From composto
Scans codebase for security issues like hardcoded secrets, debug artifacts like console.log/debug, and code smells with context-aware severity levels (src vs tests). Use before work or for quality checks.
npx claudepluginhub mertcanaltin/composto --plugin compostoThis skill uses the workspace's default tool permissions.
Scan the current project for issues using Composto's Watcher Engine.
Runs parallel Bash scripts to scan code for hardcoded secrets, debug artifacts (console.log, print, debugger), and TODO/FIXME comments. Outputs JSON reports for security audits, PR reviews, and deployments.
Scan codebase for debug artifacts and code quality issues; optionally auto-fix safe patterns. Use when: before committing, during PR review, or periodic codebase cleanup. Keywords: sweep, debug cleanup, console.log, debugger, TODO, ts-any, code quality, 掃描, 清理.
Scans code for vulnerabilities, bugs, and code smells using Semgrep and CodeQL. Run before releases, large PRs, or when suspecting recurrent bug classes.
Share bugs, ideas, or general feedback.
Scan the current project for issues using Composto's Watcher Engine.
Execute this command in the project root:
npx composto scan .
Or if composto is installed globally:
composto scan .
console.log, console.debug left in source codesrc/ vs tests/!! [CRITICAL] src/auth/login.ts:23
Potential hardcoded secret detected
-> Route: reviewer @ L1
! [WARNING] src/utils/helper.ts:15
console.log detected — likely debug artifact
-> Route: fixer @ L1
!! = critical, needs immediate attention ! = warning, should be fixed = info, for awarenesscomposto-ir to get Health-Aware context for files with issues