lennetech/analyzing-projects
plugins/lt-showroom/skills/analyzing-projects/SKILL.md
Analyzes software projects to extract technology stack, architecture, features, API surface, testing strategy, UI/UX patterns, security measures, and performance optimizations. Produces structured, evidence-based reports where every claim is backed by a source code reference. Also detects how the application is started (scripts, Docker, database requirements) and enumerates all pages and views for screenshot planning. Outputs a structured report that feeds directly into SHOWCASE.md creation and screenshot automation. Activates when analyzing a project for showroom showcases, portfolio entries, project documentation, or when a user asks what a project does or how it is built. NOT for creating or publishing showcases (use creating-showcases). NOT for platform development (use generating-nest-servers).
tools
Updated Apr 21, 2026
$ install --global
skillsauthnpx skillsauth add lennetech/claude-code analyzing-projectsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 30, 2026, 1:08 PM7.7s1 file scanned
SKILL.md
- name:
- analyzing-projects
- description:
- Analyzes software projects to extract technology stack, architecture, features, API surface, testing strategy, UI/UX patterns, security measures, and performance optimizations. Produces structured, evidence-based reports where every claim is backed by a source code reference. Also detects how the application is started (scripts, Docker, database requirements) and enumerates all pages and views for screenshot planning. Outputs a structured report that feeds directly into SHOWCASE.md creation and screenshot automation. Activates when analyzing a project for showroom showcases, portfolio entries, project documentation, or when a user asks what a project does or how it is built. NOT for creating or publishing showcases (use creating-showcases). NOT for platform development (use generating-nest-servers).
Analyzing Software Projects
This skill enables Claude Code to perform deep, evidence-based analysis of software projects and produce structured reports suitable for SHOWCASE.md creation and showcase publishing on showroom.lenne.tech.
When to Use This Skill
- User asks to analyze a project for a showcase or portfolio entry
- User wants to understand what a codebase does or how it is structured
- Running
/showroom:analyze,/showroom:create, or/showroom:updatecommands - Working inside the showroom platform repository on analysis features
- User asks about a project's technology stack, features, or architecture
Skill Boundaries
| User Intent | Correct Skill |
|------------|---------------|
| Analyze project source code | THIS SKILL |
| Create or update a showcase | creating-showcases |
| Develop the showroom platform itself | generating-nest-servers / developing-lt-frontend |
Related Skills
Works closely with:
creating-showcases— Consumes analysis reports to build SHOWCASE.md and showcase contentgenerating-nest-servers— For backend development on the showroom API
Analysis Dimensions
Every project analysis covers exactly 8 dimensions. Read the full guide in ${CLAUDE_SKILL_DIR}/reference/analysis-dimensions.md.
| # | Dimension | Purpose | |---|-----------|---------| | 1 | Technology Stack | Languages, frameworks, key libraries, runtimes | | 2 | Architecture | Structure, patterns, separation of concerns | | 3 | Core Features | User-facing capabilities backed by endpoints/components | | 4 | API Surface | REST endpoints, GraphQL schema, auth mechanisms | | 5 | Testing Strategy | Test types, frameworks, coverage breadth | | 6 | UI/UX Patterns | Component libraries, responsive design, accessibility | | 7 | Security Measures | Auth, validation, rate limiting, encryption | | 8 | Performance Optimizations | Caching, query optimization, async patterns |
Additional Analysis (Required for Phase 2+3)
Beyond the 8 dimensions, every analysis MUST also produce:
Feature List with Evidence
For each feature, record:
- Name — short, action-oriented label (e.g. "Role-based Access Control")
- Description — 1-2 sentences describing what the feature does
- Evidence —
file:linereference to the implementing code - Screenshot candidate — which page/view best demonstrates this feature
Apply heuristics from ${CLAUDE_SKILL_DIR}/reference/feature-extraction.md to detect features systematically.
How to Get the Project Running (CRITICAL)
The analysis MUST produce a complete, actionable recipe to start the project from scratch. This is not optional — without it, screenshots cannot be taken and features cannot be verified.
Follow the full 8-step detection protocol in ${CLAUDE_SKILL_DIR}/reference/startup-detection.md:
- Project Structure & Package Manager
- Dependency Installation
- Environment Configuration
- Database & External Services
- Start Command
- First User / Authentication Setup
- Demo Data / Seed
- Auth Routes & Login Pages
Output the findings as a startupInfo YAML block (schema in ${CLAUDE_SKILL_DIR}/reference/startup-detection.md).
Gotchas
- Ports 3000/3001 are hardcoded in lenne.tech projects — If another project is already running, screenshots will capture the wrong app. Always check
lsof -i :3000 -i :3001before starting. .env.exampleoften hides required secrets — Keys likeOPENAI_API_KEY,DIRECTUS_URL, or database credentials look optional but the app will fail silently at runtime. Flag these asenvRequired.- Tauri projects need web-only mode for screenshots — If
src-tauri/is present, the fullnpm run devbuilds the desktop app. Usenpx nuxt devdirectly to bypass Tauri and get a browser-accessible dev server on port 3001.
Pages and Views Inventory
List all navigable pages and views in the application for screenshot planning:
-
Frontend Projects (Nuxt, Next.js, Vue, React, Angular):
- Glob for
pages/,app/,views/,routes/directories - Read router files to enumerate all routes
- Classify each route: public, authenticated, admin
- Note the primary feature each page exposes
- Glob for
-
Backend-only Projects (NestJS, Express, Fastify):
- Enumerate controller route prefixes
- Identify any swagger/API docs endpoint
Output a pagesInventory list:
pagesInventory:
- path: "/"
name: "Landing Page"
auth: "public"
feature: "Homepage"
- path: "/dashboard"
name: "Dashboard"
auth: "authenticated"
feature: "Overview & Analytics"
- path: "/projects/:id"
name: "Project Detail"
auth: "authenticated"
feature: "Project Management"
Execution Protocol
- Discover — Read manifest files to detect tech stack (
${CLAUDE_SKILL_DIR}/reference/framework-detection.md) - Map — Glob for controllers, services, models, components, test files
- Deep-read — Follow imports, read implementations for key findings
- Extract features — Apply heuristics from
${CLAUDE_SKILL_DIR}/reference/feature-extraction.md - Detect startup — Check docker-compose, package scripts, env requirements
- Inventory pages — Enumerate all routes and views
- Compile — Structure output according to
${CLAUDE_SKILL_DIR}/reference/report-schema.md - Validate — Verify every claim has a
file:linereference
Validation Rules
- No speculation — Every feature claim needs a code reference
- No marketing language — Describe what the code does, not potential
- Accurate names — Use exact package names from dependency files
- Honest coverage — If tests are sparse, say so
- No duplication — Each finding in exactly one dimension
Output Format
Produce a structured report following ${CLAUDE_SKILL_DIR}/reference/report-schema.md.
The report MUST include:
- All 8 analysis dimensions
- Feature list with evidence and screenshot candidates
startupInfoblockpagesInventorylist
Source references use the format: path/to/file.ts:42
Unknown or undeterminable items are marked as unknown — never guessed.
Reference Files
${CLAUDE_SKILL_DIR}/reference/analysis-dimensions.md— Detailed guide for each of the 8 dimensions${CLAUDE_SKILL_DIR}/reference/framework-detection.md— Framework detection lookup table${CLAUDE_SKILL_DIR}/reference/feature-extraction.md— Feature heuristics (auth, uploads, realtime, etc.)${CLAUDE_SKILL_DIR}/reference/startup-detection.md— Full 8-step startup detection protocol withstartupInfoschema${CLAUDE_SKILL_DIR}/reference/report-schema.md— TypeScript interface for the structured report
Related Skills
lennetech/validating-production-readiness
development
VerifiedTrustedCommunity
Single source of truth for the lenne.tech fullstack production-readiness checklist. Defines the eight pillars (configuration & secrets, observability & logging, health & lifecycle, security hardening, data durability, resilience under load, deployment hygiene, runbook & rollback) with concrete file/line evidence requirements per pillar, severity classification (Critical / Major / Minor), and a canonical machine-parseable report block. Activates whenever an agent or command needs to gate a release on production-readiness — currently used by /lt-dev:production-ready, lt-dev:production-readiness-orchestrator, and the devops-reviewer (read-only). NOT for OWASP-style code-level security review (use security-reviewer). NOT for npm dependency audits (use maintaining-npm-packages).
SKILL.mdUpdated May 11, 2026
lennetech/validating-ci-pipelines-locally
development
VerifiedTrustedCommunity
Single source of truth for executing GitLab CI/CD pipelines locally with the same image, env vars, and service containers as the real runner — so pipeline failures are caught before push. Defines pipeline discovery (.gitlab-ci.yml + includes), per-job execution via gitlab-runner exec, service-container orchestration (Mongo, Redis, MailHog), env injection without secrets, cache/artifact handling, and a job-by-job verdict report. Also describes the GitHub Actions equivalent via act for projects that mirror to GitHub. Activates whenever an agent or command needs to validate that the CI pipeline will pass — currently used by /lt-dev:production-ready and lt-dev:production-readiness-orchestrator. NOT for running the local check script (use running-check-script). NOT for writing or refactoring CI configs (use the devops agent).
SKILL.mdUpdated May 11, 2026
lennetech/running-load-tests-with-k6
development
VerifiedTrustedCommunity
Single source of truth for designing, running, and interpreting k6 load tests against lenne.tech fullstack APIs. Defines installation paths (brew, docker, npm), the three canonical scenarios (smoke / load / soak), endpoint discovery from the generated SDK, realistic Better-Auth login flows, threshold defaults for ~10 concurrent users (p95 < 500ms, error rate < 1%, http_req_failed < 1%), result interpretation, and the optimisation ladder when the system fails (DB indices, query rewrites, caching, connection pool sizing, rate-limit relaxation, payload trimming). Activates whenever an agent or command needs to validate that the API is stable for ~10 concurrent users performing many actions in short time, or to detect performance regressions via k6. Currently used by /lt-dev:production-ready, lt-dev:production-readiness-orchestrator, and lt-dev:performance-reviewer. NOT for Lighthouse frontend performance (use a11y-reviewer). NOT for unit performance assertions (use the test runner directly).
SKILL.mdUpdated May 11, 2026
lennetech/modernizing-toolchain
tools
VerifiedTrustedCommunity
Migrates lenne.tech projects from the legacy jest+eslint+prettier toolchain to the current vitest+oxlint+oxfmt baseline used by nest-server-starter and nuxt-base-starter. Covers swc decoratorMetadata config, the @Prop union-type fix for SWC, supertest default-import correction, ESM/CJS interop, the Nitro PORT-vs-NITRO_PORT bug, ANSI escape stripping in workspace runners (lerna/nx), free-port logic for check-server-start.sh, the offers-pattern config.env.ts (NSC__-only + fail-fast + auto-derived appUrl), and the multi-phase check-envs.sh smoke test. Activates whenever someone is migrating an existing project to the new toolchain, debugging "Cannot determine a type for the X field" Mongoose errors, ERR_SOCKET_BAD_PORT crashes from check-server-start, or wants to align an existing project with the current starter conventions.
SKILL.mdUpdated Apr 30, 2026