Get the FREE Ultimate OpenClaw Setup Guide →

github-cli

Flagged

{"isSafe":false,"isSuspicious":true,"riskLevel":"high","findings":[{"category":"prompt_injection","severity":"high","description":"Unquoted ARGUMENTS are passed directly to gh (gh $ARGUMENTS). If ARGUMENTS contains shell metacharacters or command separators (e.g., ;, &&, |), this can lead to command injection, allowing arbitrary commands to run on the host.","evidence":"Parse `$ARGUMENTS` and pass directly to `gh`:\n\n```\ngh $ARGUMENTS\n```"},{"category":"shell_command","severity":"medium","description":"Shell usage with unquoted user input (gh $ARGUMENTS) risks command injection. Consider safer argument handling (e.g., passing arguments as an array or validating inputs).","evidence":"Parse `$ARGUMENTS` and pass directly to `gh`:\n\n```\ngh $ARGUMENTS\n```"}],"summary":"Contains an unsafe pattern: taking user-supplied ARGUMENTS and injecting them into a shell command. This enables prompt injection / command execution risks. Recommend sanitizing inputs, or constructing gh commands without shell expansion (e.g., by passing arguments as separate tokens or using a wrapper that builds the gh command safely)."}

npx machina-cli add skill GantisStorm/essentials-claude-code/github-cli --openclaw
Files (1)
SKILL.md
2.0 KB

GitHub CLI helper skill for common gh operations. Requires gh CLI installed and authenticated.

Note: For creating/updating PR descriptions, use /mr-description-creator instead.

Actions

PR Operations

View PR status:

/github-cli pr status

View PR checks:

/github-cli pr checks

Merge PR:

/github-cli pr merge

View PR in browser:

/github-cli pr view --web

List PRs:

/github-cli pr list

Issue Operations

List issues:

/github-cli issue list

Create issue:

/github-cli issue create

View issue:

/github-cli issue view <number>

Repository Operations

View repo:

/github-cli repo view

Instructions

Step 1: Validate Environment

# Check gh is installed
gh --version

# Check gh is authenticated
gh auth status

If not installed, report: "Install gh CLI: https://cli.github.com" If not authenticated, report: "Run: gh auth login"

Step 2: Parse and Execute

Parse $ARGUMENTS and pass directly to gh:

gh $ARGUMENTS

Step 3: Report Result

Show gh output directly to user.

Examples

# View PR status
/github-cli pr status

# View PR checks (CI status)
/github-cli pr checks

# Merge current PR
/github-cli pr merge

# List open PRs
/github-cli pr list

# View PR in browser
/github-cli pr view --web

# List issues
/github-cli issue list

# Create issue interactively
/github-cli issue create

# View repo info
/github-cli repo view

# API calls
/github-cli api repos/{owner}/{repo}/pulls

# Any gh command works
/github-cli release list
/github-cli workflow list

Error Handling

ScenarioAction
gh not installed"Install gh: https://cli.github.com"
Not authenticated"Run: gh auth login"
gh command failsShow gh error output

Source

git clone https://github.com/GantisStorm/essentials-claude-code/blob/main/essentials/skills/github-cli/SKILL.mdView on GitHub

Overview

This skill wraps gh, the GitHub CLI, to simplify PR status, checks, merges, issue management, and repo queries in chat. It expects gh to be installed and authenticated and provides direct gh output, with instructions if the environment isn't ready. Note: For creating or updating PR descriptions, use /mr-description-creator.

How This Skill Works

First, it validates the environment by running gh --version and gh auth status. Then it forwards the parsed ARGUMENTS to gh, enabling commands like pr status, issue list, or repo view. Finally, it returns the raw gh output to the user and surfaces helpful error prompts if gh is missing or unauthenticated.

When to Use It

  • To check PR status or checks quickly without leaving chat
  • To merge a PR from the chat interface
  • To list or view issues and repo information
  • To view a PR in the browser with --web or open repo info
  • To run general gh commands via a simple wrapper

Quick Start

  1. Step 1: Validate Environment — ensure gh is installed and authenticated (gh --version and gh auth status).
  2. Step 2: Parse and Execute — pass ARGUMENTS to gh (gh $ARGUMENTS).
  3. Step 3: Report Result — show the gh output directly to the user.

Best Practices

  • Validate that gh is installed and authenticated before use
  • Pass arguments directly to gh to preserve behavior
  • Use explicit subcommands (pr view, issue list) for clarity
  • Use --web to open PRs, issues, or repos in the browser
  • Return gh output verbatim to support piping to logs or files

Example Use Cases

  • /github-cli pr status
  • /github-cli pr checks
  • /github-cli pr merge
  • /github-cli issue list
  • /github-cli repo view

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers