repo-scan
Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
Best use case
repo-scan is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
Teams using repo-scan should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/repo-scan/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How repo-scan Compares
| Feature / Agent | repo-scan | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# repo-scan > Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight. ## When to Use - Taking over a large legacy codebase and need a structural overview - Before major refactoring — identify what's core, what's duplicate, what's dead - Auditing third-party dependencies embedded directly in source (not declared in package managers) - Preparing architecture decision records for monorepo reorganization ## Installation ```bash # Fetch only the pinned commit for reproducibility mkdir -p ~/.gemini/skills/repo-scan git init repo-scan cd repo-scan git remote add origin https://github.com/haibindev/repo-scan.git git fetch --depth 1 origin 2742664 git checkout --detach FETCH_HEAD cp -r . ~/.gemini/skills/repo-scan ``` > Review the source before installing any agent skill. ## Core Capabilities | Capability | Description | |---|---| | **Cross-stack scanning** | C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass | | **File classification** | Every file tagged as project code, third-party, or build artifact | | **Library detection** | 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction | | **Four-level verdicts** | Core Asset / Extract & Merge / Rebuild / Deprecate | | **HTML reports** | Interactive dark-theme pages with drill-down navigation | | **Monorepo support** | Hierarchical scanning with summary + sub-project reports | ## Analysis Depth Levels | Level | Files Read | Use Case | |---|---|---| | `fast` | 1-2 per module | Quick inventory of huge directories | | `standard` | 2-5 per module | Default audit with full dependency + architecture checks | | `deep` | 5-10 per module | Adds thread safety, memory management, API consistency | | `full` | All files | Pre-merge comprehensive review | ## How It Works 1. **Classify the repo surface**: enumerate files, then tag each as project code, embedded third-party code, or build artifact. 2. **Detect embedded libraries**: inspect directory names, headers, license files, and version markers to identify bundled dependencies and likely versions. 3. **Score each module**: group files by module or subsystem, then assign one of the four verdicts based on ownership, duplication, and maintenance cost. 4. **Highlight structural risks**: call out dead-weight artifacts, duplicated wrappers, outdated vendored code, and modules that should be extracted, rebuilt, or deprecated. 5. **Produce the report**: return a concise summary plus the interactive HTML output with per-module drill-down so the audit can be reviewed asynchronously. ## Examples On a 50,000-file C++ monorepo: - Found FFmpeg 2.x (2015 vintage) still in production - Discovered the same SDK wrapper duplicated 3 times - Identified 636 MB of committed Debug/ipch/obj build artifacts - Classified: 3 MB project code vs 596 MB third-party ## Best Practices - Start with `standard` depth for first-time audits - Use `fast` for monorepos with 100+ modules to get a quick inventory - Run `deep` incrementally on modules flagged for refactoring - Review the cross-module analysis for duplicate detection across sub-projects ## Links - [GitHub Repository](https://github.com/haibindev/repo-scan)
Related Skills
security-scan
Scan your Gemini CLI configuration (.gemini/ directory) for security vulnerabilities, misconfigurations, and injection risks using AgentShield. Checks GEMINI.md, settings.json, MCP servers, hooks, and agent definitions.
x-api
X/Twitter API integration for posting tweets, threads, reading timelines, search, and analytics. Covers OAuth auth patterns, rate limits, and platform-native content posting. Use when the user wants to interact with X programmatically.
workspace-surface-audit
Audit the active repo, MCP servers, plugins, connectors, env surfaces, and harness setup, then recommend the highest-value ECC-native skills, hooks, agents, and operator workflows. Use when the user wants help setting up Gemini CLI or understanding what capabilities are actually available in their environment.
visa-doc-translate
Translate visa application documents (images) to English and create a bilingual PDF with original and translation
videodb
See, Understand, Act on video and audio. See- ingest from local files, URLs, RTSP/live feeds, or live record desktop; return realtime context and playable stream links. Understand- extract frames, build visual/semantic/temporal indexes, and search moments with timestamps and auto-clips. Act- transcode and normalize (codec, fps, resolution, aspect ratio), perform timeline edits (subtitles, text/image overlays, branding, audio overlays, dubbing, translation), generate media assets (image, audio, video), and create real time alerts for events from live streams or desktop capture.
video-editing
AI-assisted video editing workflows for cutting, structuring, and augmenting real footage. Covers the full pipeline from raw capture through FFmpeg, Remotion, ElevenLabs, fal.ai, and final polish in Descript or CapCut. Use when the user wants to edit video, cut footage, create vlogs, or build video content.
verification-loop
Comprehensive verification system for code changes
unified-notifications-ops
Operate notifications as one ECC-native workflow across GitHub, Linear, desktop alerts, hooks, and connected communication surfaces. Use when the real problem is alert routing, deduplication, escalation, or inbox collapse.
ui-demo
Record polished UI demo videos using Playwright. Use when the user asks to create a demo, walkthrough, screen recording, or tutorial video of a web application. Produces WebM videos with visible cursor, natural pacing, and professional feel.
token-budget-advisor
Offers the user an informed choice about how much response depth to consume before answering. Use this skill when the user explicitly wants to control response length, depth, or token budget. TRIGGER when: "token budget", "token count", "token usage", "token limit", "response length", "answer depth", "short version", "brief answer", "detailed answer", "exhaustive answer", "respuesta corta vs larga", "cuántos tokens", "ahorrar tokens", "responde al 50%", "dame la versión corta", "quiero controlar cuánto usas", or clear variants where the user is explicitly asking to control answer size or depth. DO NOT TRIGGER when: user has already specified a level in the current session (maintain it), the request is clearly a one-word answer, or "token" refers to auth/session/payment tokens rather than response size.
terminal-ops
Evidence-first repo execution workflow for ECC. Use when the user wants a command run, a repo checked, a CI failure debugged, or a narrow fix pushed with exact proof of what was executed and verified.
team-builder
Interactive agent picker for composing and dispatching parallel teams