pedronauck/sourcebot
skills/community/sourcebot/SKILL.md
Search external libraries and frameworks using Sourcebot MCP. Use when researching external code patterns, library APIs, framework examples, or documentation from repositories like Effect-TS/effect, vercel/ai, tanstack/query. NEVER use for local project code.
$ install --global
skillsauthnpx skillsauth add pedronauck/skills sourcebotInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 14, 2026, 5:22 AM161.8s1 file scanned
SKILL.md
- name:
- sourcebot
- description:
- Search external libraries and frameworks using Sourcebot MCP. Use when researching external code patterns, library APIs, framework examples, or documentation from repositories like Effect-TS/effect, vercel/ai, tanstack/query. NEVER use for local project code.
Sourcebot Guide
Expert guidance for using Sourcebot MCP to search external libraries, frameworks, and code patterns.
When to Use
- External library research: Finding code patterns in Effect-TS, TanStack, Vercel AI SDK, etc.
- API discovery: Understanding how external libraries implement specific features
- Documentation examples: Finding real-world usage examples from official repositories
- Framework patterns: Learning best practices from external framework codebases
- Migration guidance: Finding upgrade patterns and breaking changes in external libraries
When NOT to Use
- Local project code: Use
codebase_searchorosgrep searchinstead - Local components: Use local search tools for project files
- Local utilities: Never use Sourcebot for your own codebase
Required Workflow
- First, call
list_reposto get available repository IDs - Identify relevant repository ID(s) for your search (e.g., "Effect-TS/effect" for EffectTS)
- Always include
filterByRepoIdswhen callingsearch_code - Use
get_file_sourceto fetch specific file contents when needed
Repository ID Format
- CRITICAL: Repository IDs must be in format
"owner/repo"(e.g.,"Effect-TS/effect","vercel/ai") - DO NOT include the
github.com/prefix - The
list_repostool returns IDs like"github.com/owner/repo"- strip the prefix when using infilterByRepoIds
Usage Examples
Searching EffectTS patterns
{
"query": "Effect.gen yield",
"filterByRepoIds": ["Effect-TS/effect"],
"includeCodeSnippets": true
}
Searching AI SDK
{
"query": "streamText tool calling",
"filterByRepoIds": ["vercel/ai"],
"includeCodeSnippets": true
}
Searching multiple repos
{
"query": "error handling patterns",
"filterByRepoIds": ["Effect-TS/effect", "vercel/ai"],
"includeCodeSnippets": true
}
Best Practices
- Use descriptive queries (not just keywords, but full descriptions)
- Always specify
filterByRepoIdsto scope searches - Set
includeCodeSnippets: truewhen you need actual code examples - Use
get_file_sourceafter finding relevant files to see full context
Tool Hierarchy for Code Search
- Sourcebot - For EXTERNAL libraries and frameworks only
codebase_search(if available) - For local project codeosgrep search- For local code when codebase_search unavailablegrep/find- Last resort for exact string matching
Critical Requirements
- MANDATORY: Use Sourcebot MCP 5-7 times when researching external libraries
- CRITICAL: NEVER use Sourcebot to search local project code
- CRITICAL: Always use
filterByRepoIdson EVERYsearch_codecall - TASK INVALIDATION: Task will be invalidated if you don't use Sourcebot 5-7 times when dealing with external libraries
- AFTER SOURCEBOT: Also use Perplexity and Context7 for updated information on external libraries
Related Skills
pedronauck/qa-report
tools
VerifiedTrustedCommunity
Plans real-user QA deliverables: personas, journey maps, exploratory charters, persona/journey/tour/CFR test cases, regression suites, Figma validation checks, automation intent, and user-impact bug reports. Writes artifacts under <qa-output-path>/qa/ for qa-execution to consume. Use when planning QA before execution, documenting journey-driven test strategy, marking flows that need E2E follow-up, or filing structured bug reports. Do not use for live execution, AI implementation audits, CI gate ownership, or technical integration/security/performance suites; use qa-execution or agent-output-audit instead.
374SKILL.mdUpdated May 26, 2026
pedronauck/qa-execution
development
VerifiedTrustedCommunity
Executes real-user QA sessions through public interfaces using personas, journeys, exploratory charters, test tours, edge-case probes, CFR checks, and browser evidence. Reads qa-report artifacts from <qa-output-path>/qa/ when present, captures issues/screenshots/reports under the same output tree, and classifies bugs by user impact. Use when validating a release candidate, migration, refactor, or user-facing change against production-like behavior. Do not use for AI implementation audits, task-status reconciliation, CI gate runs, integration/security/performance templates, or flaky-test triage; use agent-output-audit for those.
374SKILL.mdUpdated May 26, 2026
pedronauck/outside-to-issue
development
VerifiedTrustedCommunity
Transform outside-of-diff review files into properly formatted issue files for a given PR. Use when converting review files from ai-docs/reviews-pr-<PR>/outside/ into issue format in ai-docs/reviews-pr-<PR>/issues/. Automatically determines starting issue number and preserves all metadata (file path, date, status) from original review files. Don't use for inline-diff review files, non-PR review artifacts, or creating GitHub issues directly.
374SKILL.mdUpdated May 26, 2026
pedronauck/no-workarounds
development
VerifiedTrustedCommunity
Enforce root-cause fixes over workarounds, hacks, and symptom patches in all software engineering tasks. Use when debugging issues, fixing bugs, resolving test failures, planning solutions, making architectural decisions, or reviewing code changes. Activates gate functions that detect and reject common workaround patterns such as type assertions, lint suppressions, error swallowing, timing hacks, and monkey patches. Don't use for trivial formatting changes or documentation-only edits.
374SKILL.mdUpdated May 26, 2026