Skills
skills/2389-research/claude-plugins/prepare

prepare

SKILL.md

Prepare for Open-Source Release

Announce: "I'm using git-repo-prep:prepare to walk through open-source preparation."

Setup

Create a TodoWrite checklist for all 9 phases:

  1. Discovery
  2. Secrets & Personal Info Audit
  3. License
  4. Documentation
  5. Gitignore Refinement
  6. Project Hardening
  7. Repository Metadata
  8. Backlog & Honesty
  9. Final Review

Phase Pattern

Every phase follows this loop:

  1. Mark this phase's task in_progress
  2. Scan/audit current state for this phase
  3. Present findings to user
  4. Propose specific changes
  5. AskUserQuestion — skip / approve / modify
  6. Implement approved changes
  7. Commit with descriptive message (e.g., docs: add CONTRIBUTING.md)
  8. Mark phase task complete, move to next

Rules

  • DO NOT prescribe choices — always ask via AskUserQuestion (license, CI provider, test framework, etc.)
  • DO NOT drift into code quality review — stay focused on what matters for making the repo public. Ignore code style, error handling, architecture, performance.
  • DO NOT over-engineer — don't add dotenv, validation, startup checks, or error handling beyond what the user asks for. The goal is open-source readiness, not refactoring.
  • DO NOT dump everything at once — work one phase at a time, wait for user approval before moving on.
  • DO treat personal info as a separate concern from secrets — emails, usernames, and real names in config or metadata are privacy issues even if they aren't credentials.
  • DO check license consistency across LICENSE file, package metadata, and README.
  • DO mention ecosystem-specific items when a known stack is detected.

Phase 1: Discovery

Detect the ecosystem and scan project structure.

Detect ecosystem by looking for:

File Ecosystem
package.json Node.js
pyproject.toml / setup.py / setup.cfg Python
Cargo.toml Rust
go.mod Go
*.csproj / *.sln .NET
Gemfile Ruby
pom.xml / build.gradle Java/Kotlin

Report what exists (present/missing):

  • README
  • LICENSE
  • .gitignore
  • CI/CD config (.github/workflows/, .gitlab-ci.yml, etc.)
  • Tests directory
  • CONTRIBUTING.md
  • SECURITY.md
  • CHANGELOG

Present findings to user before proceeding.

Phase 2: Secrets & Personal Info

Two separate scans. Both matter for making a repo public.

Secrets scan

  • Hardcoded API keys, passwords, tokens, connection strings in source files
  • .env files or config files containing real credentials
  • AWS keys, GitHub tokens, database URLs with passwords, SMTP credentials
  • Private keys (.pem, .key files)

Personal info scan

  • Email addresses in package metadata (package.json author, pyproject.toml authors, Cargo.toml authors)
  • Email addresses in source code comments or config
  • Real names or usernames hardcoded in source (e.g., DEFAULT_AUTHOR = "jsmith")
  • Usernames in URLs or paths

If secrets or personal info found:

  • Warn that git history also contains these values
  • Recommend key rotation/revocation for any real credentials
  • Suggest git filter-repo or BFG Repo Cleaner for history rewriting if needed
  • Propose replacing secrets with environment variables and creating .env.example
  • Propose replacing personal info with generic values or removing it

Do not add dotenv packages, validation, or startup checks unless the user asks.

Phase 3: License

Ask the user which license they want. Present common options:

  • MIT — permissive, simple
  • Apache-2.0 — permissive, patent grant
  • GPL-3.0 — copyleft
  • Other — ask user to specify

Then:

  1. Create or update LICENSE file
  2. Update package metadata license field:
    • package.json"license": "MIT"
    • pyproject.tomllicense field
    • Cargo.tomllicense field
  3. Add license section to README (or update if present)
  4. Check for mismatches — if LICENSE file says MIT but metadata says ISC, flag it

Phase 4: Documentation

README

Check for these sections (present or missing):

  • What the project does and why
  • Installation / getting started
  • Usage with examples
  • Configuration (if applicable)
  • License section
  • Limitations / known issues

Don't write the full docs without asking. Propose the structure, ask user for approval, then help draft.

CONTRIBUTING.md

Propose including:

  • How to report bugs
  • How to submit changes (PR workflow)
  • Code style / conventions
  • Testing expectations
  • Any CLA or DCO requirements

SECURITY.md

Propose a vulnerability reporting process. At minimum: an email or instructions for responsible disclosure.

CLAUDE.md (optional)

If the project already uses AI tools or has complex setup, suggest a CLAUDE.md with build/test/lint commands and architectural notes. Ask first — don't create by default.

Phase 5: Gitignore Refinement

Check current .gitignore against ecosystem best practices:

Ecosystem Must ignore
Node.js node_modules/, .env, dist/, coverage/
Python __pycache__/, *.pyc, .env, *.egg-info/, dist/, .venv/
Rust target/, .env
Go vendor/ (if not vendoring), .env
General .env, .env.*, *.log, .DS_Store, *.pem, *.key

Always check:

  • .env and .env.* patterns excluded
  • Credentials directories excluded
  • Build artifacts excluded
  • IDE/OS files excluded (.idea/, .vscode/, .DS_Store, Thumbs.db)

If sensitive files are already tracked:

  • Flag them: "These files are tracked by git and need git rm --cached"
  • Propose the commands, get approval before running

Phase 6: Project Hardening

Ask the user what level of hardening they want before proposing anything. Options:

  • Minimal — just CI basics
  • Standard — CI + dependency updates
  • Full — CI + dependency updates + hooks + coverage

CI/CD

Ask which provider (GitHub Actions is most common). Propose a workflow that:

  • Runs tests
  • Runs linter (if project has one)
  • Runs on push and PR

Dependency management

Suggest Dependabot (GitHub) or Renovate. Brief config.

Pre-commit hooks

Suggest only if project doesn't already have them. Keep it simple — lint + format.

Coverage enforcement

Suggest only if tests already exist. Don't add test frameworks — that's beyond open-source prep scope.

Phase 7: Repository Metadata

Ecosystem-specific metadata that helps with discoverability and distribution:

Ecosystem Check for
Node.js repository URL, engines field, files field (or .npmignore), keywords, description
Python [project.urls], classifiers, requires-python, keywords, description
Rust repository, keywords, categories, rust-version, description
Go module path matches repo URL, godoc comment on package

Flag anything missing. Propose additions. Don't prescribe values — ask the user for descriptions, keywords, etc.

Phase 8: Backlog & Honesty

Building trust with contributors by being upfront about the project's state.

  • BACKLOG.md — Suggest creating one if the project has known gaps, unfinished features, or planned work. Ask user what to include.
  • Limitations section in README — If not already present, suggest adding known limitations, unsupported use cases, or stability caveats.

These are optional. Ask before creating.

Phase 9: Final Review

Invoke git-repo-prep:review as a final validation pass.

This catches anything missed during the prepare phases and gives the user a clean summary of the repo's openness state.

Use the Skill tool: skill: "git-repo-prep:review"

Weekly Installs
2
Repository
2389-research/c…-plugins
GitHub Stars
28
First Seen
7 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail
Installed on
amp2
cline2
openclaw2
opencode2
cursor2
kimi-cli2