Skill

Overview

Chains sync-ctl commands for project health checks: analyzes tech stack, scans security and vulnerabilities, audits dependencies, synthesizes report with recommendations.

security

code-quality

npx claudepluginhub syncable-dev/syncable-cli --plugin syncable-cli-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Chain analyze + security + vulnerabilities + dependencies into a unified health report. Each step informs the next via decision points.

SKILL.md

Similar Skills

design-system

167.4k

Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.

team-skills-platform

ui-demo

167.4k

Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.

team-skills-platform

kotlin-patterns

167.4k

Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.

team-skills-platform

Stats

Parent Repo Stars35

Parent Repo Forks7

Last CommitMar 31, 2026

Actions

View Source View Plugin View on GitHub View README

Overview

Chain analyze + security + vulnerabilities + dependencies into a unified health report. Each step informs the next via decision points.

Steps

1. Analyze the project stack

sync-ctl analyze <PATH> --agent

Parse output for: languages, frameworks, whether dependencies exist (gates steps 3-4), whether secrets-capable files exist (gates step 2 mode). Save full_data_ref.

Success criteria: JSON with summary field. You know what languages, frameworks, and dependency files are present.

2. Security scan

sync-ctl security <PATH> --mode balanced --agent

Decision: No config/secrets/env files in step 1 → use --mode lightning instead.

Success criteria: JSON with severity counts. All critical/high findings captured.

3. Vulnerability scan

sync-ctl vulnerabilities <PATH> --agent

Decision: No dependencies detected in step 1 → skip entirely, note "No dependencies detected" in report.

If scanner missing: sync-ctl tools install --yes, then retry.

Success criteria: JSON with CVE counts by severity, or step skipped with documented reason.

4. Dependency audit

sync-ctl dependencies <PATH> --licenses --agent

Decision: Same as step 3 — skip if no dependencies.

Success criteria: JSON with total count, prod/dev split, license distribution, or step skipped.

Decision Points

Condition	Action
No dependencies in step 1	Skip steps 3 and 4
No secrets-capable files in step 1	Use `--mode lightning` in step 2
Vulnerability scanner missing	`sync-ctl tools install --yes`, retry

Report Synthesis

After all steps, synthesize ONE report:

Tech Stack — primary language, frameworks, runtimes
Security Score — score, critical/high count
Vulnerabilities — critical/high CVE count, packages with fixes
Dependencies — total count, license concerns
Recommendations — top 3-5 actions by severity

Retrieval

Save each step's full_data_ref. Use sync-ctl retrieve <ref_id> --query "..." for drill-down. Do NOT re-run commands for more detail.