golang-pkg-go-dev
Golang package and module documentation and exploration via `godig`, a pkg.go.dev API client (CLI + MCP server) — package docs, API references, symbols, code examples, available versions, importers (who imports a package), licenses, and known vulnerabilities. Read-only, no auth. Use for looking up any Go/Golang library's documentation, API signatures, usage examples, which versions exist, whether a dependency has CVEs, or who imports a package — prefer this over Context7 for any Go package or module. Triggers on: how to use a Go library, Go API docs, import usage, code examples, pkg.go.dev. Not for upgrading dependencies (→ See `samber/cc-skills-golang@golang-dependency-management` skill) or choosing a library (→ See `samber/cc-skills-golang@golang-popular-libraries` skill). Not for local symbols, or for navigating an already-used dependency's resolved source, call sites, or generic instantiations — → See `samber/cc-skills-golang@golang-gopls` skill for those.
How do I install this agent skill?
npx skills add https://github.com/samber/cc-skills-golang --skill golang-pkg-go-devIs this agent skill safe to install?
- Gen Agent Trust Hubpass
This skill enables the agent to search and retrieve Go package documentation, symbols, and vulnerability information from pkg.go.dev. It requires installing the 'godig' CLI from the author's GitHub repository and allows the agent to execute read-only queries against public Go APIs.
- Socketpass
No alerts
- Snykwarn
Risk: MEDIUM · 2 issues
What does this agent skill do?
golang-pkg-go-dev
Dependencies: godig — go install github.com/samber/godig/cmd/godig@latest (or use a registered godig MCP server / the hosted instance instead).
godig queries the pkg.go.dev API. Use it to answer questions about Go packages and modules: docs, symbols, versions, importers and vulnerabilities. It works as a CLI and as an MCP server. All operations are read-only and need no authentication.
When to use this skill
Trigger on questions like:
- "What versions of github.com/samber/lo are available?"
- "Does golang.org/x/text have known vulnerabilities?"
- "Show me the docs / symbols for package X."
- "Which packages import X?"
- "Search Go packages for Y."
Choosing between godig, gopls, Context7, and govulncheck
In short: godig answers questions about the published ecosystem (works even for packages not yet in your go.mod); gopls reasons about your locally resolved build (go.sum, including replaced forks); Context7 is a fallback for non-Go or unindexed docs; govulncheck is the whole-tree vulnerability audit (→ samber/cc-skills-golang@golang-security). See the samber/cc-skills-golang@golang-gopls skill for wiring gopls (MCP server, native LSP tool, and CLI) with Claude Code, and the samber/cc-skills-golang@golang-how-to skill's "godig vs gopls vs Context7 vs govulncheck" section for the full task-to-tool matrix.
Setup
Install
go install github.com/samber/godig/cmd/godig@latest
Register the MCP server (optional)
godig mcp runs over stdio by default, or streamable HTTP with --transport http.
stdio (the client launches godig on demand):
claude mcp add pkg-go-dev -- godig mcp
streamable HTTP (shared server at /mcp, default :8080):
godig mcp --transport http --addr :8080
claude mcp add --transport http pkg-go-dev http://localhost:8080/mcp
Hosted instance (no install needed) — a public server runs at https://godig.samber.dev/mcp:
claude mcp add --transport http pkg-go-dev https://godig.samber.dev/mcp
The CLI and the MCP server expose the same operations under matching names. Prefer the CLI when godig is installed; the hosted instance is a fallback when it is not.
Commands
Global flags (all commands): -o/--output table|json|raw|md (default table — pass -o md for chat), --base-url (pkg.go.dev API), --vuln-base-url (Go vulnerability database, consulted by vulns and overview), --timeout, --log-level debug|info|warn|error|off. All are also settable via GODIG_* env vars.
| Command | Args | Specific flags | Purpose |
|---|---|---|---|
overview | <path> | --version | Compact summary (metadata, versions, licenses, vulns) — start here |
search | <query> | --symbol --limit --filter | Find packages (optionally exporting a symbol) |
package info | <path> | --module --version | Package metadata |
package imports | <path> | --module --version | Packages this package imports (plain list) |
package doc | <path> | --module --version --goos --goarch --format md|text|html|markdown | Full package doc (LARGE) |
package examples | <path> | --module --version --goos --goarch --symbol | Runnable examples (LARGE; scope with --symbol) |
package licenses | <path> | --module --version | License files, full text (LARGE) |
symbol doc | <path> <symbol> | --module --version --goos --goarch | One symbol's signature + doc (token-efficient) |
symbol examples | <path> <symbol> | --module --version --goos --goarch | One symbol's runnable examples |
symbols | <path> | --module --version --goos --goarch --limit --filter | List exported symbols |
module info | <path> | --version | Module metadata |
module licenses | <path> | --version | Module license files (LARGE) |
module readme | <path> | --version | Module README, full Markdown (LARGE) |
dependencies | <path> | --version | go.mod deps: requires / replaces / excludes / go directive |
packages | <path> | --version --limit --filter | Packages contained in a module |
versions | <path> | --limit --filter | All versions, newest first |
major-versions | <path> | --limit --filter --exclude-pseudo | Major versions (v1, v2 …) living as separate modules |
imported-by | <path> | --module --version --limit --filter | Packages that import this one |
vulns | <path> | --version --limit | Known vulnerabilities (from the Go vuln DB) |
mcp | — | --transport stdio|http --addr --cache-ttl --cache-size | Run as an MCP server |
version | — | — | Print godig version / commit / build date |
When godig runs as an MCP server, each data command above is exposed as an operation of the same name.
Exit codes: 0 success, 1 runtime error (network, package not found), 2 usage error — a missing/invalid argument or flag (e.g. a non-positive --limit), or a command group invoked with no subcommand (godig package). Check for 2 to tell a malformed call apart from a failed lookup.
Full -o md output for every command: sample-output.md.
Tips
- Start with
overview— one call returns a compact summary (metadata, latest + recent versions, license types, vulnerabilities). Reach fordoc/examples/module readme/licenses(LARGE) only when the full text is needed. - Always pass
-o mdso results render as Markdown (tables, or raw doc/README) in the chat. Other formats exist (tabledefault,json,raw) but prefermdhere. <path>is a full import path, e.g.github.com/samber/lo— pass it as the positional argument.--versionpins a specific module version (v1.5.0,latest,master,main);--moduledisambiguates which module a package belongs to.--filternarrows list results server-side with a Go boolean expression — see Filter syntax.--goos/--goarchset the documentation/symbols build context (e.g.linux/amd64).- Prefer
symbol doc/symbol examplesover the package-widepackage doc/package exampleswhen you only need one symbol — far fewer tokens. - Parallelize independent lookups — every command is a self-contained, read-only HTTP query, so calls never depend on each other. When a task needs docs, examples, versions, or vulns for several symbols, packages, or modules, issue all the calls at once (multiple
godiginvocations in a single turn) rather than one after another — wall-clock drops from sum-of-latencies to slowest-single-call. For a large fan-out (documenting many symbols, comparing many candidate libraries, auditing CVEs across a dependency set), dispatch parallel sub-agents (up to 5) via the Agent tool, each running its owngodigcalls and returning a compact summary, so the raw LARGE output never lands in the main context. - Listing commands auto-paginate (return all results); use
--limitto cap.
Filter syntax
--filter (on search, versions, major-versions, packages, imported-by, symbols) takes a Go boolean expression evaluated server-side, once per result item. It is not a regex — wrap the whole expression in single quotes for the shell.
- Identifiers are the item's fields, which differ per command — a field valid for one list is rejected by another (e.g.
searchexposespackagePath, notpath). An unknown field fails withundefined identifier: <name>(HTTP 400), which names the offending field. Fields use the item's lowercase JSON key; the exception is enum-like values such askind, which are capitalized (Function, notfunc). - Operators:
==!=<<=>>=, boolean&&||!, parentheses for grouping. - String functions:
contains(s, sub),hasPrefix(s, pre),hasSuffix(s, suf). - Literals: double-quoted strings (
"Function"),true/false, numbers.
Filterable fields per command (string unless noted):
| Command | Fields |
|---|---|
search | modulePath, packagePath, synopsis, version |
versions | version, modulePath, deprecated (bool), retracted (bool), hasGoMod (bool), commitTime |
packages | path, name, synopsis, isRedistributable (bool) |
imported-by | path (the importing package path) |
symbols | name, kind (Function/Method/Type/Variable/Constant), synopsis, parent |
major-versions | modulePath, major, version, isLatest (bool) |
godig symbols github.com/samber/lo --filter 'kind=="Function"' -o md
godig symbols github.com/samber/lo --filter 'kind=="Function" && hasPrefix(name,"Map")' -o md
godig versions github.com/samber/lo --filter 'hasPrefix(version,"v1.5")' -o md
godig versions github.com/samber/lo --filter 'deprecated==false && retracted==false' -o md
godig search "result option" --filter 'hasPrefix(packagePath,"github.com/samber/")' -o md
Examples
Always request Markdown output (-o md):
# Overview — start here (compact, one call)
godig overview github.com/samber/ro -o md
# Search
godig search "result option monad" --limit 5 -o md
# Package facets
godig package info github.com/samber/ro -o md
godig package imports github.com/samber/ro -o md
godig package doc github.com/samber/ro --format md -o md
godig package examples github.com/samber/ro --symbol Map -o md
godig package licenses github.com/samber/ro -o md
# Single symbol (token-efficient vs package-wide doc/examples)
godig symbol doc github.com/samber/lo Map -o md
godig symbol examples github.com/samber/oops OopsError.Error -o md
# Module facets
godig module info github.com/samber/ro -o md
godig module readme github.com/samber/ro -o raw
godig dependencies github.com/samber/ro -o md
# Lists (auto-paginated; --limit to cap)
godig versions github.com/samber/ro -o md
godig major-versions github.com/samber/lo -o md
godig packages github.com/samber/ro -o md
godig imported-by github.com/samber/ro --limit 20 -o md
godig symbols github.com/samber/ro --filter 'kind=="Function"' -o md
# Pin a version / set the build context
godig versions github.com/samber/ro --filter 'hasPrefix(version,"v0.3")' -o md
godig package doc github.com/samber/lo --version v1.50.0 -o md
godig symbols github.com/samber/ro --goos linux --goarch amd64 -o md
# Vulnerabilities
godig vulns github.com/samber/ro -o md
This skill is not exhaustive. godig --help and each sub-command's --help list current flags and output formats; the data mirrors what pkg.go.dev exposes.
If you encounter a bug or unexpected behavior in godig, open an issue at https://github.com/samber/godig/issues.
How can the creator link this skill?
Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.
<a href="https://skillzs.dev/skills/samber/cc-skills-golang/golang-pkg-go-dev">View golang-pkg-go-dev on skillZs</a>