oneshot-gtm

Name: oneshot-gtm
Author: oneshot-agent

Verified

GTM agent for technical founders. Pay-per-result. Signed receipts. Two surfaces: terminal CLI + local web dashboard.

373stars

9forks

TypeScript

Installation

# Add to your Claude Code skills
git clone https://github.com/oneshot-agent/oneshot-gtm

Getting Started

Guides for using ai agents skills like oneshot-gtm.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

Security ReportVerified

Last scanned: 6/16/2026

{
  "issues": [
    {
      "file": "README.md",
      "line": 56,
      "type": "secret-exfiltration",
      "message": "Instruction appears to send credentials/secrets to an external endpoint",
      "severity": "medium"
    },
    {
      "file": "README.md",
      "line": 108,
      "type": "remote-install",
      "message": "Install command (remote install script piped to a shell — review the source before running): \"curl -fsSL https://bun.sh/install | bash\"",
      "severity": "low"
    }
  ],
  "status": "PASSED",
  "scannedAt": "2026-06-16T09:26:43.809Z",
  "npmAuditRan": false,
  "pipAuditRan": true,
  "promptInjectionRan": true
}

README.md

Frequently Asked Questions

What is oneshot-gtm?

oneshot-gtm is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by oneshot-agent. GTM agent for technical founders. Pay-per-result. Signed receipts. Two surfaces: terminal CLI + local web dashboard. It has 373 GitHub stars.

Is oneshot-gtm safe to use?

Yes. oneshot-gtm passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.

How do I install oneshot-gtm?

Clone the repository with "git clone https://github.com/oneshot-agent/oneshot-gtm" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is oneshot-gtm written in?

oneshot-gtm is primarily written in TypeScript. It is open-source under oneshot-agent on GitHub, so you can review or fork the full source.

Are there alternatives to oneshot-gtm?

Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh oneshot-gtm against similar tools.

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

216,382

MCPSharp claude-code-aso-skill

oneshot-gtm

Open-source GTM agent for technical founders. Pay-per-result. Signed receipts. Founder-led discipline encoded. Two surfaces: terminal CLI + local web dashboard, both backed by the same SQLite ledger.

# Dashboard-only (published, no clone needed):
bunx oneshot-gtm-server     # opens http://127.0.0.1:3030

# Full install (CLI + dashboard, repo clone — see below):
bun run cli -- init         # one-time setup
bun run cli -- ui           # opens http://127.0.0.1:3030

What this is

A focused, opinionated wrapper around OneShot — a pay-per-use API toolbox for email, SMS, voice, deep research, person enrichment, browser automation, and website build, all settled per-call in USDC on Base with cryptographically signed receipts for every action.

OneShot is the toolbox. oneshot-gtm is the strategy wrapper: it encodes the canonical PMF + founder-led-sales playbook (Mom Test, Sean Ellis 40%, Predictable Revenue, do-things-that-don't-scale, multichannel cadence, signed-receipt CAC) as a set of named plays you actually run from the terminal or the dashboard.

It's open source (MIT) so you can read every prompt, fork every play, and trust what's running.

Two ways to use it

Terminal — for power users + scripting

bun run cli -- intel advise                                  # interactive coach
bun run cli -- discover icp interview-prep "your hypothesis"
bun run cli -- find watch --once                             # poll all due triggers, enqueue candidates
bun run cli -- find drain podcast-guest --dry-run            # preview approved /queue rows
bun run cli -- cadence advance                               # daily tick: poll inbox + fire follow-ups

~30 commands across 9 groups. See bun run cli -- --help or jump to the Command map.

Dashboard — for visibility + non-technical co-founders

bun run cli -- ui                # default: serves prebuilt React app on 127.0.0.1:3030
bun run cli -- ui --dev          # vite hot-reload + API server in parallel
bun run cli -- ui --port 4000    # custom port
bun run cli -- ui --no-browser   # don't auto-open

Eight pages, all reading the same ~/.oneshot-gtm/ledger.sqlite:

Home — spend (7d / 30d), reply rate trend, in-flight cadences, recent receipts
Queue — triggers table (enable, edit JSON config, fire) + target queue (status + play filters, bulk approve). Per-play Drain opens a modal that hands off to /run/<play> with approved rows pre-loaded — every draft + lint flag streams live, and the latest draft persists on the queue row so you can re-read it later by expanding the row (subject + body + flags + receipt links). Per-row spinner + locked button while a trigger is running.
Replies (/inbox) — every reply matched to its prospect + play + cadence status by sender address, merged across all sender identities. Expand a reply to answer it in place: write the draft yourself or generate with the LLM (founder voice, primed with the inbound message + your prior touches), edit, and send. Replies go out from the identity that received them and thread on both transports — Gmail via In-Reply-To / References, OneShot via the platform's reply_to_email_id (SDK 0.19). Sends carry an idempotency key, so a retry after a timeout can't double-send
Cadences — table view with inline Stop + Log outcome buttons; outcome modal supports meeting_booked / sql_qualified / deal_won / deal_lost / ghosted. Per-row chevron exposes the next-step draft preview before send; bulk select for batch preview/send; sent-step history collapsible inline; pulsing "sending" badge while a fire-and-forget send is in flight.
Receipts — paginated table; click a row → modal with the signed receipt payload
Plays — cards with channel badges + Run button (for show-hn / job-change / post-funding / accelerator-batch / hiring-signal / podcast-guest / stack-consolidation / repo-interest) + Copy CLI button
Measure — CAC + RoCS tables filterable by time range
Setup — editable wizard: founder profile, LLM provider/model, OneShot wallet keys (hidden inputs), telemetry toggle. Saves to chmod-600 ~/.oneshot-gtm/.env.

The Run a play form (/run/$playName) takes editable target rows + a dry-run toggle and streams drafted emails back via Server-Sent Events with lint flags + clickable receipt links. When arriving from /queue via the Drain button, target rows auto-hydrate from approved queue rows and each generated draft persists back to its originating row on completion — re-readable from /queue at any time.

A floating strategist dock is mounted on every page. Open it to chat through trigger config: it reads your ICP + product one-liner and proposes JSON configs as confirmation chips you click to apply. Endpoint: POST /api/strategist/stream (SSE).

Discovery — where targets come from

Motion plays don't require hand-curated JSON anymore. Ten finders auto-discover prospects, ICP-filter them, and enqueue into /queue for one-click approve / reject:

show-hn — HN Algolia poller, surfaces same-day Show HN posts
post-funding — webSearch by ICP-derived industry × round (auto), or a TC/Crunchbase URL list
job-change — webSearch for "joined as <persona>" announcements with persona + company filters
hiring-signal — Greenhouse / Lever / Workable / Ashby ATS search
podcast-guest — recent-guest discovery across Latent Space, Lenny's, 20VC, Acquired, Invest Like the Best
accelerator-batch — yc-oss directory + websearch fallback for non-YC cohorts (Techstars, Antler, 500 Global, AI Grant)
github-topics — GitHub-API manifest scan (package.json, pyproject.toml, requirements.txt) detects vendor stack deterministically; finds repos stitching together N agent vendors as competitor-switch targets
github-stars — recent stargazers of repos you watch, routed per repo: tag a repo competitor (→ competitor-switch) or adjacent (→ repo-interest, a "you're into X, my product helps" intro)
luma-events — upcoming events from Luma's own city pages (genuinely upcoming, not search-indexed leftovers), gated per event by a topic + ICP check before any spend; pitches the hosts + featured guests Luma exposes publicly per event — with their LinkedIn/website, so contact resolution actually lands. Each queue row is tagged Host or Guest and drafted accordingly
breakup-revive — scans the local ledger for prospects cold for 60-90 days

Each finder runs as a trigger with its own interval + spend cap — click the interval in the /queue triggers table to change cadence (presets 1h–7d, or revert to the default). Captured per-prospect signals (LinkedIn URL via webSearch + phone via passive enrichment when surfaced) show next to the email + company in /queue. Approved rows ship via bun run cli -- find drain <play> or the per-play Drain button on the Queue page.

The dashboard server runs an in-process scheduler that fires enabled triggers on their interval automatically — open bun run cli -- ui, enable a trigger, and it polls without you needing a separate find watch daemon. The CLI watch command stays useful for cron + headless deployments where you don't want the dashboard.

/home surfaces a Scheduler section per trigger — state pill, last-run summary (the cand=N · kept=M · icp=K · $X.YY line you see on /queue), last polled, next due — so "is the scheduler alive?" is a glance, not a grep events.jsonl. Overdue triggers show in oxblood; disabled ones collapse behind a chevron.

A trigger whose stored config is missing required inputs (e.g. accelerator-batch without a cohort) reads as not ready on /queue — the Enable toggle and Run Now button are disabled with the reason in a tooltip. Edit config via the pencil icon to clear it; nothing fires while a trigger is unready. The same gate returns 409 on POST /api/triggers/:name/enabled and :name/run, so scripted callers can't bypass it.

Before any findEmail call, a pre-flight check skips dud domains (free-tier subdomains like *.vercel.app/*.github.io, social hosts, link aggregators, personal email providers) and inputs where the "name" is obviously a username (samaralihussain, no whitespace or period). On a 50-candidate Show HN run that historically dropped ~37 of 50 at the SDK, the prescreen now eliminates the wasted spend at ~$0.05/call — roughly $1–2 saved per run. Skipped rows log a finder.skipped_findemail event with the reason for later blocklist tuning.

Sender rotation — OneShot domains or your own Gmail

Outbound ships through a sender identity pool: any mix of OneShot wallet-owned domains and your own Gmail / Google Workspace accounts. Routing rules:

Sticky threads — every email to a given prospect comes from the identity that sent their first touch, across plays and cadence steps. In-flight conversations never switch From address.
Warm-up caps — a freshly added Gmail account ramps automatically (10/day, +10/week, max 50 by default; edit per identity on /setup). OneShot identities are uncapped and absorb overflow.
Defer, don't exceed — when every identity hits its daily cap, cadence steps stay due and queue rows stay approved until capacity resets at midnight. Nothing sends over cap.
Replies follow the pool — the