← Back to Skills Marketplace
hickhe

Code Archaeology

by roboe · GitHub ↗ · v2.5.0 · MIT-0
cross-platform ⚠ suspicious
147
Downloads
1
Stars
1
Active Installs
8
Versions
Install in OpenClaw
/install code-archaeology
Description
Analyze legacy codebases to extract business rules, technical specifications, and migration requirements. Use when analyzing PHP, Java, Python, or other lega...
README (SKILL.md)

Code Archaeology Skill

Overview

Code Archaeology is a systematic analysis methodology for understanding legacy codebases and extracting actionable insights for modernization. This skill provides tools and workflows for:

  • Business Rule Extraction: Identify and document business logic from legacy code
  • Technical Specification Generation: Extract data models, API contracts, and system architecture
  • Security Risk Assessment: Identify security vulnerabilities and technical debt
  • Migration Planning: Generate detailed migration requirements and task breakdowns
  • AI Plan Generator Integration: Convert analysis results into AI-executable context documents

Unified Directory Structure

Code Archaeology results are organized in a standardized directory structure:

{project}_code_archaeology/
├── results/                    # Primary analysis outputs (for AI integration)
│   ├── {project}_api_analysis.md
│   ├── {project}_security_audit_results.md
│   ├── {project}_performance_analysis.md
│   ├── {project}_technical_debt_assessment.md
│   ├── {project}_optimization_recommendations.md
│   └── {project}_code_archaeology_final_report.md
├── process/                   # Detailed analysis artifacts (30+ files)
│   ├── 01-system-constants-analysis.md
│   ├── 02-database-schema-analysis.md
│   ├── 03-business-domain-file-list.md
│   ├── {domain}-analysis.md (per business domain)
│   └── round2_progress.json
├── source/                    # Original source code reference
│   └── {project}/
└── {project}_archaeology_status.json  # Analysis status tracking

Core Capabilities

1. Multi-Round Analysis

  • Round 1: Business domain mapping and core architecture analysis
  • Round 2: Deep technical assessment (security, performance, optimization)

2. Domain-Specific Analysis

  • Financial Management: Payment processing, invoicing, reconciliation
  • Customer Management: User authentication, profile management
  • Contract Management: Contract lifecycle, status transitions
  • Supply Chain: Inventory, procurement, logistics

3. Security Risk Identification

  • Critical: Hardcoded credentials, SQL injection vulnerabilities
  • High: Weak password storage, session management issues
  • Medium: XSS/CSRF protection gaps, insecure file permissions

4. Technical Debt Assessment

  • Architecture: Monolithic limitations, lack of layered architecture
  • Code Quality: Code duplication, outdated language features
  • Maintainability: Missing documentation, poor test coverage
  • Performance: Database query optimization, caching mechanisms

AI Plan Generator Integration

Code Archaeology results can be directly consumed by AI Plan Generator to create:

  • Campaign Documents: Strategic migration plans with clear boundaries
  • Context Documents: AI-executable business rules and technical specifications
  • Task Decomposition: Detailed implementation tasks with priorities and dependencies
  • Validation Standards: Comprehensive testing requirements and acceptance criteria

Integration Workflow

# 1. Run Code Archaeology analysis
code-archaeology analyze legacy-project --output-dir legacy_project_code_archaeology

# 2. Generate AI Plan Generator context from archaeology results  
ai-plan-generator generate-context-from-archaeology \
  /path/to/legacy_project_code_archaeology \
  context-documents \
  finance

# 3. Validate context document completeness
ai-plan-generator analyze-completeness context-documents

# 4. Create ClawTeam migration team
clawteam create --name "finance-migration" --description-file campaign.md

Usage Guidelines

When to Use

  • Legacy System Modernization: Planning migration from PHP 5.x, legacy Java, etc.
  • Business Logic Documentation: Extracting undocumented business rules
  • Security Remediation: Identifying and prioritizing security vulnerabilities
  • Technical Debt Reduction: Planning systematic codebase improvements

Input Requirements

  • Source Code Access: Full access to legacy codebase
  • Business Context: Understanding of business domains and requirements
  • Target Architecture: Clear vision of target modern architecture

Output Artifacts

  • Comprehensive Reports: Executive summaries and detailed technical analysis
  • Actionable Recommendations: Prioritized improvement and migration tasks
  • Risk Assessments: Security and business continuity risk evaluations
  • Integration Ready: Structured data for AI Plan Generator consumption

Best Practices

Analysis Process

  1. Start Broad: Begin with high-level business domain mapping
  2. Go Deep: Focus on critical domains (financial, security-sensitive)
  3. Validate Findings: Cross-reference analysis results with business stakeholders
  4. Iterate: Refine analysis based on feedback and new discoveries

Documentation Standards

  • Machine Readable: Structure outputs for AI consumption
  • Human Understandable: Provide clear explanations for business stakeholders
  • Action Oriented: Focus on actionable insights and recommendations
  • Version Controlled: Track analysis evolution over time

Integration Patterns

  • ClawTeam Orchestration: Use analysis results to drive multi-agent coordination
  • Continuous Validation: Regularly validate AI interpretations against original code
  • Feedback Loops: Use implementation results to refine future analyses

Example Use Cases

Financial Module Migration

Input: Legacy PHP financial system with hardcoded credentials Analysis: Identifies payment processing logic, security vulnerabilities, data models Output: Complete migration plan with security remediation and validation standards

User Authentication Modernization

Input: Custom authentication system with weak password storage Analysis: Extracts user management workflows, identifies security gaps Output: Modern authentication implementation plan with proper security controls

API Standardization

Input: Inconsistent RPC-style APIs across multiple modules Analysis: Documents all API endpoints, request/response formats, error handling Output: RESTful API redesign specification with backward compatibility strategy

Code Archaeology transforms legacy code understanding from an art into a systematic, repeatable science that powers AI-driven modernization.

Integration Scripts

This skill includes integration scripts for converting Code Archaeology results to AI Plan Generator format:

  • convert-to-ai-plan-generator.cjs: Main conversion utility
  • code-archaeology-integrator.cjs: Core parsing and extraction logic
  • process-file-manager.cjs: File location and organization management

Usage

node convert-to-ai-plan-generator.cjs /path/to/archaeology-results output-dir domain
Usage Guidance
This skill appears to do what it says (analyze legacy code + produce migration/context docs), but it contains sloppy defaults and bugs. Before running: (1) Inspect the included scripts locally and fix the missing method or other errors; (2) do not run them directly against a production codebase — run in an isolated environment or on a copy; (3) override the default baseDir (/Users/admin/...) to a safe workspace to avoid accidental file writes; (4) be aware that outputs may include sensitive data from your source — treat outputs like secrets and store them appropriately; (5) ensure required external tools (ai-plan-generator, clawteam) and Node.js are deliberate and trusted. If you lack the ability to inspect or sandbox the code, treat this package with caution.
Capability Analysis
Type: OpenClaw Skill Name: code-archaeology Version: 2.5.0 The code-archaeology skill bundle is a legitimate toolset designed for analyzing legacy codebases and generating migration plans. The included JavaScript files (code-archaeology-integrator.cjs, convert-to-ai-plan-generator.cjs, and process-file-manager.cjs) perform standard file system operations and string parsing to transform analysis results into structured formats. There is no evidence of data exfiltration, malicious execution, or prompt injection; the security risks mentioned in the documentation and code (e.g., hardcoded credentials like '123qwe') are clearly presented as examples of findings the tool is intended to identify within legacy target systems.
Capability Assessment
Purpose & Capability
The name, README, SKILL.md and included scripts (integrator, converter, process-file-manager) are coherent with a legacy-code analysis -> generate migration/context-documents workflow. However the integrator expects specific file names prefixed with 'zbs_php_' and the default business domain is hardcoded to 'finance', which narrows applicability without justification. _meta.json version (2.4.0) differs from registry version (2.5.0) — a minor metadata inconsistency.
Instruction Scope
Runtime instructions ask the agent to read full source trees and produce many local artifacts (expected for this tool). The scripts create and write files on disk and the ProcessFileManager has a hardcoded default baseDir of '/Users/admin/.openclaw/workspace' (creates folders and files there) which is surprising and platform-specific. The SKILL.md also references external CLI tools (ai-plan-generator, clawteam) that are not included; the convert script calls integrator.generateValidationStandards(), but that method is not defined in the integrator — this is a runtime bug that could cause errors during execution. No instructions request secrets, but outputs may contain sensitive business code and credentials if present in the analyzed source (so exercising principle of least privilege is important).
Install Mechanism
There is no install spec (instruction-only skill), so nothing will be automatically downloaded or installed by the platform. The included Node.js scripts are present but will only run if the user or agent executes them. This is lower-risk than remote downloads, but local execution still writes files.
Credentials
The skill declares no required environment variables or credentials (good). However it assumes a Node.js runtime (README notes Node.js v14+) and local filesystem access to the legacy codebase — which is expected for its purpose. The integrator generates integration configs (database, redis, enterprise_wechat) that may imply further credentials are needed downstream, but none are declared here.
Persistence & Privilege
The skill does not set always:true and does not request platform-wide privileges. Nevertheless, its ProcessFileManager defaults to writing into a hardcoded user path (/Users/admin/.openclaw/workspace) and will create project directories and files there if executed — this persistent file activity is surprising and could pollute or overwrite user workspace if run without checking the path. The skill does not modify other skills' configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install code-archaeology
  3. After installation, invoke the skill by name or use /code-archaeology
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.5.0
Added AI Plan Generator integration with unified directory structure support and conversion scripts
v2.4.0
Added support for mainstream languages: Java, Node.js, Python, Vue.js in addition to existing PHP support
v2.3.0
Enhanced documentation highlighting powerful business intelligence capabilities: business rules extraction, PRD generation, and workflow analysis
v2.2.0
Updated to full English documentation with separate Chinese example file (EXAMPLE_CN.md)
v2.1.0
Added bilingual Chinese-English documentation for better accessibility
v2.0.0
Renamed from Code Archaeology V2 to Code Archaeology with improved documentation and structure
v1.0.1
Improved skill package with cleaner structure and better documentation
v1.0.0
Initial release of Code Archaeology—an advanced system for deep legacy codebase analysis. - Introduces a comprehensive two-phase workflow: discovery & mapping, then deep technical assessment. - Automates business domain mapping, architecture analysis, security auditing, and technical debt assessment. - Generates executive summaries, detailed reports, and prioritized optimization recommendations. - Modular sub-skill architecture for scan/indexing, domain analysis, vulnerability tracking, and reporting. - Designed for PHP and adaptable to other languages; requires bash, git, and PHP.
Metadata
Slug code-archaeology
Version 2.5.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 8
Frequently Asked Questions

What is Code Archaeology?

Analyze legacy codebases to extract business rules, technical specifications, and migration requirements. Use when analyzing PHP, Java, Python, or other lega... It is an AI Agent Skill for Claude Code / OpenClaw, with 147 downloads so far.

How do I install Code Archaeology?

Run "/install code-archaeology" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Code Archaeology free?

Yes, Code Archaeology is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Code Archaeology support?

Code Archaeology is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Code Archaeology?

It is built and maintained by roboe (@hickhe); the current version is v2.5.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments