chelch5/stack-profile-detector
01-package-scaffolding/stack-profile-detector/SKILL.md
Detect a project's language, framework, runtime, testing setup, and deployment target from repository contents and produce a structured STACK-PROFILE.md. Use when scaffolding a new project and need to determine stack from code evidence, onboarding to an existing repo with unknown stack, or generating stack-specific skills. Do not use when stack is already documented in STACK-PROFILE.md or for repos with no code (infer from specs instead).
development
Updated Apr 20, 2026
$ install --global
skillsauthnpx skillsauth add chelch5/skilllibrary stack-profile-detectorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:19 AM20.2s11 files scanned
SKILL.md
- name:
- stack-profile-detector
- description:
- Detect a project's language, framework, runtime, testing setup, and deployment target from repository contents and produce a structured STACK-PROFILE.md. Use when scaffolding a new project and need to determine stack from code evidence, onboarding to an existing repo with unknown stack, or generating stack-specific skills. Do not use when stack is already documented in STACK-PROFILE.md or for repos with no code (infer from specs instead).
- license:
- Apache-2.0
- clients:
- [openai-codex, gemini-cli, opencode, github-copilot]
Stack Profile Detector
Detects a project's stack profile from repository contents and produces a structured document.
Procedure
1. Scan for manifest files
ls -la package.json Cargo.toml pyproject.toml setup.py go.mod pom.xml \
build.gradle *.csproj Gemfile composer.json 2>/dev/null
Priority (if multiple exist): package.json > Cargo.toml > pyproject.toml > go.mod > pom.xml
2. Detect primary language
| Evidence | Language | Confidence | |----------|----------|------------| | package.json + tsconfig.json | TypeScript | High | | package.json (no tsconfig) | JavaScript | High | | Cargo.toml | Rust | High | | pyproject.toml / requirements.txt | Python | High | | go.mod | Go | High | | pom.xml / build.gradle | Java/Kotlin | High | | *.csproj / *.sln | C# | High | | Only source files, no manifest | (inferred) | Medium |
3. Detect framework
Node.js/TypeScript:
deps=$(cat package.json 2>/dev/null | jq -r '(.dependencies + .devDependencies) | keys[]')
# next → Next.js, react → React, express → Express, fastify → Fastify, etc.
Python: Check for fastapi, django, flask in requirements/pyproject.
Rust: Check for axum, actix, rocket in Cargo.toml.
4. Detect testing, build, and deployment
| Category | Evidence | Result | |----------|----------|--------| | Test framework | vitest/jest/pytest/cargo test in config | Named framework | | Build tool | Next.js/Vite/Webpack/Cargo in config | Named tool | | Cloud target | vercel.json/serverless.yml/Dockerfile | Named platform | | Package manager | pnpm-lock/yarn.lock/Cargo.lock | Named manager |
5. Generate STACK-PROFILE.md
# Stack Profile
Generated: [ISO date]
Confidence: [HIGH | MEDIUM | LOW]
## Primary Stack
- **Language:** [detected]
- **Runtime:** [detected]
- **Framework:** [detected]
- **Package Manager:** [detected]
## Testing
- **Framework:** [detected]
- **Command:** [detected]
## Build
- **Tool:** [detected]
- **Command:** [detected]
## Deployment
- **Target:** [detected or "unknown"]
## Evidence
Detection based on: [list of files examined]
6. Handle ambiguous cases
If detection is uncertain (confidence LOW):
## Unresolved
- [Question 1]: [Options found]
- [Question 2]: [Options found]
## Action Required
Please confirm: [specific questions]
Output contract
File: docs/STACK-PROFILE.md (or path specified by scaffolding flow)
Contains: language, runtime, framework, package manager, test setup, build config, deployment target, confidence level, and evidence list.
Failure handling
- No manifest files: Check for source files (.ts, .py, .rs), infer language, mark confidence LOW
- Multiple conflicting manifests: Likely monorepo — detect per package/workspace
- Empty repository: Cannot detect. Require specs from user or canonical brief.
- Unusual setup: Document what was found, flag for manual review
Related Skills
chelch5/context-intelligence
testing
VerifiedTrustedCommunity
Manages context window budgets, loading strategies, and compaction techniques for AI-assisted coding sessions. Trigger on 'context window', 'what to load', 'context management', 'context overflow', 'token budget'. DO NOT USE for loading specific project docs into agent context (use project-context) or prompt wording and optimization (use prompt-crafting).
SKILL.mdUpdated Apr 20, 2026
chelch5/auth-patterns
development
VerifiedTrustedCommunity
Implements authentication, session, token, and authorization patterns for the current stack. Trigger on 'add auth', 'JWT', 'OAuth', 'login endpoint', 'session management', 'API key auth'. DO NOT USE for OWASP hardening checklists (use security-hardening), threat modeling (use security-threat-model), or secret rotation/storage (use security-best-practices).
SKILL.mdUpdated Apr 20, 2026
chelch5/api-schema
tools
VerifiedTrustedCommunity
Defines request/response shapes, versioning, validation, and compatibility rules for API-first work. Trigger on 'design API', 'OpenAPI spec', 'REST schema', 'API versioning', 'generate client SDK'. DO NOT USE for GraphQL schemas, gRPC/protobuf definitions (use stack-standards), auth endpoint logic (use auth-patterns), or external API client wrappers (use external-api-client).
SKILL.mdUpdated Apr 20, 2026
chelch5/ticket-pack-builder
development
VerifiedTrustedCommunity
Create a repo-local ticket system with an index, machine-readable manifest, board, and individual ticket files. Use when a repo needs task decomposition that autonomous agents can follow without re-planning the whole project each session. Do not use for executing tickets (use ticket-execution) or quick fixes that don't warrant formal tickets.
SKILL.mdUpdated Apr 20, 2026