repo-scanning
Internal process for the repo-scanner agent. Defines the step-by-step procedure for scanning GitHub repos for evidence that supports or explains bug clusters. Not user-invocable — loaded by the agent via its `skills: ["repo-scanning"]` frontmatter property.
Best use case
repo-scanning is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Internal process for the repo-scanner agent. Defines the step-by-step procedure for scanning GitHub repos for evidence that supports or explains bug clusters. Not user-invocable — loaded by the agent via its `skills: ["repo-scanning"]` frontmatter property.
Teams using repo-scanning should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/repo-scanning/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How repo-scanning Compares
| Feature / Agent | repo-scanning | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Internal process for the repo-scanner agent. Defines the step-by-step procedure for scanning GitHub repos for evidence that supports or explains bug clusters. Not user-invocable — loaded by the agent via its `skills: ["repo-scanning"]` frontmatter property.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Repo Scanning Process Step-by-step procedure for scanning GitHub repos to gather corroborating evidence for bug clusters, assigning confidence tiers to each finding. ## Instructions ### Step 1: Select Repos For each cluster: 1. Look up repos from surface_repo_mapping using the cluster's product_surface 2. Cap at top 3 repos per cluster (hard limit — never scan more) 3. If no mapping exists, note it as a warning and skip ### Step 2: Search Issues For each repo, call `mcp__triage__search_issues` with the cluster's symptoms and error_strings: - Match error strings against open/recent issues - Assign evidence tier based on match confidence ### Step 3: Inspect Recent Commits Call `mcp__triage__inspect_recent_commits` for each repo: - 7-day window from current date - Filter by affected paths if known from the cluster's feature_area - Look for commits that touch relevant code paths ### Step 4: Inspect Code Paths Call `mcp__triage__inspect_code_paths` with the cluster's surface and feature_area: - Identify likely affected code paths - Check for recent changes or known fragile areas ### Step 5: Check Recent Deploys Call `mcp__triage__check_recent_deploys` for each repo: - Correlate deploy/release timing with cluster's first_seen timestamp - Recent deploy near first_seen is a stronger signal ### Step 6: Assign Evidence Tiers For each piece of evidence, assign a tier: | Tier | Name | Criteria | |------|------|----------| | 1 | Exact | issue_match at >=0.9 confidence | | 2 | Strong | issue_match >=0.7, recent_commit >=0.8, affected_path >=0.7, recent_deploy >=0.8 | | 3 | Moderate | Lower confidence matches, sibling_failure | | 4 | Weak | external_dependency, heuristic proximity | ### Step 7: Handle Degradation If a repo is inaccessible or an API call fails: 1. Log a degraded scan result with the error reason 2. Continue scanning remaining repos — never abort the whole scan 3. Include degradation warnings in output ## References Load evidence tier definitions for proper tier assignment: ``` !cat skills/x-bug-triage/references/evidence-policy.md ```
Related Skills
generating-test-reports
Generate comprehensive test reports with metrics, coverage, and visualizations. Use when performing specialized testing. Trigger with phrases like "generate test report", "create test documentation", or "show test metrics".
scanning-accessibility
Validate WCAG compliance and accessibility standards (ARIA, keyboard navigation). Use when auditing WCAG compliance or screen reader compatibility. Trigger with phrases like "scan accessibility", "check WCAG compliance", or "validate screen readers".
scanning-for-xss-vulnerabilities
Execute this skill enables AI assistant to automatically scan for xss (cross-site scripting) vulnerabilities in code. it is triggered when the user requests to "scan for xss vulnerabilities", "check for xss", or uses the command "/xss". the skill identifies ref... Use when appropriate context detected. Trigger with relevant phrases based on skill purpose.
scanning-for-vulnerabilities
Execute this skill enables comprehensive vulnerability scanning using the vulnerability-scanner plugin. it identifies security vulnerabilities in code, dependencies, and configurations, including cve detection. use this skill when the user asks to scan fo... Use when appropriate context detected. Trigger with relevant phrases based on skill purpose.
generating-security-audit-reports
Generate comprehensive security audit reports for applications and systems. Use when you need to assess security posture, identify vulnerabilities, evaluate compliance status, or create formal security documentation. Trigger with phrases like "create security audit report", "generate security assessment", "audit security posture", or "PCI-DSS compliance report".
scanning-for-secrets
Detect exposed secrets, API keys, and credentials in code. Use when auditing for secret leaks. Trigger with 'scan for secrets', 'find exposed keys', or 'check credentials'.
scanning-input-validation-practices
Scan for input validation vulnerabilities and injection risks. Use when reviewing user input handling. Trigger with 'scan input validation', 'check injection vulnerabilities', or 'validate sanitization'.
scanning-for-gdpr-compliance
Scan for GDPR compliance issues in data handling and privacy practices. Use when ensuring EU data protection compliance. Trigger with 'scan GDPR compliance', 'check data privacy', or 'validate GDPR'.
scanning-for-data-privacy-issues
Scan for data privacy issues and sensitive information exposure. Use when reviewing data handling practices. Trigger with 'scan privacy issues', 'check sensitive data', or 'validate data protection'.
generating-compliance-reports
Generate comprehensive compliance reports for security standards. Use when creating compliance documentation. Trigger with 'generate compliance report', 'compliance status', or 'audit compliance'.
cursor-multi-repo
Work with multiple repositories in Cursor: multi-root workspaces, monorepo patterns, selective indexing, and cross-project context. Triggers on "cursor multi repo", "cursor multiple projects", "cursor monorepo", "cursor workspace", "multi-root workspace".
scanning-container-security
Execute use when you need to work with security and compliance. This skill provides security scanning and vulnerability detection with comprehensive guidance and automation. Trigger with phrases like "scan for vulnerabilities", "implement security controls", or "audit security".