Stats
Actions
Tags
From composto
Scans codebase for security issues like hardcoded secrets, debug artifacts like console.log/debug, and code smells with context-aware severity levels (src vs tests). Use before work or for quality checks.
How this skill is triggered — by the user, by Claude, or both
Slash command
/composto:composto-scanThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Scan the current project for issues using Composto's Watcher Engine.
Scan the current project for issues using Composto's Watcher Engine.
Execute this command in the project root:
npx composto scan .
Or if composto is installed globally:
composto scan .
console.log, console.debug left in source codesrc/ vs tests/!! [CRITICAL] src/auth/login.ts:23
Potential hardcoded secret detected
-> Route: reviewer @ L1
! [WARNING] src/utils/helper.ts:15
console.log detected — likely debug artifact
-> Route: fixer @ L1
!! = critical, needs immediate attention ! = warning, should be fixed = info, for awarenesscomposto-ir to get Health-Aware context for files with issuesnpx claudepluginhub mertcanaltin/composto --plugin compostoRuns parallel security and quality scans for hardcoded secrets, debug artifacts, and TODO/FIXME tracking. Produces structured JSON reports for security reviews, PR audits, and pre-deployment checks.
Scans codebase for debug artifacts (console.log, debugger), TODO/FIXME markers, and TypeScript `any` types. Optionally auto-fixes safe patterns. Useful before commits or during PR review.
Scans code for vulnerabilities, bugs, and code smells using Semgrep (default) and CodeQL. Use before releases, on large PRs, or when investigating recurring bug classes.