opensrc_skill

This skill fetches source code for npm, PyPI, crates.io or GitHub repos to give AI agents deeper implementation context.
  • Shell

3

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill third774/dotfiles --skill opensrc

  • SKILL.md3.5 KB

Overview

This skill fetches source code for npm, PyPI, crates.io packages and GitHub/GitLab repositories so AI agents can inspect real implementations instead of just types or docs. It provides a local, versioned snapshot of package repos and stores them under an opensrc/ directory for fast agent access. Use it to give agents concrete code context for debugging, auditing, or understanding dependency behavior.

How this skill works

The CLI resolves a package to its upstream repository using registry APIs or accepts direct repo identifiers/URLs. It detects installed versions from lockfiles and node_modules (for npm), clones the matching git tag (with shallow --depth 1 clones), handles monorepo layouts via repository.directory, and removes .git for a lightweight snapshot. Sources are indexed in sources.json and placed under opensrc/repos/ by host/owner/repo.

When to use it

  • When an agent needs to read library internals to explain behavior beyond type signatures
  • Debugging a dependency issue where stack traces or types are insufficient
  • Auditing or reviewing third-party code for security or licensing reasons
  • Exploring implementation patterns across packages or versions
  • Preparing an AI agent to generate fixes or reproduce a bug using real source

Best practices

  • Run from the project root so lockfiles and node_modules can be detected for version resolution
  • Use explicit prefixes (pypi:, crates:, github:) when ambiguous package names exist
  • Keep opensrc/ in .gitignore and exclude it from builds to avoid packaging snapshots
  • Re-run fetch commands when dependencies update to refresh snapshots
  • Use --modify=false in automation to skip interactive file-modification prompts

Example use cases

  • Fetch zod to let an agent trace type coercion and parsing internals when debugging runtime validation errors
  • Pull requests of a dependency at a specific tag to compare behavior between versions
  • Provide an AI assistant with the implementation of a Python package (pypi:requests) for detailed code reasoning
  • Collect multiple related repos (react, react-dom, next) so an agent can analyze cross-package interactions
  • Clone a GitHub repo by URL for agent-guided refactoring or vulnerability triage

FAQ

The tool auto-detects installed versions from node_modules and common lockfiles, then attempts to clone matching tags (v{version}, {version}) or falls back to the default branch.

Will fetching modify my project files?

On first run it prompts to add opensrc/ to .gitignore, exclude it from tsconfig.json, and add an AGENTS.md note; you can bypass prompts with --modify=false.

Can it handle monorepos?

Yes. It respects repository.directory fields and will fetch the subtree for the package inside a monorepo.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational