trailofbits/gh-cli
plugins/gh-cli/skills/gh-cli/SKILL.md
Enforces authenticated gh CLI workflows over unauthenticated curl/WebFetch patterns. Use when working with GitHub URLs, API access, pull requests, or issues.
$ install --global
skillsauthnpx skillsauth add trailofbits/skills gh-cliInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 6, 2026, 2:13 AM4.4s2 files scanned
SKILL.md
- name:
- gh-cli
- description:
- Enforces authenticated gh CLI workflows over unauthenticated curl/WebFetch patterns. Use when working with GitHub URLs, API access, pull requests, or issues.
gh-cli
When to Use
- Working with GitHub repositories, pull requests, issues, releases, or raw file URLs.
- You need authenticated access to private repositories or higher API rate limits.
- You are about to use
curl,wget, or unauthenticated web fetches against GitHub.
When NOT to Use
- The target is not GitHub.
- Plain local git operations already solve the task.
Guidance
Prefer the authenticated gh CLI over raw HTTP fetches for GitHub content. In particular:
- Prefer
gh repo view,gh pr view,gh pr list,gh issue view, andgh apiover unauthenticatedcurlorwget. - Prefer cloning a repository and reading files locally over fetching
raw.githubusercontent.comblobs directly. - Avoid using GitHub API
/contents/endpoints as a substitute for cloning and reading repository files.
Examples:
gh repo view owner/repo
gh pr view 123 --repo owner/repo
gh api repos/owner/repo/pulls
For the hook implementation, see:
plugins/gh-cli/README.mdplugins/gh-cli/hooks/
Related Skills
trailofbits/semgrep-rule-creator
development
VerifiedTrustedCommunity
Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
5,647SKILL.mdUpdated Apr 26, 2026
trailofbits/second-opinion
tools
VerifiedTrustedCommunity
Runs external LLM code reviews (OpenAI Codex or Google Gemini CLI) on uncommitted changes, branch diffs, or specific commits. Use when the user asks for a second opinion, external review, codex review, gemini review, or mentions /second-opinion.
5,647SKILL.mdUpdated Apr 26, 2026
trailofbits/chrome-mcp-troubleshooting
tools
VerifiedTrustedCommunity
Diagnose and fix Claude in Chrome MCP extension connectivity issues. Use when mcp__claude-in-chrome__* tools fail, return "Browser extension is not connected", or behave erratically.
5,570SKILL.mdUpdated Jun 6, 2026
trailofbits/c-review
development
VerifiedTrustedCommunity
Performs comprehensive C/C++ security review for memory corruption, integer overflows, race conditions, and platform-specific vulnerabilities. Use when auditing native C/C++ applications, reviewing daemons or services for memory safety, or hunting integer overflow / use-after-free / race conditions in userspace code.
5,570SKILL.mdUpdated May 4, 2026