opendatahub-io/python-packaging-source-finder
helpers/skills/python-packaging-source-finder/SKILL.md
Use this skill to locate source code repositories for Python packages by analyzing PyPI metadata, project URLs, and code hosting platforms like GitHub, GitLab, and Bitbucket. Provides deterministic results with confidence levels.
$ install --global
skillsauthnpx skillsauth add opendatahub-io/ai-helpers python-packaging-source-finderInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 2, 2026, 6:23 AM411.3s2 files scanned
SKILL.md
- name:
- python-packaging-source-finder
- description:
- Use this skill to locate source code repositories for Python packages by analyzing PyPI metadata, project URLs, and code hosting platforms like GitHub, GitLab, and Bitbucket. Provides deterministic results with confidence levels.
- allowed-tools:
- Bash WebSearch WebFetch
Source Finder
Locates source code repositories for Python packages with confidence scoring.
Usage
To find a source repository for a given package:
- Run the finder script, for example:
# Find repository
$ ./scripts/finder.py requests
# Output structure:
{
"url": "https://github.com/psf/requests",
"confidence": "high",
"method": "pypi_metadata_project_urls.Source",
"package_name": "requests"
}
- Parse the JSON output:
url: Repository URL (ornullif not found)confidence:high,medium, orlowmethod: How the URL was foundpackage_name: the package that was searched
-
If confidence is
loworurlisnull, use WebSearch:<package_name> python github repository -
Present results with confidence level clearly indicated
Output Format
As a result, provide structured output including:
- Repository URL
- Confidence level (high/medium/low)
- Method used to find the repository
- Additional context or warnings
Related Skills
opendatahub-io/python-packaging-static-audit
development
VerifiedTrustedCommunity
Run hexora static analysis on a Python package repository to detect suspicious code patterns, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.
30SKILL.mdUpdated May 30, 2026
opendatahub-io/python-packaging-git-audit
development
VerifiedTrustedCommunity
Inspect recent git history of a Python package repository for suspicious commits touching supply-chain-sensitive files, then triage findings with AI reasoning to produce a structured risk report section.
30SKILL.mdUpdated May 30, 2026
opendatahub-io/python-packaging-binary-audit
development
VerifiedTrustedCommunity
Scan a Python package repository for compiled/binary files using Fromager-style detection and malcontent YARA analysis, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.
30SKILL.mdUpdated May 30, 2026
opendatahub-io/non-redhat-rpms
testing
VerifiedTrustedCommunity
Use this skill to identify non-Red Hat RPM packages installed in container images or on the local machine. For containers, pulls images across multiple architectures and release tags; for local scans, inspects the host directly. Extracts RPM signing metadata and reports packages not signed with the Red Hat GPG key as CSV output. Use when auditing compliance, checking supply-chain provenance, or scanning for third-party RPMs in RHOAI component images.
30SKILL.mdUpdated May 29, 2026