← Back to Skills Marketplace
rmorse

Github App Authentication

by Ross Morsali · GitHub ↗ · v0.1.5
cross-platform ✓ Security Clean
569
Downloads
0
Stars
1
Active Installs
4
Versions
Install in OpenClaw
/install ghapp
Description
Give your AI agents and automations their own GitHub (App) identity. Authenticate using GitHub Apps so every commit, PR, and action is attributed to the bot...
README (SKILL.md)

ghapp

Use ghapp to authenticate as a GitHub App so git and gh commands use installation tokens. Requires a GitHub App with App ID, Installation ID, and a private key (.pem).

Setup

  • ghapp setup — interactive wizard: enter App ID, Installation ID, key path, then configure auth
  • ghapp auth configure — configure git + gh authentication (if skipped during setup)
  • ghapp auth status — show current auth config and diagnostics

Commands

  • ghapp --help — list all commands and flags
  • ghapp token — print an installation token (cached; --no-cache for fresh)
  • ghapp auth configure [--gh-auth shell-function|path-shim|none] — configure how git/gh authenticate
  • ghapp auth status — check auth health
  • ghapp auth reset [--remove-key] — undo all auth config
  • ghapp config set, ghapp config get [key], ghapp config path — manage config
  • ghapp update — self-update to latest release
  • ghapp version — print version

gh auth modes (passed to auth configure)

  • shell-function — auto-authenticates gh commands via shell integration (recommended)
  • path-shim — wrapper binary for CI/containers
  • none — static token in hosts.yml

Notes

  • After setup, git clone/push/pull and gh work without manual tokens.
  • Commits are attributed to the app's bot account (e.g., myapp[bot]).
  • Tokens are cached locally and auto-refreshed.
  • Config stored at ~/.config/ghapp/config.yaml.
Usage Guidance
This skill is essentially documentation for using the ghapp CLI; it looks coherent, but take these precautions before installing/using it: - Verify the Homebrew formula and source (operator-kit/tap/ghapp). Prefer installing from a trusted source or building from repo source if you can. Third‑party taps can install arbitrary binaries. - The tool requires a GitHub App App ID, Installation ID, and a private key (.pem). These are sensitive — keep the key file secure and give the App the minimal permissions it needs. - Expect the tool to store tokens/config at ~/.config/ghapp/config.yaml; review that file and its permissions after setup and consider using filesystem encryption or an isolated environment if needed. - Be aware of the 'ghapp update' self-update behavior; automatic or manual updates could change binary behavior — inspect update mechanisms or pin versions if necessary. - If you want stronger assurance, inspect the ghapp source code (homepage: https://github.com/operator-kit/ghapp-cli) or run the CLI in a sandbox/CI runner before giving it access to production repositories. The main incoherence is that the registry metadata does not declare the sensitive credentials/config the tool requires; that omission is explainable but worth noting. If you need higher assurance, treat this as 'requires manual review' before installing.
Capability Analysis
Type: OpenClaw Skill Name: ghapp Version: 0.1.5 The skill bundle provides instructions for installing and using the `ghapp` CLI tool, which facilitates GitHub App authentication. The `SKILL.md` file includes a standard `brew` installation command for the `ghapp` binary and describes its various commands, including `ghapp update`. There is no evidence of prompt injection, data exfiltration, malicious execution, or other harmful intent within the provided files. The handling of sensitive credentials (GitHub App private keys) is inherent to the tool's stated purpose, and the skill bundle itself does not expose vulnerabilities in how the `ghapp` binary handles them.
Capability Assessment
Purpose & Capability
The name/description match the runtime instructions: the skill is an instruction wrapper for the ghapp CLI that authenticates as a GitHub App. Requiring the ghapp binary and offering a brew install for operator-kit/tap/ghapp is consistent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run ghapp CLI commands (setup, auth configure, token, etc.) and to read a private key (.pem) supplied by the user and to write config at ~/.config/ghapp/config.yaml. These actions are expected for this purpose and the instructions do not request unrelated files or network endpoints, but they do rely on the user providing sensitive GitHub App credentials and a private key.
Install Mechanism
Installation is via a Homebrew formula (operator-kit/tap/ghapp). A brew formula is a reasonable install method, but this is a third‑party tap rather than an official Homebrew-core package — that increases the need to verify the formula/source before trusting the installed binary.
Credentials
The runtime requires GitHub App credentials (App ID, Installation ID, private key) and will cache installation tokens locally, but the registry metadata lists no required env vars or config paths. The SKILL.md explicitly references ~/.config/ghapp/config.yaml and a .pem key path; the lack of declared required credentials/config in the registry is an inconsistency the user should be aware of.
Persistence & Privilege
always is false and the skill is user-invocable only; it does store tokens/config under ~/.config/ghapp (expected for its function). Note the CLI supports a self-update command, which could update the installed binary — verify update behavior and origin if you rely on this in a sensitive environment.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ghapp
  3. After installation, invoke the skill by name or use /ghapp
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.5
No significant code or documentation changes; SKILL.md reorganized for clarity. - Streamlined SKILL.md to focus on core setup and command usage. - Clarified setup steps and command explanations. - Revised authentication mode descriptions for brevity. - Removed some detailed usage notes for a more concise overview. - No functional or file content changes in this release.
v0.1.4
- SKILL.md is now the official documentation file (renamed from skill.md). - Metadata for bash-based installation has been removed; Homebrew installation remains available.
v0.1.2
- Updated description to clearly emphasize GitHub App authentication for AI agents and automations. - Clarified that all GitHub actions are attributed to the bot's own identity, not a personal account. - No changes to commands, features, or setup instructions.
v0.1.0
Initial release of ghapp — secure GitHub App authentication for bots, enabling seamless git and gh CLI usage without user accounts. - Authenticate bots/apps via GitHub App, not user accounts. - Interactive and non-interactive setup supported. - Offers transparent integration with git and gh commands (with multiple authentication modes). - Tokens auto-cached and managed; no manual tokens needed for bots. - Commits are attributed to the bot (app) account. - Supports local and keyring storage of private keys. - Easy installation via Homebrew or bash script.
Metadata
Slug ghapp
Version 0.1.5
License
All-time Installs 1
Active Installs 1
Total Versions 4
Frequently Asked Questions

What is Github App Authentication?

Give your AI agents and automations their own GitHub (App) identity. Authenticate using GitHub Apps so every commit, PR, and action is attributed to the bot... It is an AI Agent Skill for Claude Code / OpenClaw, with 569 downloads so far.

How do I install Github App Authentication?

Run "/install ghapp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Github App Authentication free?

Yes, Github App Authentication is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Github App Authentication support?

Github App Authentication is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Github App Authentication?

It is built and maintained by Ross Morsali (@rmorse); the current version is v0.1.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments