quality-scan — for Claude Code quality-scan, meander, community, for Claude Code, ide skills, pnpm run check, file:line, min-release-age=7, git stash, git add -A

v1.0.0
GitHub

이 스킬 정보

적합한 상황: Ideal for AI agents that need read-only analysis. don't fix issues during the scan. 현지화된 요약: # quality-scan <task Perform a read-only quality sweep over the meander codebase. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

기능

Read-only analysis. Don't fix issues during the scan.
Run all enabled scans before reporting.
Findings are prioritized Critical High Medium Low.
Every finding must include a file:line reference and a suggested fix.
Don't bypass min-release-age=7 (.npmrc) if a scan suggests a dependency bump.

# 핵심 주제

for Claude Code pnpm run check file:line min-release-age=7 git stash git add -A
divmain divmain
[1]
[1]
업데이트: 4/25/2026

Skill Overview

Start with fit, limitations, and setup before diving into the repository.

적합한 상황: Ideal for AI agents that need read-only analysis. don't fix issues during the scan. 현지화된 요약: # quality-scan <task Perform a read-only quality sweep over the meander codebase. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

이 스킬을 사용하는 이유

추천 설명: quality-scan helps agents read-only analysis. don't fix issues during the scan. quality-scan <task Perform a read-only quality sweep over the meander codebase. This AI agent skill supports Claude Code, Cursor

최적의 용도

적합한 상황: Ideal for AI agents that need read-only analysis. don't fix issues during the scan.

실행 가능한 사용 사례 for quality-scan

사용 사례: Applying Read-only analysis. Don't fix issues during the scan
사용 사례: Applying Run all enabled scans before reporting
사용 사례: Applying Findings are prioritized Critical High Medium Low

! 보안 및 제한 사항

  • 제한 사항: Read-only analysis. Don't fix issues during the scan.
  • 제한 사항: Every finding must include a file:line reference and a suggested fix.
  • 제한 사항: Don't bypass min-release-age=7 (.npmrc) if a scan suggests a dependency bump.

About The Source

The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.

Labs 데모

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

FAQ 및 설치 단계

These questions and steps mirror the structured data on this page for better search understanding.

? 자주 묻는 질문

quality-scan은 무엇인가요?

적합한 상황: Ideal for AI agents that need read-only analysis. don't fix issues during the scan. 현지화된 요약: # quality-scan <task Perform a read-only quality sweep over the meander codebase. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

quality-scan은 어떻게 설치하나요?

다음 명령을 실행하세요: npx killer-skills add divmain/meander. Cursor, Windsurf, VS Code, Claude Code와 19개 이상의 다른 IDE에서 동작합니다.

quality-scan은 어디에 쓰이나요?

주요 활용 사례는 다음과 같습니다: 사용 사례: Applying Read-only analysis. Don't fix issues during the scan, 사용 사례: Applying Run all enabled scans before reporting, 사용 사례: Applying Findings are prioritized Critical High Medium Low.

quality-scan 와 호환되는 IDE는 무엇인가요?

이 스킬은 Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer 와 호환됩니다. 통합 설치에는 Killer-Skills CLI를 사용하세요.

quality-scan에 제한 사항이 있나요?

제한 사항: Read-only analysis. Don't fix issues during the scan.. 제한 사항: Every finding must include a file:line reference and a suggested fix.. 제한 사항: Don't bypass min-release-age=7 (.npmrc) if a scan suggests a dependency bump..

이 스킬 설치 방법

  1. 1. 터미널 열기

    프로젝트 디렉터리에서 터미널 또는 명령줄을 여세요.

  2. 2. 설치 명령 실행

    npx killer-skills add divmain/meander 를 실행하세요. CLI가 IDE 또는 에이전트를 자동으로 감지하고 스킬을 설정합니다.

  3. 3. 스킬 사용 시작

    스킬이 이제 활성화되었습니다. 현재 프로젝트에서 quality-scan을 바로 사용할 수 있습니다.

! Source Notes

This page is still useful for installation and source reference. Before using it, compare the fit, limitations, and upstream repository notes above.

Upstream Repository Material

The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.

Upstream Source

quality-scan

# quality-scan <task Perform a read-only quality sweep over the meander codebase. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

SKILL.md
Readonly
Upstream Repository Material
The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.
Upstream Source

quality-scan

<task> Perform a read-only quality sweep over the meander codebase. Clean repository junk first, run `pnpm run check` for structural validation, then spawn general-purpose agents to scan for critical bugs, logic errors, workflow issues, GitHub Actions security findings, and documentation drift. Aggregate findings, deduplicate, and produce a prioritized report. </task> <constraints> - Read-only analysis. Don't fix issues during the scan. - Run all enabled scans before reporting. - Findings are prioritized Critical > High > Medium > Low. - Every finding must include a `file:line` reference and a suggested fix. - Don't bypass `min-release-age=7` (`.npmrc`) if a scan suggests a dependency bump. - Parallel-session safety: don't `git stash`, `git add -A` / `.`, `git checkout <branch>`, or `git reset --hard` in the primary checkout. Stage with surgical `git add <path>`. </constraints> <instructions>

Process

Phase 1: Validate environment

Follow _shared/env-check.md. Run git status (warn but continue if dirty). Confirm a valid branch and that node_modules/ exists. The pinned Node version (currently 25.9.0) is in .node-version.

Phase 2: Update dependencies

Run pnpm run update for the meander checkout. The script honors the 7-day maturity period from .config/taze.config.mts and the min-release-age=7 setting in .npmrc — don't add flags that bypass them. Report the number of packages updated. Continue with the scan even if the update step fails.

Phase 3: Repository cleanup

Clean junk files before scanning:

  1. SCREAMING_TEXT.md files (all-caps .md files) NOT inside .claude/ or docs/, and NOT named README.md, LICENSE, or SECURITY.md.
  2. Misplaced test files (.test.mts outside test/). Meander's tests live in test/**/*.test.mts; anything matching the pattern outside that root is misplaced.
  3. Temp files (*.tmp, *.temp, .DS_Store, Thumbs.db, *~, *.swp, *.swo, *.bak).
  4. Stray log files (*.log outside logs/ or dist/).

For each file: show the path, explain why it's junk, get user confirmation before deleting. Use git rm <path> if tracked, rm <path> if untracked. Don't sweep with git add -A / git rm -r.

Phase 4: Structural validation

Run pnpm run check (lint + type-check; what CI runs). Report errors as Critical findings; oxlint warnings are Low findings. Continue with the remaining scans regardless of the result.

Phase 5: Determine scan scope

Ask the user which scan types to run. Default is all of them.

Scan types:

  1. critical — crashes, prototype-pollution risk, resource leaks, data corruption, unhandled promise rejections.
  2. logic — algorithm errors, edge cases, type guards, off-by-one, malformed-input handling, classifier predicate bugs (src/classifiers.mts).
  3. workflowscripts/, package.json, .github/workflows/, .git-hooks/, cross-platform compatibility, CLAUDE.md convention drift.
  4. security — GitHub Actions workflow security via zizmor (delegate to the existing security-scan skill if scope is broader than this scan needs).
  5. documentationREADME.md, docs/contributing.md, CLAUDE.md accuracy against the actual code in src/ and scripts/.

There's no separate cache scan in meander — content caching lives in src/crypto.mts (AES-256-GCM at-rest encryption) and is covered by the critical + logic scans.

Phase 6: Execute scans

For each enabled scan type, spawn a general-purpose subagent via the Task tool. Load the agent prompt template from reference.md, customize for the meander context, and capture the findings.

Run scans sequentially in priority order: critical → logic → workflow → security → documentation.

Each finding must include: file path with line number, issue description, severity, code pattern, trigger, suggested fix, and impact.

Phase 7: Aggregate findings

Collect all findings. Deduplicate (same file:line and same issue across scans, keeping the highest-priority scan's version). Sort by severity descending, then scan-type priority, then alphabetical by file path.

Phase 8: Generate report

Generate a structured report using the "Report Template" section in reference.md. The report includes: scan metadata, dependency-update status, structural-validation results, findings grouped by severity, scan coverage, and prioritized recommendations.

Display the report to console. Optionally save it to a path the user picks (meander has no reports/ convention — ask before writing one).

Phase 9: Complete

<completion_signal>

xml
1<promise>QUALITY_SCAN_COMPLETE</promise>

</completion_signal>

Report final metrics: dependency-update count, structural-validation results, cleanup count, scans completed, total findings by severity, files scanned, and scan duration. See reference.md section "Completion Summary" for the template.

</instructions>

Success criteria

  • <promise>QUALITY_SCAN_COMPLETE</promise> emitted.
  • All enabled scans completed without errors.
  • Findings prioritized Critical > Low.
  • Every finding has file:line and a suggested fix.
  • Report includes statistics and coverage.
  • Duplicate findings removed.

Scan types

See reference.md for the per-scan agent prompt templates:

  • critical-scan — null/undefined access, unhandled promise rejections, race conditions, resource leaks, prototype-pollution gaps.
  • logic-scan — off-by-one, type guards, edge cases, classifier-predicate correctness, parser correctness in src/generate.mts.
  • workflow-scanscripts/, package.json, git hooks, .github/workflows/.
  • security-scan — GitHub Actions workflow security (zizmor). For a full security pass also run the dedicated security-scan skill (combined AgentShield + zizmor).
  • documentation-scan — README accuracy, CLAUDE.md drift, outdated examples in docs/.

관련 스킬

Looking for an alternative to quality-scan or another community skill for your workflow? Explore these related open-source skills.

모두 보기

openclaw-release-maintainer

Logo of openclaw
openclaw

현지화된 요약: 🦞 # OpenClaw Release Maintainer Use this skill for release and publish-time workflow. It covers ai, assistant, crustacean workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

333.8k
0
인공지능

widget-generator

Logo of f
f

현지화된 요약: Generate customizable widget plugins for the prompts.chat feed system # Widget Generator Skill This skill guides creation of widget plugins for prompts.chat . It covers ai, artificial-intelligence, awesome-list workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf

149.6k
0
인공지능

flags

Logo of vercel
vercel

현지화된 요약: The React Framework # Feature Flags Use this skill when adding or changing framework feature flags in Next.js internals. It covers blog, browser, compiler workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

138.4k
0
브라우저

pr-review

Logo of pytorch
pytorch

현지화된 요약: Usage Modes No Argument If the user invokes /pr-review with no arguments, do not perform a review . It covers autograd, deep-learning, gpu workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

98.6k
0
개발자