Back to Details

code-cleanup

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Code Cleanup Skill

代码清理技能

Operator Context

技能运行上下文

This skill operates as an operator for systematic code quality scanning, configuring Claude's behavior for focused detection and prioritized reporting of technical debt.
本技能作为系统性代码质量扫描的操作工具,配置Claude的行为以聚焦检测并按优先级报告技术债务问题。

Hardcoded Behaviors (Always Apply)

硬编码行为(始终适用)

  • CLAUDE.md Compliance: Read and follow repository CLAUDE.md files before execution
  • Over-Engineering Prevention: Only scan for requested issue types or smart defaults. Do not build elaborate reporting systems, dashboards, or speculative features
  • Report Before Fix: NEVER modify files without explicit user permission. Default mode is read-only scan and report
  • Exact References: Report all findings with exact file:line references. Never summarize away specifics
  • Exclude Non-Source: Always exclude vendor/, node_modules/, .venv/, build/, dist/, generated/ directories
  • Prioritized Output: Rank findings by impact/effort ratio. Never present a flat unsorted list
  • CLAUDE.md 合规性:执行前读取并遵循仓库中的CLAUDE.md文件
  • 防止过度设计:仅扫描请求的问题类型或智能默认项。请勿构建复杂的报告系统、仪表板或推测性功能
  • 先报告后修复:未经用户明确许可,绝不修改文件。默认模式为只读扫描并报告
  • 精确引用:所有发现的问题需附带精确的文件:行号引用。绝不省略具体细节
  • 排除非源码目录:始终排除vendor/、node_modules/、.venv/、build/、dist/、generated/目录
  • 优先级输出:按影响/投入比对发现的问题排序。绝不展示无排序的扁平列表

Default Behaviors (ON unless disabled)

默认行为(默认开启,除非手动关闭)

  • Focused Scope: Ask user for target directories when request is vague rather than scanning everything
  • Context Lines: Show 3 lines of context around each finding for quick comprehension
  • TODO Age Triage: Use git blame to age TODOs and categorize by staleness (Critical >90d, High 30-90d, Normal <30d)
  • Quick Wins First: Present auto-fixable issues (unused imports, formatting) before manual-effort items
  • Effort Estimates: Include time estimates per category so user can plan
  • Tool Availability Check: Verify required analysis tools exist before scanning; report missing tools with install commands
  • Temporary File Cleanup: Remove intermediate scan outputs at completion, keep only final report
  • 聚焦范围:当请求模糊时,询问用户目标目录,而非扫描所有内容
  • 上下文代码行:每个问题展示3行上下文代码,便于快速理解
  • TODO时效性分类:使用git blame判断TODO的存在时长,并按过期程度分类(严重:>90天,高优先级:30-90天,普通:<30天)
  • 优先展示快速修复项:先展示可自动修复的问题(未使用的导入、格式问题),再展示需手动处理的项
  • 投入时间估算:按类别提供时间估算,方便用户规划
  • 工具可用性检查:扫描前验证所需分析工具是否存在;若工具缺失,提供安装命令
  • 临时文件清理:扫描完成后删除中间输出,仅保留最终报告

Optional Behaviors (OFF unless enabled)

可选行为(默认关闭,除非手动开启)

  • Auto-Fix: Apply safe, deterministic fixes (requires --fix flag or explicit permission)
  • Direct File Modification: Write changes to source files (only with explicit permission)
  • Tool Auto-Install: Install missing analysis tools automatically
  • Commit Fixes: Stage and commit applied fixes
  • 自动修复:应用安全、确定性的修复(需--fix标志或明确许可)
  • 直接修改文件:将更改写入源码文件(仅在获得明确许可后)
  • 自动安装工具:自动安装缺失的分析工具
  • 提交修复:暂存并提交已应用的修复

What This Skill CAN Do

本技能可执行的操作

  • Scan repositories for 9 categories of technical debt (TODOs, unused imports, dead code, missing type hints, deprecated functions, naming inconsistencies, high complexity, duplicate code, missing docstrings)
  • Prioritize findings by impact/effort ratio with time estimates
  • Generate structured markdown reports with exact file:line references
  • Apply safe auto-fixes when user grants permission (unused imports, formatting, import sorting)
  • Triage TODO comments by age using git history
  • 扫描仓库中9类技术债务问题(TODO、未使用的导入、死代码、缺失类型提示、废弃函数、命名不一致、高复杂度、重复代码、缺失文档字符串)
  • 按影响/投入比对发现的问题排序,并提供时间估算
  • 生成带有精确文件:行号引用的结构化Markdown报告
  • 在用户许可下应用安全的自动修复(未使用的导入、格式调整、导入排序)
  • 利用git历史记录对TODO注释进行时效性分类

What This Skill CANNOT Do

本技能不可执行的操作

  • Fix bugs or investigate failures (use systematic-debugging)
  • Implement new features (use test-driven-development)
  • Perform architectural review (use domain-specific agent)
  • Run security audits (use security scanning tools)
  • Modify files without explicit user permission
  • Skip the prioritization step
  • 修复bug或排查故障(请使用systematic-debugging)
  • 实现新功能(请使用test-driven-development)
  • 架构评审(请使用领域特定agent)
  • 安全审计(请使用安全扫描工具)
  • 未经用户明确许可修改文件
  • 跳过优先级排序步骤

Examples

示例

Example 1: Focused Cleanup Request

示例1:聚焦清理请求

User says: "Clean up the API handlers in src/api/" Actions:
  1. Read CLAUDE.md and project config (SCOPE)
  2. Scan src/api/ only for all 9 categories (SCAN)
  3. Prioritize: 5 unused imports (auto-fixable), 2 stale TODOs (>90d), 1 high-complexity function (PRIORITIZE)
  4. Present tiered report with auto-fix commands (REPORT) Result: User gets focused, actionable report for their working area
用户说:“清理src/api/目录下的API处理器代码” 操作步骤:
  1. 读取CLAUDE.md和项目配置(范围确定)
  2. 仅扫描src/api/目录下的9类问题(扫描)
  3. 优先级排序:5个未使用的导入(可自动修复)、2个过期TODO(>90天)、1个高复杂度函数(优先级排序)
  4. 生成分层报告,并提供自动修复命令(报告) 结果:用户获得针对工作区域的聚焦、可执行报告

Example 2: Broad Technical Debt Scan

示例2:全面技术债务扫描

User says: "What's the state of technical debt in this repo?" Actions:
  1. Identify languages and source directories, exclude vendor/generated (SCOPE)
  2. Run all applicable scans across source directories (SCAN)
  3. Group 47 findings into Quick Wins (12), Important (8), Polish (27) (PRIORITIZE)
  4. Generate full report with effort estimates: 2h quick wins, 6h important, 4h polish (REPORT) Result: User has clear picture of debt and time investment needed
用户说:“这个仓库的技术债务现状如何?” 操作步骤:
  1. 识别开发语言和源码目录,排除vendor/和generated/目录(范围确定)
  2. 对所有源码目录运行适用的扫描(扫描)
  3. 将47个发现的问题分组为快速修复项(12个)、重要项(8个)、优化项(27个)(优先级排序)
  4. 生成完整报告并提供投入时间估算:快速修复需2小时,重要项需6小时,优化项需4小时(报告) 结果:用户清晰了解债务情况及所需投入时间

Example 3: Auto-Fix Request

示例3:自动修复请求

User says: "Fix all the unused imports and sort them" Actions:
  1. Verify ruff/goimports available (SCOPE)
  2. Scan for F401 and I001 violations only (SCAN)
  3. Report findings: 23 unused imports across 8 files (PRIORITIZE + REPORT)
  4. User confirms: apply fixes, run tests, show diff (FIX) Result: Clean imports with verified test suite
用户说:“修复所有未使用的导入并排序” 操作步骤:
  1. 验证ruff/goimports是否可用(范围确定)
  2. 仅扫描F401和I001违规项(扫描)
  3. 报告发现的问题:8个文件中存在23个未使用的导入(优先级排序+报告)
  4. 用户确认后:应用修复、运行测试、展示差异(修复) 结果:导入代码整洁,且测试套件验证通过

Instructions

操作指南

Phase 1: SCOPE

阶段1:范围确定

Goal: Determine what to scan and verify tooling is available.
Step 1: Read project context
  • Check for CLAUDE.md, .gitignore, pyproject.toml, go.mod, package.json
  • Identify primary languages and project structure
Step 2: Determine scan scope
  • If user specified a directory or issue type, use that exactly
  • If user specified only issue type (e.g., "find unused imports"), scan all source directories for that type only
  • If request is vague ("clean up code"), ask user for target area or default to source directories only
  • Always exclude: vendor/, node_modules/, .venv/, build/, dist/, generated/, .git/
  • Respect .gitignore patterns when determining what to scan
Step 3: Verify tool availability
Check which analysis tools are installed. Report missing tools with install commands before proceeding.
bash
undefined
目标:确定扫描范围并验证工具可用性。
步骤1:读取项目上下文
  • 检查是否存在CLAUDE.md、.gitignore、pyproject.toml、go.mod、package.json
  • 识别主要开发语言和项目结构
步骤2:确定扫描范围
  • 若用户指定了目录或问题类型,严格按此执行
  • 若用户仅指定了问题类型(如“查找未使用的导入”),则对所有源码目录仅扫描该类型问题
  • 若请求模糊(如“清理代码”),询问用户目标区域,或默认仅扫描源码目录
  • 始终排除:vendor/、node_modules/、.venv/、build/、dist/、generated/、.git/
  • 确定扫描范围时需遵循.gitignore规则
步骤3:验证工具可用性
检查已安装的分析工具。在继续前报告缺失的工具并提供安装命令。
bash
undefined

Python tools

Python工具

command -v ruff && echo "ruff: available" || echo "ruff: MISSING (pip install ruff)" command -v vulture && echo "vulture: available" || echo "vulture: MISSING (pip install vulture)"
command -v ruff && echo "ruff: available" || echo "ruff: MISSING (pip install ruff)" command -v vulture && echo "vulture: available" || echo "vulture: MISSING (pip install vulture)"

Go tools

Go工具

command -v gocyclo && echo "gocyclo: available" || echo "gocyclo: MISSING (go install github.com/fzipp/gocyclo/cmd/gocyclo@latest)" command -v goimports && echo "goimports: available" || echo "goimports: MISSING (go install golang.org/x/tools/cmd/goimports@latest)"

If critical tools are missing, offer to proceed with partial scan using available tools (grep, git blame are always available).

**Gate**: Scope defined, languages identified, tool availability known. Proceed only when gate passes.
command -v gocyclo && echo "gocyclo: available" || echo "gocyclo: MISSING (go install github.com/fzipp/gocyclo/cmd/gocyclo@latest)" command -v goimports && echo "goimports: available" || echo "goimports: MISSING (go install golang.org/x/tools/cmd/goimports@latest)"

若关键工具缺失,可提议使用可用工具进行部分扫描(grep、git blame始终可用)。

**阶段闸门**:范围已确定、语言已识别、工具可用性已确认。仅当满足条件时进入下一阶段。

Phase 2: SCAN

阶段2:扫描

Goal: Detect all cleanup opportunities within scope using deterministic tools.
Run applicable scans based on language and scope. See 
references/scan-commands.md
for full command reference.
Core scans (all languages):
  1. Stale TODOs: grep for TODO/FIXME/HACK/XXX, age with git blame
  2. Unused imports: ruff (Python), goimports (Go)
  3. Dead code: vulture (Python), staticcheck (Go)
  4. Complexity: radon (Python), gocyclo (Go)
Extended scans (if tools available): 5. Missing type hints (Python: ruff --select ANN) 6. Deprecated function usage (staticcheck, grep for known patterns) 7. Naming inconsistencies (grep for convention violations) 8. Duplicate code (pylint --enable=duplicate-code) 9. Missing docstrings (ruff --select D)
Collect all output with exact file:line references. Do not filter or summarize raw scan output.
For each scan, record:
  • Number of findings
  • Files affected
  • Whether findings are auto-fixable
If a scan tool is unavailable, note it as skipped and continue with remaining scans. Never abort the entire scan because one tool is missing.
Gate: All applicable scans complete with raw output collected. Proceed only when gate passes.
目标:使用确定性工具检测范围内所有可清理的问题。
根据开发语言和范围运行适用的扫描。完整命令参考见
references/scan-commands.md
核心扫描(所有语言)
  1. 过期TODO:使用grep查找TODO/FIXME/HACK/XXX,通过git blame判断存在时长
  2. 未使用的导入:ruff(Python)、goimports(Go)
  3. 死代码:vulture(Python)、staticcheck(Go)
  4. 代码复杂度:radon(Python)、gocyclo(Go)
扩展扫描(若工具可用): 5. 缺失类型提示(Python:ruff --select ANN) 6. 废弃函数使用(staticcheck、grep匹配已知模式) 7. 命名不一致(grep匹配违反约定的模式) 8. 重复代码(pylint --enable=duplicate-code) 9. 缺失文档字符串(ruff --select D)
收集所有输出并附带精确的文件:行号引用。绝不过滤或总结原始扫描输出。
每次扫描需记录:
  • 问题数量
  • 受影响的文件
  • 问题是否可自动修复
若某扫描工具不可用,标记为已跳过并继续剩余扫描。绝不因单个工具缺失而中止整个扫描。
阶段闸门:所有适用扫描已完成,且已收集原始输出。仅当满足条件时进入下一阶段。

Phase 3: PRIORITIZE

阶段3:优先级排序

Goal: Rank findings by impact/effort ratio and categorize.
Step 1: Assign impact and effort
Issue TypeImpactEffortPriority Score
Stale TODOs (>90 days)HighLow8
Unused importsMediumTrivial10
Deprecated functionsHighMedium6
High complexity (>20)HighHigh5
Dead codeMediumLow7
Missing type hintsMediumMedium5
Duplicate codeHighHigh5
Missing docstringsMediumMedium5
Naming inconsistenciesLowMedium3
Magic numbersLowLow5
Step 2: Group into tiers
  • Quick Wins (High priority, low effort): Unused imports, stale TODOs, dead code
  • Important (High impact, medium+ effort): Deprecated functions, high complexity, duplicates
  • Polish (Lower impact): Missing types, docstrings, naming, magic numbers
Step 3: Estimate total effort per tier
Use these time estimates per issue:
Issue TypeTime per Instance
Unused imports1-2 min (auto-fix)
Stale TODOs5-15 min each
Dead code removal5-10 min each
Magic numbers2-5 min each
Missing type hints10-20 min per function
Missing docstrings5-15 min per function
Naming fixes10-30 min per violation
High complexity refactor30-120 min per function
Duplicate code elimination30-90 min per instance
Deprecated function replacement15-60 min per usage
Multiply by instance count for tier totals.
Gate: All findings categorized and prioritized with effort estimates. Proceed only when gate passes.
目标:按影响/投入比对发现的问题排序并分类。
步骤1:分配影响和投入等级
问题类型影响等级投入等级优先级得分
过期TODO(>90天)8
未使用的导入极小10
废弃函数6
高复杂度代码(>20)5
死代码7
缺失类型提示5
重复代码5
缺失文档字符串5
命名不一致3
魔法数值5
步骤2:分组为不同层级
  • 快速修复项(高优先级,低投入):未使用的导入、过期TODO、死代码
  • 重要项(高影响,中高投入):废弃函数、高复杂度代码、重复代码
  • 优化项(低影响):缺失类型提示、缺失文档字符串、命名不一致、魔法数值
步骤3:估算各层级总投入时间
使用以下单问题时间估算:
问题类型单问题处理时间
未使用的导入1-2分钟(自动修复)
过期TODO每个5-15分钟
死代码移除每个5-10分钟
魔法数值每个2-5分钟
缺失类型提示每个函数10-20分钟
缺失文档字符串每个函数5-15分钟
命名修复每个违规项10-30分钟
高复杂度代码重构每个函数30-120分钟
重复代码消除每个实例30-90分钟
废弃函数替换每次使用15-60分钟
将单问题时间乘以问题数量得到各层级总时间。
阶段闸门:所有问题已分类并按优先级排序,且已估算投入时间。仅当满足条件时进入下一阶段。

Phase 4: REPORT

阶段4:报告

Goal: Present findings in structured, actionable format.
Generate report with this structure:
  1. Executive summary (total issues, tier counts, estimated effort)
  2. Quick Wins with auto-fix commands where available
  3. Important issues with specific suggestions
  4. Polish items grouped by type
  5. Files sorted by issue count
See 
references/report-template.md
for complete template.
Print complete report to stdout. Do NOT summarize or truncate findings.
If user provided 
--output {file}
flag, also write report to the specified file.
For each finding in the report:
  • Include exact file:line reference
  • Show 3 lines of surrounding context
  • Provide specific fix suggestion or auto-fix command
  • Note whether the fix is auto-fixable or requires manual effort
Gate: Report delivered with all findings, exact references, and actionable suggestions.
目标:以结构化、可执行的格式展示发现的问题。
按以下结构生成报告:
  1. 执行摘要(总问题数、各层级数量、估算总投入时间)
  2. 快速修复项及可用的自动修复命令
  3. 重要项及具体修复建议
  4. 按类型分组的优化项
  5. 按问题数量排序的文件列表
完整模板见
references/report-template.md
将完整报告输出到标准输出。绝不总结或截断发现的问题。
若用户提供
--output {file}
参数,同时将报告写入指定文件。
报告中的每个问题需包含:
  • 精确的文件:行号引用
  • 3行上下文代码
  • 具体的修复建议或自动修复命令
  • 标记修复是否可自动完成或需手动投入
阶段闸门:报告已交付,包含所有问题、精确引用及可执行建议。仅当满足条件时进入下一阶段(若有)。

Phase 5: FIX (Optional - only with explicit permission)

阶段5:修复(可选 - 仅在获得明确许可后执行)

Goal: Apply safe, deterministic fixes.
MUST have explicit user permission before proceeding. Never auto-enter this phase.
Step 1: Confirm scope with user
Before applying any fixes, confirm exactly what will be changed:
markdown
Will apply these auto-fixes:
- Remove {N} unused imports across {N} files
- Sort imports in {N} files
- Format {N} files

{N} files will be modified. Proceed? (y/n)
Step 2: Apply auto-fixes
Apply fixes in order of safety (most safe first):
bash
undefined
目标:应用安全、确定性的修复。
必须获得用户明确许可后才能进入此阶段。绝不自动进入该阶段。
步骤1:与用户确认修复范围
应用任何修复前,明确确认将修改的内容:
markdown
将应用以下自动修复:
- 移除{N}个未使用的导入,涉及{N}个文件
- 对{N}个文件的导入进行排序
- 格式化{N}个文件

将修改{N}个文件。是否继续?(y/n)
步骤2:应用自动修复
按安全性顺序应用修复(最安全的先执行):
bash
undefined

Python - safe fixes only

Python - 仅安全修复

ruff check . --select F401,I001 --fix # Remove unused imports, sort ruff format . # Consistent formatting
ruff check . --select F401,I001 --fix # 移除未使用的导入并排序 ruff format . # 统一格式化

Go - safe fixes only

Go - 仅安全修复

goimports -w . # Remove unused imports, sort, format gofmt -w . # Consistent formatting go mod tidy # Clean up go.mod/go.sum

Do NOT apply fixes flagged as "unsafe" by ruff. Do NOT rename variables, refactor functions, or make any semantic changes in this phase.

**Step 3: Validate fixes**

Run the project's existing test suite to verify nothing broke:

```bash
goimports -w . # 移除未使用的导入、排序并格式化 gofmt -w . # 统一格式化 go mod tidy # 清理go.mod/go.sum

绝不应用被ruff标记为“不安全”的修复。此阶段绝不重命名变量、重构函数或进行任何语义变更。

**步骤3:验证修复结果**

运行项目现有测试套件,验证未引入新问题:

```bash

Python

Python

pytest # Run full test suite ruff check . # Verify no new lint issues
pytest # 运行完整测试套件 ruff check . # 验证无新的lint问题

Go

Go

go test ./... # Run full test suite go build ./... # Verify build succeeds golangci-lint run # Verify no new lint issues

**Step 4: Show diff and results**

```bash
git diff --stat        # Summary of changes
git diff               # Full diff for review
Present results:
markdown
undefined
go test ./... # 运行完整测试套件 go build ./... # 验证构建成功 golangci-lint run # 验证无新的lint问题

**步骤4:展示差异和结果**

```bash
git diff --stat        # 变更摘要
git diff               # 完整差异供审核
展示结果:
markdown
undefined

Fix Results

修复结果

  • Files modified: {N}
  • Imports removed: {N}
  • Tests: PASS ({N} tests)
  • Lint: CLEAN
Review diff above. Commit when satisfied.

**Step 5: Handle failures**

If tests fail after auto-fix:
1. Roll back ALL changes immediately: `git checkout .`
2. Report exactly which test(s) failed and why
3. Suggest applying fixes incrementally (one file at a time) with testing between each

Do NOT leave the repository in a broken state.

**Gate**: All auto-fixes applied, tests pass, diff shown to user. Repository is in a clean, working state.

---
  • 修改文件数:{N}
  • 移除导入数:{N}
  • 测试:通过({N}个测试用例)
  • Lint:无问题
请审核上述差异。满意后可提交。

**阶段闸门**:所有自动修复已应用、测试通过、差异已展示给用户。仓库处于干净、可运行状态。

---

Error Handling

错误处理

Error: "Required analysis tool not found"

错误:“所需分析工具未找到”

Cause: ruff, vulture, gocyclo, or other tool not installed Solution:
  1. Report which tools are missing with install commands
  2. Offer to proceed with partial scan using available tools
  3. grep and git blame are always available as fallback
原因:ruff、vulture、gocyclo或其他工具未安装 解决方案:
  1. 报告缺失的工具并提供安装命令
  2. 提议使用可用工具进行部分扫描
  3. grep和git blame始终可用作备选

Error: "Not a git repository"

错误:“非git仓库”

Cause: Cannot use git blame for TODO aging Solution: Continue scan but mark all TODO ages as "unknown". Warn user that age-based triage is unavailable.
原因:无法使用git blame判断TODO的存在时长 解决方案:继续扫描,但标记所有TODO的时长为“未知”。提醒用户无法进行基于时效性的分类。

Error: "Tests fail after auto-fix"

错误:“自动修复后测试失败”

Cause: Auto-fix changed behavior that tests depend on Solution:
  1. Roll back all changes immediately: 
    git checkout .
  2. Report which fixes caused failures
  3. Suggest applying fixes file-by-file with incremental testing
原因:自动修复变更了测试依赖的行为 解决方案:
  1. 立即回滚所有变更:
    git checkout .
  2. 准确报告哪些测试失败及原因
  3. 建议分批次应用修复(每次一个文件),并在每次修复后进行测试

Error: "Permission denied modifying files"

错误:“修改文件时权限被拒绝”

Cause: Files are read-only, locked, or user did not grant write permission Solution:
  1. Do NOT attempt to bypass permissions
  2. Report which files could not be modified and why
  3. Provide the fix commands so user can run them manually
原因:文件为只读、被锁定或用户未授予写入权限 解决方案:
  1. 绝不尝试绕过权限限制
  2. 报告无法修改的文件及原因
  3. 提供修复命令,让用户手动执行

Anti-Patterns

反模式

Anti-Pattern 1: Scanning Everything Without Focus

反模式1:无聚焦地扫描所有内容

What it looks like: Running all 9 scan types across entire codebase for "check for any code issues" Why wrong: Produces overwhelming noise, user cannot act on 100+ unsorted findings Do instead: Ask for target area, start with quick wins, offer to expand scope
表现:针对“检查任何代码问题”的请求,对整个代码库运行所有9类扫描 危害:产生大量无关信息,用户无法处理100+无排序的问题 正确做法:询问用户目标区域,先从快速修复项开始,再提议扩展范围

Anti-Pattern 2: Auto-Fixing Without Permission

反模式2:未获许可自动修复

What it looks like: Running 
ruff --fix
immediately after scan completes Why wrong: User expected a report, not file modifications. Changes may conflict with in-progress work Do instead: Report findings first. Only fix when user explicitly requests it
表现:扫描完成后立即运行
ruff --fix
危害:用户期望获得报告,而非文件修改。变更可能与正在进行的工作冲突 正确做法:先报告问题。仅在用户明确请求时进行修复

Anti-Pattern 3: Flat Unsorted Reports

反模式3:无排序的扁平报告

What it looks like: Alphabetical list of all issues with equal weight Why wrong: Critical 90-day-old security TODO buried among trivial missing docstrings Do instead: Always prioritize by impact/effort. Quick wins first, polish last
表现:按字母顺序展示所有问题,无优先级区分 危害:存在90天的严重安全相关TODO被淹没在无关的缺失文档字符串问题中 正确做法:始终按影响/投入比排序。先展示快速修复项,最后展示优化项

Anti-Pattern 4: Scanning Vendor/Generated Code

反模式4:扫描第三方/生成代码

What it looks like: Reporting 500 issues mostly in node_modules/ or generated protobuf files Why wrong: User cannot fix third-party or generated code Do instead: Exclude non-source directories. Only scan code the user controls
表现:报告的500个问题大多来自node_modules/或生成的protobuf文件 危害:用户无法修改第三方或生成的代码 正确做法:排除非源码目录。仅扫描用户可控的代码

Anti-Pattern 5: Treating All TODOs Equally

反模式5:对所有TODO一视同仁

What it looks like: Listing 47 TODOs in a flat list with no age or severity context Why wrong: A 180-day-old TODO about a data race is fundamentally different from yesterday's "TODO: add test case" Do instead: Age every TODO with git blame. Triage by age (Critical >90d, High 30-90d, Normal <30d) and severity keywords
表现:将47个TODO以扁平列表展示,无时效性或严重程度上下文 危害:存在180天的数据竞争TODO与昨天的“TODO: 添加测试用例”被同等对待 正确做法:通过git blame判断每个TODO的存在时长。按时效性(严重:>90天,高优先级:30-90天,普通:<30天)和严重程度关键词分类

References

参考资料

This skill uses these shared patterns:
  • Anti-Rationalization - Prevents shortcut rationalizations
  • Verification Checklist - Pre-completion checks
本技能使用以下共享模式:
  • 反合理化 - 防止捷径式合理化
  • 验证清单 - 完成前检查

Domain-Specific Anti-Rationalization

领域特定反合理化

RationalizationWhy It's WrongRequired Action
"I'll just fix these while scanning"Modifying without permission violates report-first ruleComplete report, ask permission, then fix
"Scanning everything is more thorough"Thoroughness without focus produces noise, not valueScope first, scan second
"These findings are obvious, no need for references"file:line references are non-negotiableAlways include exact locations
"Auto-fix is safe, no need to ask"Safe for tool does not mean safe for user's workflowAlways get explicit permission
合理化借口错误原因要求操作
“我扫描时顺便修复这些问题”未经许可修改文件违反先报告规则完成报告,请求许可后再修复
“扫描所有内容更彻底”无聚焦的彻底性只会产生噪声,而非价值先确定范围,再进行扫描
“这些问题很明显,不需要引用”文件:行号引用是必须的始终包含精确位置
“自动修复是安全的,不需要询问”工具认为安全不代表适用于用户的工作流始终获得明确许可

Reference Files

参考文件

  • ${CLAUDE_SKILL_DIR}/references/scan-commands.md
    : Language-specific scan commands and expected output
  • ${CLAUDE_SKILL_DIR}/references/report-template.md
    : Full structured report template
  • ${CLAUDE_SKILL_DIR}/references/tools.md
    : Tool installation, versions, and capabilities
  • ${CLAUDE_SKILL_DIR}/references/scan-commands.md
    :各语言的扫描命令及预期输出
  • ${CLAUDE_SKILL_DIR}/references/report-template.md
    :完整结构化报告模板
  • ${CLAUDE_SKILL_DIR}/references/tools.md
    :工具安装、版本及功能说明