asiaostrich/discover
skills/project-discovery/SKILL.md
[UDS] Assess project health, architecture, and risks before adding features
$ install --global
skillsauthnpx skillsauth add asiaostrich/universal-dev-standards discoverInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:18 PM1.7s1 file scanned
SKILL.md
- name:
- discover
- scope:
- universal
- description:
- [UDS] Assess project health, architecture, and risks before adding features
- allowed-tools:
- Read, Grep, Glob, Bash(npm test:*), Bash(npm audit:*), Bash(npm outdated:*)
- argument-hint:
- [feature area | 功能範圍]
- disable-model-invocation:
- true
Project Discovery | 專案現況評估
Phase 0 assessment before adding features to existing codebases. Evaluate project health, architecture, and risks.
在既有程式碼庫新增功能前的 Phase 0 評估。評估專案健康度、架構與風險。
Assessment Dimensions | 評估維度
| Dimension | What to Check | 檢查項目 |
|-----------|--------------|----------|
| Architecture | Module structure, dependency graph, entry points | 模組結構、相依圖、進入點 |
| Dependencies | Outdated packages, known vulnerabilities, license risks | 過時套件、已知漏洞、授權風險 |
| Test Coverage | Existing test suite, coverage gaps, test quality | 現有測試、覆蓋率缺口、測試品質 |
| Security | npm audit findings, hardcoded secrets, exposed endpoints | 安全稽核、硬編碼密鑰、暴露端點 |
| Technical Debt | TODOs, code duplication, complexity hotspots | TODO 標記、程式碼重複、複雜度熱點 |
Workflow | 工作流程
- Scan project - Read package.json, directory structure, config files
- Analyze architecture - Map modules, dependencies, and data flow
- Check dependencies - Run
npm outdated,npm auditfor health signals - Assess risks - Identify complexity hotspots, missing tests, security issues
- Generate report - Output health score with actionable recommendations
Output Format | 輸出格式
Project Health Report
=====================
Overall Score: 7.2 / 10
| Dimension | Score | Status | Key Finding |
|-----------------|-------|---------|------------------------|
| Architecture | 8/10 | Good | Clean module boundaries |
| Dependencies | 6/10 | Warning | 5 outdated, 1 critical |
| Test Coverage | 7/10 | Fair | 72% line coverage |
| Security | 8/10 | Good | No critical vulns |
| Technical Debt | 6/10 | Warning | 23 TODOs, 3 hotspots |
Recommendations:
1. [HIGH] Update lodash to fix CVE-2024-XXXX
2. [MED] Add tests for src/payments/ (0% coverage)
3. [LOW] Resolve TODO backlog in src/utils/
Risk Register | 風險登記簿
After assessment, identified risks are recorded in a structured Risk Register for ongoing tracking.
評估完成後,已識別的風險記錄在結構化的風險登記簿中進行持續追蹤。
Risk Matrix | 風險矩陣
Impact | 影響
Low Med High
High [ Med ] [High] [Crit]
Med [ Low ] [Med ] [High] Likelihood | 可能性
Low [ Low ] [Low ] [Med ]
Risk Register Template | 風險登記簿模板
# Risk Register — [Project Name]
**Last Updated**: YYYY-MM-DD
| ID | Category | Description | Likelihood | Impact | Level | Owner | Mitigation | Status |
|----|----------|-------------|-----------|--------|-------|-------|------------|--------|
| RISK-001 | Security | Outdated deps with CVEs | High | High | Critical | @dev | npm audit fix | Open |
| RISK-002 | Performance | No load testing | Medium | High | High | @ops | Add k6 tests | Open |
| RISK-003 | Quality | Low test coverage in payments | High | Medium | High | @qa | Add IT tests | Mitigating |
Risk Status Lifecycle | 風險狀態
Identified ──► Mitigating ──► Resolved ──► Closed
│
└──► Accepted (with justification)
Risk Storage | 風險存放
docs/risks/
├── RISK-REGISTER.md # Active risk register
├── RISK-REGISTER-2026-Q1.md # Quarterly snapshot (optional)
└── README.md # Index
Usage | 使用方式
/discover- Full project health assessment/discover auth- Focused assessment of auth-related modules/discover payments- Assess risks before adding payment features/discover --risks- View current risk register/discover --update-risk RISK-NNN- Update a risk item status
Next Steps Guidance | 下一步引導
After /discover completes, the AI assistant should suggest based on the assessment:
根據評估結果,建議下一步 / Based on assessment, suggested next steps:
- New feature / 新功能 →
/sddto create a specification ⭐ Recommended / 推薦- Legacy code / 遺留程式碼 →
/reverse specto extract existing behavior- Refactoring / 重構 →
/refactor decideto choose a strategy- Quick fix / 快速修復 →
/tddto write a targeted test and fix- Risk tracking / 風險追蹤 →
/discover --risksto view risk register- Architecture decision / 架構決策 →
/adrto record decisions made during discovery
Reference | 參考
- Detailed guide: guide.md
AI Agent Behavior | AI 代理行為
完整的 AI 行為定義請參閱對應的命令文件:
/discoverFor complete AI agent behavior definition, see the corresponding command file:
/discover
Related Skills
asiaostrich/sweep
development
VerifiedTrustedCommunity
[UDS] 扫描代码库的调试残留与代码质量问题;可自动修正安全模式。 Use when: before committing, during PR review, or periodic codebase cleanup. Keywords: sweep, debug cleanup, console.log, debugger, TODO, ts-any, code quality, 扫描, 清理.
69SKILL.mdUpdated Jun 4, 2026
asiaostrich/spec-derive
tools
VerifiedTrustedCommunity
[UDS] 从规格衍生 BDD 场景、TDD 骨架或 ATDD 表格
69SKILL.mdUpdated Jun 4, 2026
asiaostrich/skill-builder
development
VerifiedTrustedCommunity
[UDS] 识别重复流程并以正确的开发深度构建 Skill
69SKILL.mdUpdated Jun 4, 2026
asiaostrich/push
tools
VerifiedTrustedCommunity
[UDS] AI 辅助 git push 安全层:质量门禁 + 协作护栏。 Use when: pushing commits, force pushing, pushing to protected branches, pushing feature branches. Keywords: git push, force push, protected branch, quality gate, push receipt, PR automation, 推送, 保护分支, 质量门禁.
69SKILL.mdUpdated Jun 4, 2026