management, API consistency |

| `full` | All files | Pre-merge comprehensive review |



## How It Works



1. **Classify the repo surface**: enumerate files, then tag each as project code, embedded third-party code, or build artifact.
2. **Detect embedded libraries**: inspect directory names, headers, license files, and version markers to identify bundled dependencies and likely versions.
3. **Score each module**: group files by module or subsystem, then assign one of the four verdicts based on ownership, duplication, and maintenance cost.
4. **Highlight structural risks**: call out dead-weight artifacts, duplicated wrappers, outdated vendored code, and modules that should be extracted, rebuilt, or deprecated.
5. **Produce the report**: return a concise summary plus the interactive HTML output with per-module drill-down so the audit can be reviewed asynchronously.


## Examples



On a 50,000-file C++ monorepo:

- Found FFmpeg 2.x (2015 vintage) still in production

- Discovered the same SDK wrapper duplicated 3 times

- Identified 636 MB of committed Debug/ipch/obj build artifacts

- Classified: 3 MB project code vs 596 MB third-party



## Best Practices



- Start with `standard` depth for first-time audits

- Use `fast` for monorepos with 100+ modules to get a quick inventory

- Run `deep` incrementally on modules flagged for refactoring

- Review the cross-module analysis for duplicate detection across sub-projects



## Links



- [GitHub Repository](https://github.com/haibindev/repo-scan)

What is this skill?

Cross-stack scan in one pass: C/C++, Java/Android, iOS (ObjC/Swift), Web (TS/JS/Vue)

Every file classified as project code, third-party, or build artifact

50+ known embedded libraries detected (e.g. FFmpeg, Boost) beyond package managers

Four-level actionable verdict per module plus interactive HTML reporting

50+ known libraries in detection set

Four-level verdict per module

Cross-stack coverage: C/C++, Java/Android, iOS, Web

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 3.5k installs on skills.sh; 210k GitHub stars; 2/3 security scanners passed (skills.sh audits).

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Also useful

Also useful

OperateIteration & experiments

Where it fits

Example use

ValidateScope & plan

Estimate rewrite vs wrap strategy after seeing how much of the tree is FFmpeg or other embedded libs.

Example use

ShipCode review

Produce an HTML module map for contractors before a six-month refactor program.

Example use

OperateIteration & experiments

Re-scan after deleting duplicate vendored copies to confirm verdict upgrades.

Example use

BuildProject management & tracking

Attach classification stats to an architecture decision record for monorepo split.

SKILL.md

READMESKILL.md - Repo Scan

# repo-scan



> Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.



## When to Use



- Taking over a large legacy codebase and need a structural overview

- Before major refactoring — identify what's core, what's duplicate, what's dead

- Auditing third-party dependencies embedded directly in source (not declared in package managers)

- Preparing architecture decision records for monorepo reorganization



## Installation



```bash
# Fetch only the pinned commit for reproducibility
mkdir -p ~/.claude/skills/repo-scan
git init repo-scan
cd repo-scan
git remote add origin https://github.com/haibindev/repo-scan.git
git fetch --depth 1 origin 2742664
git checkout --detach FETCH_HEAD
cp -r . ~/.claude/skills/repo-scan
```


> Review the source before installing any agent skill.



## Core Capabilities



| Capability | Description |

|---|---|

| **Cross-stack scanning** | C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass |

| **File classification** | Every file tagged as project code, third-party, or build artifact |

| **Library detection** | 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction |

| **Four-level verdicts** | Core Asset / Extract & Merge / Rebuild / Deprecate |

| **HTML reports** | Interactive dark-theme pages with drill-down navigation |

| **Monorepo support** | Hierarchical scanning with summary + sub-project reports |



## Analysis Depth Levels



| Level | Files Read | Use Case |

|---|---|---|

| `fast` | 1-2 per module | Quick inventory of huge directories |

| `standard` | 2-5 per module | Default audit with full dependency + architecture checks |

| `deep` | 5-10 per module | Adds thread safety, memory management, API consistency |

| `full` | All files | Pre-merge comprehensive review |



## How It Works



1. **Classify the repo surface**: enumerate files, then tag each as project code, embedded third-party code, or build artifact.
2. **Detect embedded libraries**: inspect directory names, headers, license files, and version markers to identify bundled dependencies and likely versions.
3. **Score each module**: group files by module or subsystem, then assign one of the four verdicts based on ownership, duplication, and maintenance cost.
4. **Highlight structural risks**: call out dead-weight artifacts, duplicated wrappers, outdated vendored code, and modules that should be extracted, rebuilt, or deprecated.
5. **Produce the report**: return a concise summary plus the interactive HTML output with per-module drill-down so the audit can be reviewed asynchronously.


## Examples



On a 50,000-file C++ monorepo:

- Found FFmpeg 2.x (2015 vintage) still in production

- Discovered the same SDK wrapper duplicated 3 times

- Identified 636 MB of committed Debug/ipch/obj build artifacts

- Classified: 3 MB project code vs 596 MB third-party



## Best Practices



- Start with `standard` depth for first-time audits

- Use `fast` for monorepos with 100+ modules to get a quick inventory

- Run `deep` incrementally on modules flagged for refactoring

- Review the cross-module analysis for duplicate detection across sub-projects



## Links



- [GitHub Repository](https://github.com/haibindev/repo-scan)

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is repo-scan for?

When should I use repo-scan?

Is repo-scan safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is repo-scan for?

When should I use repo-scan?

Is repo-scan safe to install?

SKILL.md