gh-cli

v1.1.1

GitHub CLI for remote repository analysis, file fetching, codebase comparison, and discovering trending code/repos. Use when analyzing repos without cloning,...

⭐ 0· 15·0 current·0 all-time

byMisha Kolesnik@tenequm·duplicate of @tenequm/x402-development

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The name/description match the instructions: the SKILL.md is a guide to using the GitHub CLI (gh) for remote repo analysis, file fetching, search, and comparisons. That purpose legitimately requires calling gh and interacting with GitHub APIs.

ℹ

Instruction Scope

Instructions tell the agent to run gh commands (gh api, gh search, gh repo view, etc.) which will make network calls to GitHub and may fetch repository contents. The SKILL.md also documents gh auth/login behavior (including storing tokens in credential stores or files). The instructions do not ask the agent to read unrelated local files, but they do imply use of authentication and credential storage which has side effects.

✓

Install Mechanism

This is an instruction-only skill (no install spec, no code written to disk), which is the lowest-risk install model. However, the runtime relies on an external binary (gh) being present even though none is declared.

!

Credentials

The skill declares no required env vars or credentials, yet the documentation explicitly references GH_TOKEN/GITHUB_TOKEN, GH_HOST, and gh auth/login flows. If the agent runs these gh commands and an authentication token is present in the environment or credential store, the agent could access private repos or perform actions. The lack of declared required credentials is an inconsistency and increases risk if users assume no credentials are needed.

✓

Persistence & Privilege

always is false and there is no install or code that modifies other skills or system-wide settings. The only persistence risk is that following gh auth instructions can register tokens in system credential stores or files — a side effect of using the gh CLI, not the skill itself.

What to consider before installing

This SKILL.md is a usable guide for running GitHub CLI (gh) commands, but it does not declare that the gh binary or GitHub credentials are required — those are implied. Before installing or using this skill: - Ensure the gh CLI is present where the agent will run; otherwise the commands will fail. - Be aware that if a GH_TOKEN/GITHUB_TOKEN (or stored gh credentials) exist in the agent environment or system credential store, the agent's gh commands can access private repos and perform API actions. Only provide a token with the minimal, read-only scopes you need (avoid repo:write or admin scopes unless necessary). - Avoid running interactive auth flows (gh auth login) via an automated agent; those can open browsers or store tokens locally. - Review any gh aliases or extensions configured in the environment (gh alias/extension can run shell commands) before allowing the agent to use this skill. - If you want read-only discovery on public repos, consider using a scoped read-only token or run the commands yourself rather than granting agent access. Given the mismatch between declared requirements and the instructions' dependencies on gh and credentials, treat this skill as potentially risky until you confirm the runtime environment and token policies.

Like a lobster shell, security has layers — review code before you run it.

latestvk979m2pkwm7qm9mqjk7nr9fhdx844r1x

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

GitHub CLI - Remote Analysis & Discovery

Remote repository operations, codebase comparison, and code discovery without cloning.

When to Use

Analyze repositories without cloning
Compare codebases side-by-side
Fetch specific files from any repo
Find trending repositories and code patterns
Search code across GitHub

Quick Operations

Fetch a file remotely

gh api repos/OWNER/REPO/contents/path/file.ts --template '{{.content | base64decode}}'

Get directory listing

gh api repos/OWNER/REPO/contents/PATH

Search code

gh search code "pattern" --language=typescript

Find trending repos

gh search repos --language=rust --sort stars --order desc

Compare Two Codebases

Systematic workflow for comparing repositories to identify similarities and differences.

Example use: "Compare solana-fm/explorer-kit and tenequm/solana-idls"

Step 1: Fetch directory structures

gh api repos/OWNER-A/REPO-A/contents/PATH
gh api repos/OWNER-B/REPO-B/contents/PATH

If comparing a monorepo package, specify the path (e.g., packages/explorerkit-idls).

Step 2: Compare file lists

gh api repos/OWNER-A/REPO-A/contents/PATH -q '.[].name'
gh api repos/OWNER-B/REPO-B/contents/PATH -q '.[].name'

Compare the output of each command to identify files unique to each repo and common files.

Step 3: Fetch key files for comparison

Compare package dependencies:

gh api repos/OWNER-A/REPO-A/contents/package.json --template '{{.content | base64decode}}'
gh api repos/OWNER-B/REPO-B/contents/package.json --template '{{.content | base64decode}}'

Compare main entry points:

gh api repos/OWNER-A/REPO-A/contents/src/index.ts --template '{{.content | base64decode}}'
gh api repos/OWNER-B/REPO-B/contents/src/index.ts --template '{{.content | base64decode}}'

Step 4: Analyze differences

Compare the fetched files to identify:

API Surface

What functions/classes are exported?
Are the APIs similar or completely different?

Dependencies

Shared dependencies (same approach)
Different dependencies (different implementation)

Unique Features

Features only in repo1
Features only in repo2

For detailed comparison strategies, see references/comparison.md.

Discover Trending Content

Find trending repositories

# Most starred repos
gh search repos --sort stars --order desc --limit 20

# Trending in specific language
gh search repos --language=rust --sort stars --order desc

# Recently popular (created in last month)
gh search repos "created:>2024-10-01" --sort stars --order desc

# Trending in specific topic
gh search repos "topic:machine-learning" --sort stars --order desc

Discover popular code patterns

# Find popular implementations
gh search code "function useWallet" --language=typescript --sort indexed

# Find code in popular repos only
gh search code "implementation" "stars:>1000"

# Search specific organization
gh search code "authentication" --owner=anthropics

For complete discovery queries and patterns, see references/discovery.md.

Search Basics

Code search

# Search across all repositories
gh search code "API endpoint" --language=python

# Search in specific organization
gh search code "auth" --owner=anthropics

# Exclude results with negative qualifiers
gh search issues -- "bug report -label:wontfix"

Issue & PR search

# Find open bugs
gh search issues --label=bug --state=open

# Search assigned issues
gh search issues --assignee=@me --state=open

For advanced search syntax, see references/search.md.

Special Syntax

Field name inconsistencies

IMPORTANT: GitHub CLI uses inconsistent field names across commands:

Field	`gh repo view`	`gh search repos`
Stars	`stargazerCount`	`stargazersCount`
Forks	`forkCount`	`forksCount`

Examples:

# ✅ Correct for gh repo view
gh repo view owner/repo --json stargazerCount,forkCount

# ✅ Correct for gh search repos
gh search repos "query" --json stargazersCount,forksCount

Excluding search results

When using negative qualifiers (like -label:bug), use -- to prevent the hyphen from being interpreted as a flag:

gh search issues -- "query -label:bug"

For more syntax gotchas, see references/syntax.md.

Advanced Workflows

For detailed documentation on specific workflows:

Core Workflows:

remote-analysis.md - Advanced file fetching patterns
comparison.md - Complete codebase comparison guide
discovery.md - All trending and discovery queries
search.md - Advanced search syntax
syntax.md - Special syntax and command quirks

GitHub Operations:

repositories.md - Repository operations
pull_requests.md - PR workflows
issues.md - Issue management
actions.md - GitHub Actions
releases.md - Release management

Setup & Configuration:

getting_started.md - Installation and auth
other.md - Environment variables, aliases, config
extensions.md - CLI extensions

Resources

Official docs: https://cli.github.com/manual/
GitHub CLI: https://github.com/cli/cli
Search syntax: https://docs.github.com/en/search-github

Files

16 total

Select a file

Select a file to preview.

Comments

Loading comments…