Coding & Refactoringlow risk
rot-canary
Code-health scan — dead code, bug-prone logic, resource leaks, concurrency bugs, silent failures, input-boundary issues, doc rot. Triggers on: "/rot-canary", "rot-canary", "code-health" (legacy aliases: "/rotcanary", "rotcanary"). Auto-runs at session end on touched files (QUICK, report only) via platform hooks — auto-wired by the Claude Code plugin, manual elsewhere. Run manually for fix mode. Reports; fixes on request via choice-gated menu.
HetCreep/CoalMine·skills/rot-canary/SKILL.md
39/ 100おすすめ度
この Skill を導入
coding agent を選び、プロジェクト用または個人用コマンドをコピーします。
プロジェクトに導入.agents/skills/rot-canary
npx skills add https://github.com/HetCreep/CoalMine/tree/3e46a56a54f4eec2f8eae4c53d5efca7d5c3ed80/skills/rot-canary -a codex -y個人環境に導入~/.agents/skills/rot-canary
npx skills add https://github.com/HetCreep/CoalMine/tree/3e46a56a54f4eec2f8eae4c53d5efca7d5c3ed80/skills/rot-canary -a codex -g -yプロジェクトに導入.claude/skills/rot-canary
npx skills add https://github.com/HetCreep/CoalMine/tree/3e46a56a54f4eec2f8eae4c53d5efca7d5c3ed80/skills/rot-canary -a claude-code -y個人環境に導入~/.claude/skills/rot-canary
npx skills add https://github.com/HetCreep/CoalMine/tree/3e46a56a54f4eec2f8eae4c53d5efca7d5c3ed80/skills/rot-canary -a claude-code -g -yプロジェクトに導入.agents/skills/rot-canary
npx skills add https://github.com/HetCreep/CoalMine/tree/3e46a56a54f4eec2f8eae4c53d5efca7d5c3ed80/skills/rot-canary -a github-copilot -y個人環境に導入~/.copilot/skills/rot-canary
npx skills add https://github.com/HetCreep/CoalMine/tree/3e46a56a54f4eec2f8eae4c53d5efca7d5c3ed80/skills/rot-canary -a github-copilot -g -yプロジェクトに導入.agents/skills/rot-canary
npx skills add https://github.com/HetCreep/CoalMine/tree/3e46a56a54f4eec2f8eae4c53d5efca7d5c3ed80/skills/rot-canary -a cursor -y個人環境に導入~/.cursor/skills/rot-canary
npx skills add https://github.com/HetCreep/CoalMine/tree/3e46a56a54f4eec2f8eae4c53d5efca7d5c3ed80/skills/rot-canary -a cursor -g -yプロジェクトに導入.agents/skills/rot-canary
npx skills add https://github.com/HetCreep/CoalMine/tree/3e46a56a54f4eec2f8eae4c53d5efca7d5c3ed80/skills/rot-canary -a gemini-cli -y個人環境に導入~/.gemini/skills/rot-canary
npx skills add https://github.com/HetCreep/CoalMine/tree/3e46a56a54f4eec2f8eae4c53d5efca7d5c3ed80/skills/rot-canary -a gemini-cli -g -yNative Gemini CLI
gemini skills install https://github.com/HetCreep/CoalMine.git --scope workspace --path skills/rot-canary⚠ インストールには open-source skills CLI を使用します。実行前にソースと権限を確認してください。
Skill の指示
GitHub で元ファイルを表示 ↗# Rot-Canary <!-- SHARED:LANGUAGE_HEADER --> Scan code for rot. Report CONFIRMED findings. Fix on request. ## Parameters - **SCOPE:** touched files (default) | diff | named files | whole repo. Touched-files scan is hybrid-capped: all if ≤ `autoScanFileCap`, else the `autoScanFileCapSlice` most-recently-modified files (warn the user). - **DEPTH:** QUICK (default) | DEEP ## Categories 1. **Bug-risk** — null deref, wrong operator, off-by-one, missing return 2. **Dead / unreachable** — zero-ref symbols, code after return/throw, always-true guards 3. **Disconnected** — exists but never wired to entry point, half-done refactor 4. **Duplication** — copy-paste diverged, two sources of truth for one constant 5. **Resource leak** — undisposed handle/stream/COM, subscription never removed 6. **Async** — unawaited task, `.Result`/`.Wait()` deadlock, blocking on UI thread 7. **Silent failure** — empty catch, success on partial completion, ignored return code 8. **Input security** — unvalidated input, injection, path traversal, secret in code/log 9. **Performance** — O(n²) in hot path, N+1, unbounded growth, work on UI thread 10. **Doc rot** — comment contradicts code, stale TODO, wrong param in docstring ## Discipline - Report only CONFIRMED. Unverifiable → separate "SUSPECTED" list. - Cite evidence (file:line, call-site count, the absent catch). - "Dead" = **zero-reference reachability** (the static heuristic): zero references across ALL entry routes — reflection, DI, events, public API, tests — not a single-file grep. ## Fix mode (choice-gated) **Standing consent:** honor `.coalmine.json` `autoFixMode` as the pre-chosen option (the config IS the chosen option) — `off` = report only, no menu · `safe` = apply safe/reversible fixes automatically (still checkpoint → build/test → revert if red) · `interactive` (default) = present the menu below. After any scan report in an interactive session — manual run OR hook-nudged auto-scan — you **MUST** present this menu via `ask_question` (skip only when findings are zero, no user is present, or `autoFixMode` pre-decided above): - **Apply safe fixes:** mechanical, fully reversible edits only (dead imports, commented-out blocks, formatting). Each fix: checkpoint (git stash/commit in a git repo; else copy the file aside — never assume git exists) → apply → build + tests → auto-revert if newly red. - **Let me pick:** list findings; user selects. - **Report only:** exit unchanged. NEVER auto-fix: live/reachable path · logic change · "API looks wrong" (ground via source-grounding first) · framework-wired code that only *looks* dead · SUSPECTED findings. ## Output | # | path:line | category | severity | finding | evidence | fix | Then: SUSPECTED list · coverage gaps · counts + top 3 to fix. Severity: CRITICAL (data loss/security/crash on normal path) · HIGH (real bug/leak on reachable path) · MEDIUM (dead/dup/unwired) · LOW (style/doc rot) ## Cadence Stop hook → auto QUICK on the session's touched files (report only), hybrid-capped per `.coalmine.json` (see Parameters). Manual whole-repo DEEP sweep when needed. Auto-wiring is platform-dependent — read `references/cadence.md` before claiming auto-scan works on the current platform. ## Tooling Per-stack build/dead-code/lint commands: read `references/tooling.md` when selecting scan tools. <!-- SHARED:ORCHESTRATION --> <!-- SHARED:ESCALATION_FOOTER -->