From 7229e09df1bd2df541d917a7bde3e177f3a5efb1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=B5=B7=E6=BB=A8code?= <haibindev@gmail.com>
Date: Wed, 25 Mar 2026 17:11:47 +0800
Subject: [PATCH 1/5] feat(skills): add repo-scan skill

---
 skills/repo-scan/SKILL.md | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 skills/repo-scan/SKILL.md

diff --git a/skills/repo-scan/SKILL.md b/skills/repo-scan/SKILL.md
new file mode 100644
index 00000000..e69de29b

From 369f66297a3dd0103efaa9eacb1be62fb57091fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=B5=B7=E6=BB=A8code?= <haibindev@gmail.com>
Date: Wed, 25 Mar 2026 19:54:01 +0800
Subject: [PATCH 2/5] fix: populate SKILL.md with actual content


From d952a07c73db5147c2a22c2813baa18b2160c5fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=B5=B7=E6=BB=A8code?= <haibindev@gmail.com>
Date: Wed, 25 Mar 2026 19:54:57 +0800
Subject: [PATCH 3/5] fix: populate SKILL.md with actual content

---
 skills/repo-scan/SKILL.md | 75 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)

diff --git a/skills/repo-scan/SKILL.md b/skills/repo-scan/SKILL.md
index e69de29b..771429e1 100644
--- a/skills/repo-scan/SKILL.md
+++ b/skills/repo-scan/SKILL.md
@@ -0,0 +1,75 @@
+---
+name: repo-scan
+description: Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
+origin: https://github.com/haibindev/repo-scan
+tools:
+  - file analysis
+  - dependency detection
+  - HTML report generation
+---
+
+# repo-scan
+
+> Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.
+
+## When to Activate
+
+- Taking over a large legacy codebase and need a structural overview
+- Before major refactoring — identify what's core, what's duplicate, what's dead
+- Auditing third-party dependencies embedded directly in source (not declared in package managers)
+- Preparing architecture decision records for monorepo reorganization
+
+## Installation
+
+```bash
+# Copy into your Claude Code skills directory
+git clone https://github.com/haibindev/repo-scan.git
+cp -r repo-scan ~/.claude/skills/repo-scan
+```
+
+> Review the source before installing any agent skill.
+
+## Core Capabilities
+
+| Capability | Description |
+|---|---|
+| **Cross-stack scanning** | C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass |
+| **File classification** | Every file tagged as project code, third-party, or build artifact |
+| **Library detection** | 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction |
+| **Four-level verdicts** | Core Asset / Extract & Merge / Rebuild / Deprecate |
+| **HTML reports** | Interactive dark-theme pages with drill-down navigation |
+| **Monorepo support** | Hierarchical scanning with summary + sub-project reports |
+
+## Analysis Depth Levels
+
+| Level | Files Read | Use Case |
+|---|---|---|
+| `fast` | 1-2 per module | Quick inventory of huge directories |
+| `standard` | 2-5 per module | Default audit with full dependency + architecture checks |
+| `deep` | 5-10 per module | Adds thread safety, memory management, API consistency |
+| `full` | All files | Pre-merge comprehensive review |
+
+## Workflow
+
+1. **Scan**: `/repo-scan` runs a pre-scan pass to classify files and detect dependencies
+2. **Analyze**: AI reviews the structured data and assigns verdicts per module
+3. **Report**: Interactive HTML report generated with verdict distribution and drill-down
+
+## Real-World Example
+
+On a 50,000-file C++ monorepo:
+- Found FFmpeg 2.x (2015 vintage) still in production
+- Discovered the same SDK wrapper duplicated 3 times
+- Identified 636 MB of committed Debug/ipch/obj build artifacts
+- Classified: 3 MB project code vs 596 MB third-party
+
+## Best Practices
+
+- Start with `standard` depth for first-time audits
+- Use `fast` for monorepos with 100+ modules to get a quick inventory
+- Run `deep` incrementally on modules flagged for refactoring
+- Review the cross-module analysis for duplicate detection across sub-projects
+
+## Links
+
+- [GitHub Repository](https://github.com/haibindev/repo-scan)

From 57e9983c88738a8111828a10cff46033e28c7f13 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=B5=B7=E6=BB=A8code?= <haibindev@gmail.com>
Date: Wed, 25 Mar 2026 20:05:55 +0800
Subject: [PATCH 4/5] =?UTF-8?q?fix:=20address=20review=20feedback=20?=
 =?UTF-8?q?=E2=80=94=20rename=20sections,=20pin=20install=20commit,=20fix?=
 =?UTF-8?q?=20frontmatter?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 skills/repo-scan/SKILL.md | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/skills/repo-scan/SKILL.md b/skills/repo-scan/SKILL.md
index 771429e1..9e7bb470 100644
--- a/skills/repo-scan/SKILL.md
+++ b/skills/repo-scan/SKILL.md
@@ -1,18 +1,14 @@
 ---
 name: repo-scan
 description: Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
-origin: https://github.com/haibindev/repo-scan
-tools:
-  - file analysis
-  - dependency detection
-  - HTML report generation
+origin: community
 ---
 
 # repo-scan
 
 > Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.
 
-## When to Activate
+## When to Use
 
 - Taking over a large legacy codebase and need a structural overview
 - Before major refactoring — identify what's core, what's duplicate, what's dead
@@ -22,9 +18,10 @@ tools:
 ## Installation
 
 ```bash
-# Copy into your Claude Code skills directory
+# Clone at a pinned commit for reproducibility
 git clone https://github.com/haibindev/repo-scan.git
-cp -r repo-scan ~/.claude/skills/repo-scan
+cd repo-scan && git checkout 2742664
+cp -r ../repo-scan ~/.claude/skills/repo-scan
 ```
 
 > Review the source before installing any agent skill.
@@ -49,13 +46,13 @@ cp -r repo-scan ~/.claude/skills/repo-scan
 | `deep` | 5-10 per module | Adds thread safety, memory management, API consistency |
 | `full` | All files | Pre-merge comprehensive review |
 
-## Workflow
+## How It Works
 
 1. **Scan**: `/repo-scan` runs a pre-scan pass to classify files and detect dependencies
 2. **Analyze**: AI reviews the structured data and assigns verdicts per module
 3. **Report**: Interactive HTML report generated with verdict distribution and drill-down
 
-## Real-World Example
+## Examples
 
 On a 50,000-file C++ monorepo:
 - Found FFmpeg 2.x (2015 vintage) still in production

From dcc4d914d222f2713544256150e4fdb0fa36c088 Mon Sep 17 00:00:00 2001
From: Affaan Mustafa <affaan@dcube.ai>
Date: Sat, 28 Mar 2026 20:29:51 -0400
Subject: [PATCH 5/5] fix(skills): tighten repo-scan install flow

---
 skills/repo-scan/SKILL.md | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/skills/repo-scan/SKILL.md b/skills/repo-scan/SKILL.md
index 9e7bb470..88963c62 100644
--- a/skills/repo-scan/SKILL.md
+++ b/skills/repo-scan/SKILL.md
@@ -17,12 +17,16 @@ origin: community
 
 ## Installation
 
-```bash
-# Clone at a pinned commit for reproducibility
-git clone https://github.com/haibindev/repo-scan.git
-cd repo-scan && git checkout 2742664
-cp -r ../repo-scan ~/.claude/skills/repo-scan
-```
+```bash
+# Fetch only the pinned commit for reproducibility
+mkdir -p ~/.claude/skills/repo-scan
+git init repo-scan
+cd repo-scan
+git remote add origin https://github.com/haibindev/repo-scan.git
+git fetch --depth 1 origin 2742664
+git checkout --detach FETCH_HEAD
+cp -r . ~/.claude/skills/repo-scan
+```
 
 > Review the source before installing any agent skill.
 
@@ -48,9 +52,11 @@ cp -r ../repo-scan ~/.claude/skills/repo-scan
 
 ## How It Works
 
-1. **Scan**: `/repo-scan` runs a pre-scan pass to classify files and detect dependencies
-2. **Analyze**: AI reviews the structured data and assigns verdicts per module
-3. **Report**: Interactive HTML report generated with verdict distribution and drill-down
+1. **Classify the repo surface**: enumerate files, then tag each as project code, embedded third-party code, or build artifact.
+2. **Detect embedded libraries**: inspect directory names, headers, license files, and version markers to identify bundled dependencies and likely versions.
+3. **Score each module**: group files by module or subsystem, then assign one of the four verdicts based on ownership, duplication, and maintenance cost.
+4. **Highlight structural risks**: call out dead-weight artifacts, duplicated wrappers, outdated vendored code, and modules that should be extracted, rebuilt, or deprecated.
+5. **Produce the report**: return a concise summary plus the interactive HTML output with per-module drill-down so the audit can be reviewed asynchronously.
 
 ## Examples