Generaltrailofbits

gh-cli

Enforces authenticated gh CLI workflows over unauthenticated curl/WebFetch patterns. Use when working with GitHub URLs, API access, pull requests, or issues.

Stars: 5,487
Source: trailofbits/skills
Updated: 2026-05-27
Slug: trailofbits--skills--gh-cli

View on GitHub Raw SKILL.md

// install — copy + paste into any project

mkdir -p .claude/skills && curl -fsSL https://raw.githubusercontent.com/trailofbits/skills/HEAD/.codex/skills/gh-cli/SKILL.md -o .claude/skills/gh-cli.md

Drops the SKILL.md into .claude/skills/gh-cli.md. Works with Claude Code, Cursor, and any agent that loads SKILL.md files from .claude/skills/.

gh-cli

When to Use

Working with GitHub repositories, pull requests, issues, releases, or raw file URLs.
You need authenticated access to private repositories or higher API rate limits.
You are about to use curl, wget, or unauthenticated web fetches against GitHub.

When NOT to Use

The target is not GitHub.
Plain local git operations already solve the task.

Guidance

Prefer the authenticated gh CLI over raw HTTP fetches for GitHub content. In particular:

Prefer gh repo view, gh pr view, gh pr list, gh issue view, and gh api over unauthenticated curl or wget.
Prefer cloning a repository and reading files locally over fetching raw.githubusercontent.com blobs directly.
Avoid using GitHub API /contents/ endpoints as a substitute for cloning and reading repository files.

Examples:

gh repo view owner/repo
gh pr view 123 --repo owner/repo
gh api repos/owner/repo/pulls

For the original Claude plugin implementation, see:

plugins/gh-cli/README.md
plugins/gh-cli/hooks/