Generate AI agent skills from your NPM dependencies.
When using new packages or migrating to new versions, agents often struggle to use the appropriate best practices. This is because agents have knowledge cutoffs and predict based on existing patterns.
Methods of getting the right context to your agent require either manual curation, author opt-in, external servers or vendor lock-in. See the landscape for more details.
Skilld generates agent skills from the references maintainers already create: docs, release notes and GitHub issues. With these we can create version-aware, local-first, and optimized skills.
|
Made possible by my Sponsor Program 💖 Follow me @harlan_zw 🐦 • Join Discord for help |
Best Practices, API Changes, or your own custom promptsnpx skills and skills-npmRun skilld in a project to generate skills for your dependencies through a simple interactive wizard:
npx -y skilld
Requires Node 22.6.0 or higher.
Or add a specific package directly:
npx -y skilld add vue
If you need to re-configure skilld, just run npx -y skilld config to update your agent, model, or preferences.
No agent CLI? No problem — choose "No agent" when prompted. You get a base skill immediately, plus portable prompts you can run in any LLM:
npx -y skilld add vue
# Choose "No agent" → base skill + prompts exported
# Paste prompts into ChatGPT/Claude web, save outputs, then:
npx -y skilld assemble
skilld install --agent gemini-cli to sync skills to another agent. The doc cache is shared.Install globally to use skilld across all projects without npx:
npm install -g skilld
# or
pnpm add -g skilld
Then run skilld in any project directory.
If you'd like to install skilld and track the lock file references, add it as a dev dependency:
npm install -D skilld
# or
yarn add -D skilld
# or
pnpm add -D skilld
Add to package.json to keep skills fresh on install:
{
"scripts": {
"prepare": "skilld update -b"
}
}
Try this in your project/user prompt:
Before modifying code, evaluate each installed skill against the current task.
For each skill, determine YES/NO relevance and invoke all YES skills before proceeding.
Context7 is an MCP that fetches raw doc chunks at query time. You get different results each prompt, no curation, and it requires their server. Skilld is local-first: it generates a SKILL.md that lives in your project, tied to your actual package versions. No MCP dependency, no per-prompt latency, and it goes further with LLM-enhanced sections, prompt injection sanitization, and semantic search.
Skilld pulls issues from GitHub which could be abused for potential prompt injection.
Skilld treats all data as untrusted, running in permissioned environments and using best practices to avoid injections. However, always be cautious when using skills from untrusted sources.
Yes. Run skilld update to regenerate outdated skills, or add skilld update -b to your prepare script and they regenerate in the background whenever you install packages.
# Interactive mode - auto-discover from package.json
skilld
# Add skills for specific package(s)
skilld add vue nuxt pinia
# Update outdated skills
skilld update
skilld update tailwindcss
# Search docs across installed skills
skilld search "useFetch options" -p nuxt
# Target a specific agent
skilld add react --agent cursor
# Install globally to ~/.claude/skills
skilld add zod --global
# Skip prompts
skilld add drizzle-orm --yes
# Check skill info
skilld info
# List installed skills
skilld list
skilld list --json
# Manage settings
skilld config
| Command | Description |
|---|---|
skilld | Interactive wizard (first run) or status menu (existing skills) |
skilld add <pkg...> | Add skills for package(s), space or comma-separated |
skilld update [pkg] | Update outdated skills (all or specific) |
skilld search <query> | Search indexed docs (-p to filter by package) |
skilld list | List installed skills (--json for machine-readable output) |
skilld info | Show skill info and config |
skilld config | Configure agent, model, preferences |
skilld install | Restore references from lockfile |
skilld remove | Remove installed skills |
skilld uninstall | Remove all skilld data |
skilld cache | Cache management (clean expired LLM cache entries) |
skilld eject <pkg> | Eject skill as portable directory (no symlinks) |
skilld assemble [dir] | Merge LLM output files back into SKILL.md (auto-discovers) |
No Claude, Gemini, or Codex CLI? Choose "No agent" when prompted. You get a base skill immediately, plus portable prompts you can run in any LLM to enhance it:
skilld add vue
# Choose "No agent" → installs to .claude/skills/vue-skilld/
# What you get:
# SKILL.md ← base skill (works immediately)
# PROMPT_*.md ← prompts to enhance it with any LLM
# references/ ← docs, issues, releases as real files
# Run each PROMPT_*.md in ChatGPT/Claude web/any LLM
# Save outputs as _BEST_PRACTICES.md, _API_CHANGES.md, then:
skilld assemble
skilld assemble auto-discovers skills with pending output files. skilld update re-exports prompts for outdated packages.
Export a skill as a portable, self-contained directory for sharing via git repos:
skilld eject vue # Default skill directory
skilld eject vue --name vue # Custom directory name
skilld eject vue --out ./skills/ # Custom path
skilld eject vue --from 2025-07-01 # Only recent releases/issues
Share via skilld add owner/repo — consumers get fully functional skills with no LLM cost.
| Option | Alias | Default | Description |
|---|---|---|---|
--global | -g | false | Install globally to ~/<agent>/skills |
--agent | -a | auto-detect | Target specific agent (claude-code, cursor, etc.) |
--yes | -y | false | Skip prompts, use defaults |
--force | -f | false | Ignore all caches, re-fetch docs and regenerate |
--model | -m | config default | LLM model for skill generation (sonnet, haiku, opus, etc.) |
--name | -n | Custom skill directory name (eject only) | |
--out | -o | Output directory path override (eject only) | |
--from | Collect releases/issues/discussions from this date (YYYY-MM-DD, eject only) | ||
--debug | false | Save raw LLM output to logs/ for each section |
Several approaches exist for steering agent knowledge. Each fills a different niche:
| Approach | Versioned | Curated | No Opt-in | Local | Any LLM |
|---|---|---|---|---|---|
| Manual rules | ✗ | ✓ | ✓ | ✓ | ✓ |
| llms.txt | ~ | ✗ | ✗ | ✗ | ✓ |
| MCP servers | ✓ | ✗ | ✗ | ✗ | ✗ |
| skills.sh | ✗ | ~ | ✓ | ✗ | ✗ |
| skills-npm | ✓ | ✓ | ✗ | ✓ | ✗ |
| skilld | ✓ | ✓ | ✓ | ✓ | ✓ |
Versioned — tied to your installed package version. Curated — distilled best practices, not raw docs. No Opt-in — works without the package author doing anything. Local — runs on your machine, no external service dependency. Any LLM — works with any LLM, not just agent CLIs.
Skilld sends anonymous install events to skills.sh so skills can be discovered and ranked. No personal information is collected.
Telemetry is automatically disabled in CI environments.
To opt out, set either environment variable:
DISABLE_TELEMETRY=1
DO_NOT_TRACK=1
Licensed under the MIT license.
FAQs
Generate AI agent skills from npm package documentation
The npm package skilld receives a total of 334 weekly downloads. As such, skilld popularity was classified as not popular.
We found that skilld demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
TC39’s March 2026 meeting advanced eight ECMAScript proposals, including Temporal reaching Stage 4 and securing its place in the ECMAScript 2026 specification.
Research
/Security News
Since January 31, 2026, we identified at least 72 additional malicious Open VSX extensions, including transitive GlassWorm loader extensions targeting developers.
Research
Six malicious Packagist packages posing as OphimCMS themes contain trojanized jQuery that exfiltrates URLs, injects ads, and loads FUNNULL-linked redirects.