Safety Report

GitHub Workflow

Name: GitHub Workflow
Rating: 5 (1 reviews)
Author: kretkas

Professional GitHub workflows via gh CLI. Use for repos, branches, PRs, CI/CD, releases, versioning, secrets, issues. Trigger on: GitHub, git, repo, PR, bran...

46Downloads

0Installs

1Stars

2Versions

Workflow Automation8,822 CLI & Shell Tools3,679 DevOps & Infrastructure2,137 Git & Version Control1,782

Security Analysis

high confidence

Clean0.20 risk

This is a coherent GitHub CLI workflow guide, but it can use GitHub credentials to perform powerful repository actions that users should review carefully.

May 6, 20267 files5 concerns

Purpose & Capabilitynote

The documented capabilities match the stated GitHub workflow purpose, including PRs, issues, CI, releases, secrets, and branch protection. Some actions are high-impact but are disclosed.

Instruction Scopenote

The skill documents broad gh CLI/API operations. Many destructive or publishing operations explicitly say to confirm with the user first, which keeps the behavior purpose-aligned.

Install Mechanismnote

There is no install spec and no code files, so there is no hidden executable payload in the provided artifacts. However, the metadata does not declare the gh binary or GitHub credential requirement even though SKILL.md expects them.

Credentialsnote

GitHub authentication via gh auth or GITHUB_TOKEN is expected for this skill, and the instructions include safeguards not to print or log tokens.

Persistence & Privilegenote

No background persistence or autonomous worker is present, but the skill can make persistent changes to GitHub repositories, such as merges, releases, branch protection, secrets, workflow settings, or deletion when directed.

Guidance

This skill appears benign and purpose-aligned for GitHub work. Before installing or using it, make sure the active GitHub account/token has only the permissions needed, verify the target repository for every command, and require explicit confirmation before merges, releases, workflow changes, secret updates, branch-protection changes, or deletion/archive actions.

Latest Release

v1.2.0

# Changed - Split into `SKILL.md` (core) + 6 reference files — only the relevant section is loaded - ~70% token reduction on typical tasks # Added - `⚠️ CONFIRM WITH USER` warnings before all write/delete operations - Git Flow branching strategy: `main → develop → feature/fix/hotfix/release` - Branch protection via `gh api` - Semantic versioning with MAJOR/MINOR/PATCH table - Full 10-step workflow: issue → branch → PR → merge → release - CI best practices checklist for `.github/workflows/` - Security rules: no token exposure, `gh auth login --web` only # Removed - Monolithic single-file structure

More by @kretkas

GitHub Workflow

1 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Published by @kretkas on ClawHub