Every developer knows this feeling.
You need a vector database. Or a job queue. Or a .dwg parser for Node.js. You open a browser tab, search GitHub, open five more tabs, try to compare stars and last-commit dates, get distracted by a Medium post from 2019, and 45 minutes later you've picked something based on vibes.
There's a better way. I built it.
SKILLmama finds, scores, and ranks the best library, SDK, or tool for your exact stack โ no tab-hopping, no outdated blog posts, just ranked picks with scoring math you can audit.
It works with Claude Code, Claude.ai, OpenAI Codex, and Antigravity.
The Problem With How We Pick Libraries
Most library selection looks like this:
- Google "best [thing] for [framework]"
- Find a Reddit thread from 3 years ago
- Pick the one with the most upvotes
- Discover 6 months later that it hasn't been maintained since 2021
The real question isn't "what's popular" โ it's "what fits my stack, has active maintenance, won't take a week to integrate, and is popular enough to have community support?" Those are four separate signals, and you need all four weighted correctly.
The Scoring Formula
SKILLmama scores every candidate on four dimensions:
Score = (Compatibility ร 0.40) +
(Popularity ร 0.30) +
(Maintenance ร 0.15) +
(Simplicity ร 0.15)
| Factor | Weight | What it measures |
|---|---|---|
| Compatibility | 40% | Language/framework fit, official SDK, integration effort |
| Popularity | 30% | GitHub stars, npm/PyPI weekly downloads |
| Maintenance | 15% | Days since last commit, release cadence |
| Simplicity | 15% | Setup effort, documentation quality |
Compatibility is weighted highest because a library built for Java won't help you in a Python project, no matter how popular it is. Popularity comes second because the ecosystem around a library matters. Maintenance and simplicity round it out.
Every score is 1โ10 per dimension. No black box. You can see exactly why something ranked #1.
The 5-Tier Search Hierarchy
SKILLmama doesn't just search one place. It works through five tiers in order, stopping when it has 8+ candidates:
| Tier | Source | What it finds |
|---|---|---|
| 1 | skills.sh | Reusable skills and capability patterns |
| 2 | GitHub | Open-source libraries, frameworks, SDKs |
| 3 | Smithery / MCP Ecosystem | AI-native tools installable as MCP servers |
| 4 | npm / PyPI / pkg.go.dev | Package registries with download signals |
| 5 | Curated Templates | LangGraph, OpenHands, cookbook examples |
Tier 3 is the interesting one. The MCP ecosystem is growing fast โ if there's an MCP server for your capability, you might be able to plug it directly into your AI workflow instead of writing integration code. SKILLmama surfaces that option explicitly.
The Security Gate
But a high score means nothing if the tool is unsafe. Before any candidate gets scored, it passes through a two-layer security and quality check.
The hard gate discards candidates that are genuinely unsafe: CVE dependencies, undisclosed data exfiltration, jailbreak instructions, or destructive operations with no user warning. These never reach the scoring phase.
The quality flags (SQP rules, inspired by NVIDIA/SkillSpector) surface softer issues without discarding the candidate:
- SQP-1 โ Vague trigger phrases that could activate unintentionally
- SQP-2 โ Missing warnings on file writes, network calls, or credential access
- SQP-3 โ Hardcoded language or locale without user opt-in
Every result card shows a Security line: PASS, โ ๏ธ SQP-2 โ [finding], or ๐ซ BLOCKED. You always know what you're installing. No surprises. No silent risks.
How It Works
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ USER REQUEST โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโ
โ PHASE 0 โ
โ Understand Request โ
โ Extract: capability,โ
โ stack, constraints โ
โโโโโโโโโโโโโฌโโโโโโโโโโโโ
โ
โผ
โ Capability
vague?
/ \
YES NO
โ โ
โผ โ
Ask 1 clarifying โ
question, await โ
user response โ
โ โ
โโโโโโโโฌโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโ
โ PHASE 1 โ
โ Architecture Scan โ
โโโโโโโโโโโโโฌโโโโโโโโโโโโ
โ
โผ
โ In a project
repo?
/ \
YES NO
โ โ
โผ โ
Read: package.json, โ
Dockerfile, README, โ
source files โ
โ โ
โโโโโโโโฌโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโ
โ PHASE 2 โ
โ Capability Gap โ
โ Detection โ
โ โ
โ Define: โ
โ CAPABILITY โ
โ STACK โ
โ CONSTRAINTS โ
โ SEARCH_TERMS (3โ5) โ
โโโโโโโโโโโโโฌโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโ
โ PHASE 3 โ
โ 5-Tier Search โ
โโโโโโโโโโโโโฌโโโโโโโโโโโโ
โ
Tier 1 โโ skills.sh
โ
Tier 2 โโ GitHub (stars, recency, contrib)
โ
Tier 3 โโ MCP Ecosystem
โ
Tier 4 โโ npm / PyPI registries
โ
Tier 5 โโ Templates & Cookbooks
โ
โ 8+ candidates found?
/ \
YES NO
โ โ
Skip remaining Continue tiers
tiers โ
โโโโโโโโฌโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ PHASE 3.5 โ Security & Quality Gate โ
โ โ
โ Hard Gate: โ
โ ๐ซ BLOCKED โ discard, never score โ
โ โ ๏ธ WARN โ show, user confirms โ
โ โ
โ Quality flags (SQP rules): โ
โ SQP-1 Vague triggers โ
โ SQP-2 Missing user warnings โ
โ SQP-3 Policy violations โ
โโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ PHASE 4 โ Score Each Candidate โ
โ โ
โ Score = (C ร 0.40) + โ
โ (P ร 0.30) + โ
โ (M ร 0.15) + โ
โ (S ร 0.15) โ
โโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ PHASE 5 โ Present Results โ
โ โ
โ #1, #2, #3 โ full score breakdown โ
โ Also Considered โ table โ
โ MCP callout (if found) โ
โ Next Steps (3 actions) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
End-to-End Example
Prompt:
/skillmama find me a vector database for my FastAPI + Python project
Phase 1 โ Architecture Scan
SKILLmama reads your project files first:
โ pyproject.toml โ Python 3.11, FastAPI, SQLAlchemy
โ Dockerfile โ containerized, no GPU
โ .env.example โ OPENAI_API_KEY present โ RAG use case confirmed
Detected stack: Python / FastAPI / PostgreSQL / Docker / OpenAI
Phase 2 โ Capability Gap Detection (runs internally)
CAPABILITY : vector database for RAG / semantic search
STACK : Python / FastAPI / Docker / OpenAI
CONSTRAINTS: containerizable, Python client, active maintenance
Phase 3 โ 5-Tier Search
Tier 1 skills.sh โ "qdrant-memory-skill", "chroma-rag-skill"
Tier 2 GitHub โ qdrant (17kโ
), chroma (14kโ
), pgvector (11kโ
), milvus (29kโ
)
Tier 3 MCP โ qdrant-mcp-server, chroma-mcp
Tier 4 PyPI โ qdrant-client (380k/wk), chromadb (620k/wk), pgvector (180k/wk)
Tier 5 Templates โ LangChain + Qdrant RAG template, FastAPI + Chroma starter
Phase 4 โ Scoring
| Candidate | Compat | Popular | Maint | Simple | Score |
|---|---|---|---|---|---|
| Qdrant | 9 | 8 | 10 | 9 | 9.05 |
| pgvector | 10 | 7 | 9 | 7 | 8.65 |
| Chroma | 8 | 8 | 9 | 10 | 8.55 |
| Milvus | 6 | 9 | 10 | 4 | 7.05 |
Phase 5 โ Output
#1 โ Qdrant ยท Score: 9.05/10
Docker-native, official Python client, active MCP server for AI workflows.
- Compatibility: 9/10 โ official qdrant-client SDK, FastAPI examples in docs
- Popularity: 8/10 โ 17k GitHub stars, 380k PyPI downloads/week
- Maintenance: 10/10 โ committed 2 days ago, weekly releases
- Simplicity: 9/10 โ docker run + pip install, 5-min setup
- Security: PASS โ no findings
- Install: docker run -p 6333:6333 qdrant/qdrant && pip install qdrant-client
#2 โ pgvector ยท Score: 8.65/10
Stay on PostgreSQL โ no new infra, native SQL queries.
#3 โ Chroma ยท Score: 8.55/10
Easiest local dev setup; best for prototyping before scaling.
MCP Option: qdrant-mcp-server โ install as MCP tool for direct AI memory integration.
Next Steps:
1. docker run qdrant/qdrant and pip install qdrant-client to validate locally
2. Use the LangChain + Qdrant RAG template as a starting point
3. If staying Postgres-only, evaluate pgvector โ saves an infra hop
That's 45 minutes of tab-hopping, compressed into a structured decision.
Install in 4 AI Systems
Claude Code:
mkdir -p /your-project/.claude/commands
cp .claude/commands/skillmama.md /your-project/.claude/commands/skillmama.md
Then type /skillmama in any Claude Code session.
Claude.ai:
- Clone the repo
zip -r skillmama.zip skillmama/- Go to Customize โ Skills โ + and upload the zip
- Type
/skillmamain any conversation
OpenAI Codex:
Place codex/AGENTS.md in your repo root, then ask naturally:
codex "find me the best job queue for this project"
Antigravity:
Load antigravity/PROMPT.md as the system prompt, then ask naturally.
All four adapters run the same pipeline and produce the same output format.
What SKILLmama Is Not
Not an IDE. Not autocomplete. Not a chatbot.
It's a capability oracle โ it tells you what to use and why, with evidence. You still write the code. SKILLmama just makes sure you're writing it with the right tool.
The Repo
Apache 2.0 licensed. Works with Claude Code, Claude.ai, OpenAI Codex, and Antigravity. A pre-built skillmama.zip is included for Claude.ai upload โ no build step needed.
/skillmama find me a vector database for my FastAPI project
/skillmama what auth library should I use for my Next.js app?
/skillmama scan my project and tell me what's missing
/skillmama find a .dwg parser for Node.js
Try it on your next project: github.com/Magithar/SKILLmama. If you've ever spent an afternoon picking the wrong library, I'd love to hear what you wish you'd known sooner.
If SKILLmama saves you time, a โญ on the repo goes a long way โ it helps other developers find it.
