ClawHub

Oosmetrics

v1.0.1

Search, compare, and analyze 330K+ open-source GitHub repos by growth rate, acceleration, and originality. Discover trending projects, find alternatives, che...

1· 103·1 current·1 all-time
byAlessandro Flati@alessandroflati

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for alessandroflati/oosmetrics.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Oosmetrics" (alessandroflati/oosmetrics) from ClawHub.
Skill page: https://clawhub.ai/alessandroflati/oosmetrics
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: OOSMETRICS_API_KEY
Required binaries: npx
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install oosmetrics

ClawHub CLI

Package manager switcher

npx clawhub@latest install oosmetrics
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description (search/compare/analyze open-source repos) line up with the declared requirements: it needs an OOSMETRICS_API_KEY and npx to run an npm client. The only minor inconsistency is that the top-level registry noted 'No install spec' while SKILL.md includes an install entry pointing to @oosmetrics/mcp@1.0.1 — functionally this matches the skill's need to run the package.
Instruction Scope
SKILL.md instructs the agent to run an MCP server via npx that communicates with api.oosmetrics.com over HTTPS and to use the OOSMETRICS_API_KEY. The instructions do not request unrelated files or other environment variables. However the claim that the server "does not collect telemetry" and only talks to api.oosmetrics.com is self-reported and cannot be verified from the SKILL.md alone; running an npm package at runtime grants it broad capabilities (stdin/stdout, network from the host) during the session.
Install Mechanism
This is an instruction-only skill that relies on npx to execute @oosmetrics/mcp@1.0.1 from the npm registry. Using npx/npm is a common pattern but carries the normal risk of executing third‑party code fetched at runtime. There is no local install spec that pins a verified release artifact beyond the npm package name/version; the SKILL.md references a GitHub repo which you should inspect if you need assurance.
Credentials
Only one credential is required: OOSMETRICS_API_KEY, declared as the primary credential. That is proportional to a service that needs an API key. The instructions do not request additional secrets or unrelated environment variables.
Persistence & Privilege
always is false and the skill describes ephemeral execution (npx-run MCP server over stdio that does not listen on ports or remain running after the session). Autonomous invocation is allowed by default (normal). There is no indication the skill modifies other skills or system-wide configs.
Assessment
This skill appears internally consistent, but it executes a third-party npm package at runtime and uses your OOSMETRICS_API_KEY. Before installing: (1) Confirm you trust oosmetrics.com and the npm package owner; review the referenced GitHub repo (@AlessandroFlati/GitHubMetrics) and the published package code if possible. (2) Treat the API key as sensitive — use the least-privileged or short-lived key you can, and be ready to rotate or revoke it. (3) Be aware that npx will run code fetched from the npm registry and that the package could perform any network actions permitted by the host; the SKILL.md's statements about telemetry and network endpoints are assertions you cannot verify from the skill alone. (4) If you need stronger assurance, inspect or vendor the package locally (or run it in a sandbox) before allowing the agent to invoke it.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsnpx
EnvOOSMETRICS_API_KEY
Primary envOOSMETRICS_API_KEY
latestvk973gxb4e8exdekt6ffbgm8rt9844a02
103downloads
1stars
2versions
Updated 3w ago
v1.0.1
MIT-0
Alessandro Flati@alessandroflati
latest
Download

oosmetrics - Open Source Momentum Intelligence

Query growth metrics, compare repos, discover trending projects, find alternatives, and get AI-powered deep analysis for 330,000+ GitHub repositories tracked by oosmetrics.com.

How it works

This skill runs the @oosmetrics/mcp npm package (source: https://github.com/AlessandroFlati/GitHubMetrics/tree/main/mcp) as a local MCP server over stdio. The server makes HTTPS requests only to api.oosmetrics.com using your API key. It does not listen on any ports, does not run in the background after the agent session ends, and does not collect telemetry or send data anywhere other than the oosmetrics API.

Setup

  1. Get your API key at https://oosmetrics.com/profile (Pro or AI tier required). The key is scoped to your account and can be rotated or deleted at any time from your profile page.
  2. Set the environment variable: export OOSMETRICS_API_KEY=oosm_your_key_here
  3. The MCP server is installed via npx @oosmetrics/mcp@1.0.1 and starts automatically when this skill is loaded. It communicates with the agent over stdio (no network ports opened locally).

Tools

The available tools depend on your subscription tier. The server fetches the tool list from the oosmetrics API at startup, so Pro users see 7 tools and AI users see all 10.

Pro + AI tier tools

search - Find repos by natural language query, language, or sort criteria. get_repo - Get detailed metrics, grades, and description for a specific repo. compare - Compare 2-5 repos side by side with full metrics. trending - Get the hottest repos right now, optionally filtered by language. alternatives - Find similar repos to a given one using embedding similarity. history - Get historical metrics time series (stars, growth, acceleration over time). analyze - Get or trigger an AI analysis of any repo (tech stack, health signals, alternatives, creative build ideas).

AI tier only tools

existence_check - Describe a project idea, get back similar existing repos ranked by relevance. dependency_discovery - Describe what you want to build, get recommended dependencies with health signals. license_check - Check license compatibility for a list of dependencies.

Example prompts

Use these as a guide for how to interact with the tools:

Discovery

  • "What are the fastest-growing Rust projects this week?"
  • "Find me Python ML frameworks that are gaining traction"
  • "Show me trending repos in Go"

Research

  • "Get the metrics for facebook/react"
  • "Compare Express.js, Fastify, and Hono by growth and acceleration"
  • "Show me the 90-day growth history for astral-sh/uv"
  • "What are the best alternatives to Prisma?"

Due diligence

  • "Analyze denoland/deno - focus on ecosystem maturity"
  • "Is there already a project like X? I want to build a real-time collaborative markdown editor"
  • "Check the licenses for these deps: facebook/react, vercel/next.js, prisma/prisma"
  • "What libraries can help me build a CLI tool for Kubernetes management?"

Comparisons and decisions

  • "I'm choosing between SQLx and Diesel for a new Rust project. Compare them."
  • "Which React state management library has the best momentum right now?"
  • "Compare the top 3 Python web frameworks by acceleration"

Workflow patterns

Evaluate a technology choice

  1. Use search to find candidates in the domain
  2. Use compare to see them side by side
  3. Use analyze on the top pick for a deep dive
  4. Use history to check if growth is sustained or a spike

Check before you build

  1. Use existence_check with your project description
  2. If similar projects exist, use get_repo to understand their approach
  3. Use alternatives to map the full landscape
  4. Use license_check to verify compatibility

Stay informed

  1. Use trending to see what's hot globally or in your language
  2. Use search with specific domains ("AI agent frameworks", "database engines")
  3. Use analyze on anything that catches your eye

Comments

Loading comments...