clw-github-projects

The skill's purpose (GitHub Projects GraphQL experimentation) matches the code and instructions, but metadata omits required tooling/credentials and the included script builds shell commands unsafely and reads undeclared environment variables — these inconsistencies raise moderate concern.

This skill is a coherent experiment about GitHub Projects v2, but review a few things before installing or running: 1) The SKILL.md uses the GitHub CLI (gh) and assumes you are authenticated — the skill metadata doesn't declare this; ensure gh is installed and you understand which GitHub account/token will be used. 2) The included script concatenates inputs into shell commands and calls subprocess.run(..., shell=True) — avoid running it with untrusted environment variables or inputs (this can lead to command injection). 3) The skill prints API responses (JSON) to stdout — be cautious if your GitHub account or repos contain sensitive info. 4) Prefer running the scripts in an isolated environment (throwaway account or container) or adapt them to use safer library calls (PyGithub) or subprocess list form (no shell) with proper escaping. 5) If you need to proceed, ask the author to update metadata to declare required binaries/credentials and to fix unsafe subprocess usage; otherwise treat this as experimental tooling and do not run it on highly privileged accounts.