Safety Report

gh

Name: gh
Rating: 5 (2 reviews)
Author: Trumppo

Use the GitHub CLI (gh) to perform core GitHub operations: auth status, repo create/clone/fork, issues, pull requests, releases, and basic repo management. Trigger for requests to use gh, manage GitHub repos, PRs, or issues from the CLI.

2,154Downloads

16Installs

2Stars

1Versions

Workflow Automation3,323 CLI & Shell Tools1,805 Git & Version Control784 Code Review200

Security Analysis

high confidence

Clean0.08 risk

The skill's instructions and requirements are coherent with a GitHub-CLI helper; it only contains gh command examples and no unexpected installs or credential requests, though it omits declaring the gh binary dependency explicitly.

Feb 11, 20262 files2 concerns

Purpose & Capabilitynote

The skill's name/description (GitHub CLI helper) matches the instructions (gh commands for repos, issues, PRs). Minor inconsistency: SKILL.md assumes the gh CLI is available and used, but the metadata lists no required binary. A user installing this should ensure gh is present.

Instruction Scopeok

Instructions are focused on running gh commands (auth status, repo create/clone/fork, issues, PRs, releases). They do not instruct reading unrelated files, exfiltrating data, or contacting endpoints other than GitHub via gh. They do include operating on the local repo (e.g., --source . --push), which is expected for this tool.

Install Mechanismok

This is an instruction-only skill with no install spec and no code files: nothing is written to disk by the skill itself. Low install risk.

Credentialsnote

The skill declares no environment variables or credentials, which is reasonable because gh manages auth. However, in practice gh operations require authenticated credentials (gh auth or GH_TOKEN) stored outside the skill. The absence of declared env vars is not dangerous but is a metadata omission worth noting.

Persistence & Privilegeok

The skill is not always-enabled and does not request elevated persistence or modify other skills. It can be invoked autonomously (platform default), which is normal for skills of this type.

Guidance

This skill is an instruction-only helper that tells the agent to run gh (GitHub CLI) commands. Before installing: ensure you have gh installed and configured with the credentials you intend the agent to use; be aware the agent may run commands that modify local repos or GitHub state (create/fork/merge/delete), so only allow this skill for agents you trust. If you want to restrict risk, require explicit user confirmation for any destructive actions or disable autonomous invocation for this skill. The metadata omission (no required-binary entry for gh) is benign but you should verify gh is available in the runtime environment.

Latest Release

v0.1.0

Initial publish

More by @Trumppo

gitbackup

0 stars

search-memory

0 stars

fullbackup

0 stars

mem

0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Published by @Trumppo on ClawHub