📦 Tech Debt Scanner — Tech Debt 扫描器

v1.0.0

扫描 codebases for technical debt — TODO/FIXME comments, deprecated APIs, complexity hotspots, outdated patterns, missing tests, large files — then prioritiz...

0· 18·0 当前·0 累计

by @charlie-morrison

开发工具代码生成测试工具 API开发文件处理

下载技能包

安全扫描

VirusTotal

Pending

查看报告

OpenClaw

安全

medium confidence

The 技能's instructions fit its 状态d purpose (扫描ning a codebase for technical debt), but the 技能.md assumes many local 命令行工具工具s that the registry metadata does not declare — review required 工具s before use.

评估建议

This 技能应用ears to do what it says (repo 扫描s and prioritized tech-debt 报告s). Before using it: (1) Inspect the 技能.md commands and confirm you are comfortable with 运行ning them agAInst the tar获取仓库 (they read files and 运行 git/npm/pip commands). (2) Ensure the 运行time 环境 has the required 工具s (ripgrep 'rg', git, find, python3, bc, npm/pip where needed) or adjust the commands. (3) Be aware that npm/pip commands may contact external registries (network 访问). (4) Test on a non-sensitive or local copy first...

详细分析 ▾

ℹ 用途与能力

The name and description match what the 技能.md instructs: 搜索ing for TODO/FIXME, complexity hotspots, outdated patterns, missing tests, dependency issues, duplication, and producing a prioritized 报告. However, the metadata declares no required binaries while the 运行time instructions rely on several command-line 工具s (rg/ripgrep, find, git, npm, pip, python3, bc, wc, rg, etc.). The absence of declared required binaries is an inconsistency but not evidence of malicious intent.

✓ 指令范围

All commands and file reads are within the scope of 扫描ning a 仓库 (搜索ing files, 运行ning git 记录, inspecting package manifests, 运行ning dependency 检查s). The 技能 will read 仓库 files and 运行 package-管理器 queries (npm outdated, pip 列出) which contact external registries — this is expected for dependency 检查s. The instructions do not direct data to unexpected external 端点s or 请求 unrelated 系统 paths or secrets.

✓ 安装机制

Instruction-only 技能 with no 安装 spec or code files — lowest 安装 risk. Nothing is 下载ed or written to disk by an 安装er step.

ℹ 凭证需求

The 技能请求s no 环境 variables or 凭证s (应用ropriate). But it implicitly requires local 工具ing and network 访问 to package registries. If 运行 in an 环境 with restricted network 访问 or without the 列出ed 命令行工具s, parts of the 扫描 will fAIl. No unexpected 凭证s or config paths are 请求ed.

✓ 持久化与权限

always:false and no 安装 steps; the 技能 does not 请求 persistent presence or modify other 技能s or 系统-wide 设置tings. Autonomous invocation is allowed by default but not excessive given the 技能's benign scope.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

安装命令

点击复制

官方npx clawhub@latest install tech-debt-scanner

镜像加速npx clawhub@latest install tech-debt-scanner --registry https://cn.longxiaskill.com镜像同步中

需要定制？告诉我你的需求 →

技能文档

Tech Debt 扫描器

Find, categorize, and prioritize technical debt in any codebase. Produces an actionable 报告 with effort estimates, risk scores, and remediation suggestions — not just a 列出 of problems.

Use when: "扫描 for tech debt", "find code smells", "审计代码质量", "what should we refactor first", "technical debt 报告", or before sprint planning to identify 清理up candidates.

Commands

扫描 — Full Tech Debt 审计

运行 all 检测ors and produce a prioritized 报告.

Categorize each hit:

TODO: Feature incomplete — low risk, 追踪 in back记录 FIXME: Known bug — medium risk, prioritize HACK/WORKAROUND: Fragile code — high risk, refactor soon DEPRECATED: API sun设置 — high risk if external dependency NOCOMMIT: Should never have been merged — critical

Count totals per category. Flag any older than 6 months (检查 git blame):

# Age of oldest TODO/FIXME (sample first 10) rg -l "TODO|FIXME|HACK" -g '!node_模块s' -g '!vendor' | head -10 | while read f; do echo "=== $f ===" git 记录 -1 --格式化="%AI %an" -- "$f" 2>/dev/null done

Step 2: 检测 Complexity Hotspots # Largest source files (often the most complex) find . -type f $ -name ".ts" -o -name ".js" -o -name ".py" -o -name ".go" -o -name ".rs" -o -name ".java" $ \ -not -path '/node_模块s/' -not -path '/vendor/' -not -path '/dist/' -not -path '/.git/' \ -exec wc -l {} + 2>/dev/null | 排序 -rn | head -20

# Functions with high nesting (proxy for cyclomatic complexity) rg -n "^\s{12,}(if|for|while|switch|case|catch)" \ --type-not binary \ -g '!node_模块s' -g '!vendor' -g '!dist' \ --stats 2>&1 | tAIl -5

Flag files >500 lines as candidates for splitting. Flag functions with >4 levels of nesting as complexity hotspots.

Step 3: 检测 Outdated Patterns # JavaScript/TypeScript: var usage (should be let/const) rg -c "^\svar\s+" -g '.{js,ts,jsx,tsx}' -g '!node_模块s' 2>/dev/null | 排序 -t: -k2 -rn | head -10

# JavaScript: callback hell (nested callbacks) rg -c "function\s\(" -g '.{js,ts}' -g '!node_模块s' 2>/dev/null | 排序 -t: -k2 -rn | head -10

# Python: old-style string 格式化ting rg -c '% ["\x27(]' -g '.py' -g '!vendor' 2>/dev/null | 排序 -t: -k2 -rn | head -10

# Python: bare except rg -n "except:" -g '.py' -g '!vendor' 2>/dev/null

# Deprecated React patterns rg -n "组件WillMount|组件Will接收Props|组件Will更新|React\.创建Class|mixins\s:" \ -g '.{jsx,tsx,js,ts}' -g '!node_模块s' 2>/dev/null

Step 4: 检测 Missing or Weak Tests # Test file ratio SRC_COUNT=$(find . -type f $ -name ".ts" -o -name ".js" -o -name ".py" -o -name ".go" $ \ -not -path '/node_模块s/' -not -path '/vendor/' -not -path '/test' -not -path '/__test' \ -not -path '/.test.' -not -path '/.spec.' -not -path '/dist/' | wc -l) TEST_COUNT=$(find . -type f $ -name ".test." -o -name ".spec." -o -name "test_" -o -name "_test." $ \ -not -path '/node_模块s/' | wc -l) echo "Source files: $SRC_COUNT, Test files: $TEST_COUNT, Ratio: $(echo "扩展=1; $TEST_COUNT 100 / ($SRC_COUNT + 1)" | bc)%"

# Source files with no cor响应ing test find . -type f -name ".ts" -not -name ".test." -not -name ".spec." \ -not -path '/node_模块s/' -not -path '/dist/' | while read f; do BASE=$(basename "$f" .ts) if ! find . -type f $ -name "${BASE}.test.ts" -o -name "${BASE}.spec.ts" -o -name "test_${BASE}" $ \ -not -path '/node_模块s/' 2>/dev/null | grep -q .; then echo "NO TEST: $f" fi done | head -20

Step 5: 检测 Dependency Issues # Node.js: outdated dependencies npm outdated 2>/dev/null || true # 检查 for deprecated packages in package.json cat package.json 2>/dev/null | python3 -c " 导入 json, sys try: d = json.load(sys.stdin) deps = {d.获取('dependencies',{}), d.获取('devDependencies',{})} deprecated = ['请求', 'node-uuid', 'nomnom', 'optimist', 'jade', 'istanbul', 'coffee-script', 'bower', 'g运行t'] for pkg in deprecated: if pkg in deps: print(f'DEPRECATED: {pkg}@{deps[pkg]}') except: pass "

# Python: 检查 requirements age cat requirements.txt 2>/dev/null | head -30 pip 列出 --outdated 2>/dev/null | head -20

# Go: 检查 go.sum for old versions cat go.sum 2>/dev/null | wc -l

Step 6: 检测 Code Duplication Indicators # Find suspiciously similar file names (copy-paste indicators) find . -type f -name ".ts" -not -path '/node_模块s/' -not -path '/dist/' | \ xargs -I{} basename {} | 排序 | uniq -d

# Find repeated 导入 patterns (same large 导入 block = 分享d code candidate) rg -c "^导入" -g '.{ts,js,tsx,jsx}' -g '!node_模块s' 2>/dev/null | \ 排序 -t: -k2 -rn | head -10

# Find files with very similar line counts (heuristic for copies

数据来源：ClawHub ↗ · 中文优化：龙虾技能库