Gh
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only GitHub CLI skill matches its stated purpose, but it can use your logged-in GitHub account to make real repository changes.
This skill is reasonable for GitHub CLI work, but treat it like giving an assistant access to your logged-in GitHub account. Check `gh auth status`, confirm the target repository and branch, and approve any create, comment, merge, release, delete, or force-push action before it runs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on the wrong account, repo, branch, issue, or pull request, the agent could create unwanted content or merge/publish changes.
The skill documents GitHub CLI commands that can create repositories, post comments, merge pull requests, and publish releases. These actions are aligned with the stated purpose, but they can materially change GitHub resources.
gh repo create OWNER/NAME --private --confirm ... gh issue comment <num> --body "..." ... gh pr merge <num> --merge ... gh release create vX.Y.Z --title "vX.Y.Z" --notes "..."
Before mutating actions, verify the GitHub owner/repo, branch, PR or issue number, and the exact title/body/notes. Require explicit user approval for merges, releases, deletes, force pushes, and public comments.
Actions will be performed as the currently authenticated GitHub user, possibly against private repositories or organizations that account can access.
The skill uses the active authenticated GitHub CLI session. This is expected for GitHub operations, but all actions inherit whatever permissions the logged-in account/token has.
Use `gh` for authenticated GitHub operations from the terminal.
Run `gh auth status` before use, confirm the active account and host, and ensure the token has only the scopes needed for the intended task.
Following unreviewed external setup instructions could expose users to different commands or dependencies than those shown in this skill.
The skill points to an external setup guide that is not included in the reviewed artifact set. No harmful behavior is shown here, but off-platform setup instructions are outside this review.
> ?? **Complete setup guide**: https://SkillBoss.co/skill.md
Prefer official GitHub CLI installation/authentication documentation, and review any external setup guide before running commands from it.