arbazkhan971/opensource
skills/opensource/SKILL.md
Open source project management.
$ install --global
skillsauthnpx skillsauth add arbazkhan971/godmode opensourceInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 3:15 AM5.2s1 file scanned
SKILL.md
- name:
- opensource
- description:
- Open source project management.
Activate When
/godmode:opensource, "set up open source project"- "contributing guide", "code of conduct", "issue templates"
- Preparing to publicly publish a repository
Workflow
1. Repository Health Check
ls LICENSE CODE_OF_CONDUCT.md CONTRIBUTING.md \
SECURITY.md .github/ISSUE_TEMPLATE/ \
.github/PULL_REQUEST_TEMPLATE.md \
.github/CODEOWNERS 2>/dev/null
# Secrets audit
grep -rn "sk_\|password\|secret\|token\|api_key" \
--include="*.ts" --include="*.py" --include="*.env*" .
| File | Status | Quality |
| LICENSE | present/missing | valid SPDX? |
| CODE_OF_CONDUCT | present/missing | Covenant 2.1? |
| CONTRIBUTING | present/missing | setup verified? |
| SECURITY | present/missing | private reporting? |
| Issue templates | present/missing | YAML format? |
| PR template | present/missing | has checklist? |
| CODEOWNERS | present/missing | paths mapped? |
2. Scaffolding
LICENSE: detect project goals, recommend license. CODE_OF_CONDUCT: Contributor Covenant 2.1. CONTRIBUTING: setup instructions, style guide, PR process, community links. SECURITY: private vulnerability reporting channel.
IF setup takes > 15 minutes: simplify. IF no license: code is "all rights reserved" by default.
3. Issue & PR Templates
# .github/ISSUE_TEMPLATE/bug_report.yml
# .github/ISSUE_TEMPLATE/feature_request.yml
# .github/ISSUE_TEMPLATE/config.yml
# blank_issues_enabled: false
# .github/PULL_REQUEST_TEMPLATE.md
ALWAYS disable blank issues (force structured templates).
4. GitHub Actions
# Auto-labeling: .github/workflows/labeler.yml
# Stale management: .github/workflows/stale.yml
# NEVER auto-close security or critical labels
# Welcome bot: .github/workflows/welcome.yml
# Release drafter: .github/workflows/release-drafter.yml
# CODEOWNERS: .github/CODEOWNERS
5. Community Engagement
Discussions categories:
Announcements (maintainers), Q&A, Ideas, Show & Tell
Funding: .github/FUNDING.yml
Discord/Slack: #general, #help, #contributing, #releases
6. Maintainer Workflows
Triage: new issue -> label -> assign -> priority
SLA: first response < 48h
Review: PR opened -> auto-assign -> review < 48h
Release: determine scope -> changelog -> tag -> publish
Use --dry-run before actual release
7. Governance
Solo project: BDFL (benevolent dictator)
10+ contributors: consensus model
50+ contributors: steering committee
Match governance to project size.
IF governance mismatch: document and update.
<!-- tier-3 -->Quality Targets
- Target: <48h response time for new issues
- Target: >80% of PRs reviewed within 7 days
- Target: 100% of public APIs documented
Hard Rules
- NEVER open source without LICENSE file.
- NEVER skip Code of Conduct.
- NEVER commit secrets to public repository.
- NEVER use blank issue templates.
- NEVER auto-close security/critical labels.
- ALWAYS include private vulnerability reporting.
- ALWAYS test CONTRIBUTING.md on clean machine.
TSV Logging
Append .godmode/opensource.tsv:
timestamp action files_created health_score status
Keep/Discard
KEEP if: renders correctly, YAML validates,
links valid, health score improved.
DISCARD if: validation fails or links broken.
Stop Conditions
STOP when FIRST of:
- All critical files present (LICENSE, README,
CONTRIBUTING, CODE_OF_CONDUCT, SECURITY)
- Issue + PR templates configured
- No secrets found in repo
Autonomous Operation
On failure: git reset --hard HEAD~1. Never pause.
Error Recovery
| Failure | Action | |--|--| | License incompatibility | Audit deps with license-checker | | CI fails for contributors | Check secrets not required for PRs | | Spam PRs/issues | Add templates, enable auto-labeling |
Related Skills
arbazkhan971/webperf
development
VerifiedTrustedCommunity
Web performance optimization. Lighthouse, bundle analysis, code splitting, image optimization, critical CSS, fonts, service workers, CDN.
10SKILL.mdUpdated Apr 26, 2026
arbazkhan971/webhook
development
VerifiedTrustedCommunity
Webhook design, delivery, retry, HMAC verification, event subscriptions, dead letter queues.
10SKILL.mdUpdated Apr 26, 2026
arbazkhan971/vue
development
VerifiedTrustedCommunity
Vue.js mastery. Composition API, Pinia, Vue Router, Nuxt SSR/SSG, Vite optimization, testing.
10SKILL.mdUpdated Apr 26, 2026
arbazkhan971/verify
development
VerifiedTrustedCommunity
Evidence gate. Run command, read full output, confirm or deny claim. No trust, only proof.
10SKILL.mdUpdated Apr 26, 2026