nearai/github
skills/github/SKILL.md
GitHub API integration via HTTP tool with automatic credential injection
$ install --global
skillsauthnpx skillsauth add nearai/ironclaw githubInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 6:32 AM45.2s1 file scanned
SKILL.md
- name:
- github
- version:
- 1.0.0
- description:
- GitHub API integration via HTTP tool with automatic credential injection
- max_context_tokens:
- 2000
- - name:
- github_token
- provider:
- github
- type:
- bearer
- authorization_url:
- https://github.com/login/oauth/authorize
- token_url:
- https://github.com/login/oauth/access_token
- - "read:
- org
- strategy:
- reauthorize_only
- setup_instructions:
- Create a personal access token at https://github.com/settings/tokens
GitHub API Skill
You have access to the GitHub REST API via the http tool. Credentials are automatically injected — never construct Authorization headers manually. When the URL host is api.github.com, the system injects Authorization: Bearer {github_token} transparently.
API Patterns
All endpoints use https://api.github.com as the base URL. Common headers are injected automatically.
Issues
List issues:
http(method="GET", url="https://api.github.com/repos/{owner}/{repo}/issues?state=open&sort=created&direction=desc&per_page=30")
Get single issue:
http(method="GET", url="https://api.github.com/repos/{owner}/{repo}/issues/{number}")
Create issue:
http(method="POST", url="https://api.github.com/repos/{owner}/{repo}/issues", body={"title": "...", "body": "...", "labels": ["bug"]})
Add comment:
http(method="POST", url="https://api.github.com/repos/{owner}/{repo}/issues/{number}/comments", body={"body": "..."})
Pull Requests
List PRs:
http(method="GET", url="https://api.github.com/repos/{owner}/{repo}/pulls?state=open&sort=created&direction=desc&per_page=30")
Create PR:
http(method="POST", url="https://api.github.com/repos/{owner}/{repo}/pulls", body={"title": "...", "body": "...", "head": "feature-branch", "base": "main", "draft": true})
Get PR diff:
http(method="GET", url="https://api.github.com/repos/{owner}/{repo}/pulls/{number}", headers=[{"name": "Accept", "value": "application/vnd.github.v3.diff"}])
Repository
Get repo info:
http(method="GET", url="https://api.github.com/repos/{owner}/{repo}")
List branches:
http(method="GET", url="https://api.github.com/repos/{owner}/{repo}/branches")
List recent commits:
http(method="GET", url="https://api.github.com/repos/{owner}/{repo}/commits?per_page=10")
Authenticated User & Cross-Repo Queries
When the user says "my PRs", "my issues", or "my repos", they mean the user who owns github_token. Don't try to list a single repo, hit the search/user endpoints instead.
Get the authenticated user (resolves who @me is):
http(method="GET", url="https://api.github.com/user")
My latest PRs across all repos:
http(method="GET", url="https://api.github.com/search/issues?q=is:pr+author:%40me+sort:updated-desc&per_page=20")
My open issues across all repos (assigned to me):
http(method="GET", url="https://api.github.com/search/issues?q=is:issue+is:open+assignee:%40me&per_page=20")
PRs that need my review:
http(method="GET", url="https://api.github.com/search/issues?q=is:pr+is:open+review-requested:%40me")
My repos (list all repos accessible to the token):
http(method="GET", url="https://api.github.com/user/repos?sort=updated&per_page=30")
Search
GitHub has three search endpoints. Build queries with the search syntax.
Search issues and PRs (one endpoint, filter with is:pr or is:issue):
http(method="GET", url="https://api.github.com/search/issues?q=repo:{owner}/{repo}+is:pr+is:open+label:bug")
- Note: There is no
/search/pullsendpoint;/search/issuesis the unified endpoint for both issues and PRs.
Search code:
http(method="GET", url="https://api.github.com/search/code?q=fn+main+language:rust+repo:{owner}/{repo}")
Search repositories:
http(method="GET", url="https://api.github.com/search/repositories?q=tetris+language:rust&sort=stars")
URL-encode @ as %40 and spaces as + in q= values.
Response Handling
The http tool returns an envelope:
{"status": 200, "headers": {...}, "body": <parsed value>}
- JSON endpoints —
bodyis already a parsed Python dict or list. Do not calljson.loads()on it. Example:r = await http(method="GET", url="https://api.github.com/repos/{owner}/{repo}/pulls/123") if r["status"] != 200: FINAL(f"GitHub returned HTTP {r['status']}: {r['body']}") pr = r["body"] # dict, not a string title = pr["title"] # use direct indexing; these keys always exist on a 2xx state = pr["state"] head = pr["head"]["ref"] base = pr["base"]["ref"] - Diff / plain text endpoints (
Accept: application/vnd.github.v3.diffetc.) —bodyis astrcontaining the raw unified diff; use it as-is. - Never write
body = pr_meta.get("body", pr_meta)as a "safety net" — it hides real errors. Ifstatusisn't 2xx, fail fast. - For list endpoints, check the
Linkheader for pagination. - Rate limit: 5000 req/hour authenticated. Check
X-RateLimit-Remainingif doing bulk ops. - Error responses are JSON of the form
{"message": "..."}with a non-2xxstatus— surface them literally in your FINAL answer.
Common Mistakes
- Do NOT add an
Authorizationheader — it is injected automatically by the credential system. - Always use HTTPS URLs (HTTP is blocked by the security layer).
- For creating PRs, always set
draft: trueunless the user explicitly says "ready for review". - The
stateparameter for issues/PRs isopen,closed, orall— notactive/inactive. - Use
per_pageto control result count (max 100). Default is 30. - For "my PRs / my issues" across all repos, hit
/search/issues?q=...+author:%40me. Do NOT loop over/repos/{owner}/{repo}/pullsfor every repo; that's slow and you usually don't have the full repo list.
Related Skills
nearai/linear
development
VerifiedTrustedCommunity
Linear issue tracker API integration. Covers first-use identity bootstrap (viewer + teams cached), raw GraphQL for list/search/create/update, and the rules for handling "my issues" / "assigned to me" requests.
12,145SKILL.mdUpdated Apr 15, 2026
nearai/trader-setup
testing
VerifiedTrustedCommunity
One-time onboarding for the financial trader workflow — real-time alerts, position-aware relevance, decision journaling with outcome tracking. After successful setup this skill is excluded from selection until the marker file is deleted.
11,894SKILL.mdUpdated Apr 19, 2026
nearai/developer-setup
development
VerifiedTrustedCommunity
One-time onboarding for the developer workflow — installs github-workflow missions, creates the commitments workspace, registers per-repo projects, writes calibration memories. After successful setup this skill is excluded from selection until the marker file is deleted.
11,894SKILL.mdUpdated Apr 19, 2026
nearai/content-creator-setup
devops
VerifiedTrustedCommunity
One-time onboarding for the content creator workflow — content pipeline stages, trend expiration, cross-platform cascades, heavy idea parking. After successful setup this skill is excluded from selection until the marker file is deleted.
11,894SKILL.mdUpdated Apr 19, 2026