rot-canarylisted

Code-health scan — dead code, bug-prone logic, resource leaks, concurrency bugs, silent failures, input-boundary issues, doc rot. Triggers on: "/rot-canary", "rot-canary", "code-health" (legacy aliases: "/rotcanary", "rotcanary"). Auto-runs at session end on touched files (QUICK, report only) via platform hooks — auto-wired by the Claude Code plugin, manual elsewhere. Run manually for fix mode. Reports; fixes on request via choice-gated menu.
HetCreep/CoalMine · ★ 2 · Code & Development · score 75

Install: claude install-skill HetCreep/CoalMine

# Rot-Canary  Scan code for rot. Report CONFIRMED findings. Fix on request. ## Parameters - **SCOPE:** touched files (default) | diff | named files | whole repo. Touched files scan uses hybrid capping (scans all if <= autoScanFileCap, otherwise caps at autoScanFileCapSlice most recently modified files and warns user). - **DEPTH:** QUICK (default) | DEEP ## Categories 1. **Bug-risk** — null deref, wrong operator, off-by-one, missing return 2. **Dead / unreachable** — zero-ref symbols, code after return/throw, always-true guards 3. **Disconnected** — exists but never wired to entry point, half-done refactor 4. **Duplication** — copy-paste diverged, two sources of truth for one constant 5. **Resource leak** — undisposed handle/stream/COM, subscription never removed 6. **Async** — unawaited task, `.Result`/`.Wait()` deadlock, blocking on UI thread 7. **Silent failure** — empty catch, success on partial completion, ignored return code 8. **Input security** — unvalidated input, injection, path traversal, secret in code/log 9. **Performance** — O(n²) in hot path, N+1, unbounded growth, work on UI thread 10. **Doc rot** — comment contradicts code, stale TODO, wrong param in docstring ## Discipline - Report only CONFIRMED. Unverifiable → separate "SUSPECTED" list. - Cite evidence (file:line, call-site count, the absent catch). - "Dead" = zero reachability via ALL routes (reflection, DI, events, public API, tests). ## Fix mode (choice-gated) After