Github Cli
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent, instruction-only GitHub CLI reference, but it documents powerful authenticated GitHub operations and token-related commands that should only be used deliberately.
This skill appears suitable as a GitHub CLI reference, but use it with the same caution as giving an agent access to your `gh` session. Confirm the target repository and action before mutating data, avoid exposing tokens, and grant only the GitHub scopes needed for the task.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A token or expanded scope could let commands access or change private repositories, organization resources, or even enable repository deletion if the user grants that scope.
The skill documents use of the user's GitHub authentication, adding high-impact scopes, and printing the active token. This is expected for a GitHub CLI reference, but it exposes sensitive account authority if used carelessly.
Auth: `gh auth login` or set `GH_TOKEN` env var ... `gh auth refresh -s delete_repo` ... `gh auth status --show-token` ... `gh auth token`
Only authenticate accounts and grant scopes that are needed for the current task. Avoid printing tokens unless explicitly necessary, and do not paste or store tokens in shared logs or conversations.
If an agent runs these commands without clear user intent, it could create, push to, or reconfigure repositories, and disabled prompts may reduce opportunities to catch mistakes.
The reference includes non-interactive configuration and commands that can mutate GitHub repositories. These are purpose-aligned examples, not hidden automation, but impactful use should be explicitly confirmed.
`gh config set prompt disabled # disable interactive prompts (good for scripts)` ... `gh repo create my-project --private --source=. --remote=upstream --push` ... `gh repo edit --default-branch main`
Require explicit user approval, confirm the target owner/repository, and keep prompts enabled unless the user specifically requests non-interactive scripting.