Interact with GitHub using Personal Access Tokens. Secure, user-controlled access - no OAuth, no full account access. Clone, push, branch, PR, issues. Use when user wants to work with GitHub repos.
Security Analysis
high confidenceThe skill mostly does what it says (uses a GitHub PAT to operate on repos), but its instructions and code encourage insecure token handling (storing tokens in TOOLS.md and embedding PATs into remote URLs/.git config) and the package metadata does not declare the credential it clearly needs.
Name/description match the code and SKILL.md: the CLI lists repos, clones, creates branches, pushes, PRs, and issues via a PAT and the GitHub API. However, the registry metadata omits declaring a primary credential (the PAT) even though both SKILL.md and scripts/gh.py expect/accept a GitHub token (via --token or GITHUB_TOKEN).
SKILL.md instructs the agent to store the PAT in TOOLS.md and pass tokens to the CLI. The script embeds tokens into HTTPS remote URLs for clone/push (https://{token}@github.com/...), which will typically end up persisted in .git/config and can leak the PAT. Storing tokens in a plain TOOLS.md file is similarly risky. The instructions do not warn about the remote-URL persistence risk or recommend secure credential helpers.
No install spec; the skill is instruction-only with an included Python script. Nothing is downloaded from external URLs or installed automatically.
The skill requests the user provide a PAT in SKILL.md and the code reads GITHUB_TOKEN, but the registry metadata lists no required env vars and no primary credential. This is an inconsistency: the skill legitimately needs a secret PAT to function, and that should be declared and handled carefully.
always is false (good). The SKILL.md explicitly instructs storing the token in TOOLS.md; combined with autonomous invocation this could expose the PAT to other components that read that file. The skill does not modify other skills or global config, but it will cause tokens to be persisted into repository config when embedding tokens in remote URLs.
Guidance
This skill appears to implement the stated GitHub functions, but it encourages insecure token handling. Before installing or using it: (1) do not store PATs in plain TOOLS.md or commit them; prefer using a secure environment variable or a system credential helper; (2) be aware the script embeds tokens into HTTPS repo URLs which often end up in .git/config — that will persist the token in plaintext inside repositories unless you take steps to remove it; (3) consider creating a fine-grained PAT with minimal scopes and rotate it after testing; (4) review scripts/gh.py yourself (or run it in an isolated environment) to confirm it meets your security requirements; (5) request that the publisher declare the expected credential (e.g., GITHUB_TOKEN) in the metadata and update instructions to avoid persisting tokens in repo configs. If you cannot avoid embedding tokens into URLs, at minimum ensure you scrub .git/config and do not push that file to any remote.
Latest Release
v1.0.0
Initial release - secure GitHub access via Personal Access Tokens. Clone, push, branch, PR, issues. User-controlled access, no OAuth.
More by @dannyshmueli
Published by @dannyshmueli on ClawHub
