← 返回 Skills 市场
Github App Authentication
作者
Ross Morsali
· GitHub ↗
· v0.1.5
569
总下载
0
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install ghapp
功能描述
Give your AI agents and automations their own GitHub (App) identity. Authenticate using GitHub Apps so every commit, PR, and action is attributed to the bot...
使用说明 (SKILL.md)
ghapp
Use ghapp to authenticate as a GitHub App so git and gh commands use installation tokens. Requires a GitHub App with App ID, Installation ID, and a private key (.pem).
Setup
ghapp setup— interactive wizard: enter App ID, Installation ID, key path, then configure authghapp auth configure— configure git + gh authentication (if skipped during setup)ghapp auth status— show current auth config and diagnostics
Commands
ghapp --help— list all commands and flagsghapp token— print an installation token (cached;--no-cachefor fresh)ghapp auth configure [--gh-auth shell-function|path-shim|none]— configure how git/gh authenticateghapp auth status— check auth healthghapp auth reset [--remove-key]— undo all auth configghapp config set,ghapp config get [key],ghapp config path— manage configghapp update— self-update to latest releaseghapp version— print version
gh auth modes (passed to auth configure)
shell-function— auto-authenticates gh commands via shell integration (recommended)path-shim— wrapper binary for CI/containersnone— static token in hosts.yml
Notes
- After setup,
git clone/push/pullandghwork without manual tokens. - Commits are attributed to the app's bot account (e.g.,
myapp[bot]). - Tokens are cached locally and auto-refreshed.
- Config stored at
~/.config/ghapp/config.yaml.
安全使用建议
This skill is essentially documentation for using the ghapp CLI; it looks coherent, but take these precautions before installing/using it:
- Verify the Homebrew formula and source (operator-kit/tap/ghapp). Prefer installing from a trusted source or building from repo source if you can. Third‑party taps can install arbitrary binaries.
- The tool requires a GitHub App App ID, Installation ID, and a private key (.pem). These are sensitive — keep the key file secure and give the App the minimal permissions it needs.
- Expect the tool to store tokens/config at ~/.config/ghapp/config.yaml; review that file and its permissions after setup and consider using filesystem encryption or an isolated environment if needed.
- Be aware of the 'ghapp update' self-update behavior; automatic or manual updates could change binary behavior — inspect update mechanisms or pin versions if necessary.
- If you want stronger assurance, inspect the ghapp source code (homepage: https://github.com/operator-kit/ghapp-cli) or run the CLI in a sandbox/CI runner before giving it access to production repositories.
The main incoherence is that the registry metadata does not declare the sensitive credentials/config the tool requires; that omission is explainable but worth noting. If you need higher assurance, treat this as 'requires manual review' before installing.
功能分析
Type: OpenClaw Skill
Name: ghapp
Version: 0.1.5
The skill bundle provides instructions for installing and using the `ghapp` CLI tool, which facilitates GitHub App authentication. The `SKILL.md` file includes a standard `brew` installation command for the `ghapp` binary and describes its various commands, including `ghapp update`. There is no evidence of prompt injection, data exfiltration, malicious execution, or other harmful intent within the provided files. The handling of sensitive credentials (GitHub App private keys) is inherent to the tool's stated purpose, and the skill bundle itself does not expose vulnerabilities in how the `ghapp` binary handles them.
能力评估
Purpose & Capability
The name/description match the runtime instructions: the skill is an instruction wrapper for the ghapp CLI that authenticates as a GitHub App. Requiring the ghapp binary and offering a brew install for operator-kit/tap/ghapp is consistent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run ghapp CLI commands (setup, auth configure, token, etc.) and to read a private key (.pem) supplied by the user and to write config at ~/.config/ghapp/config.yaml. These actions are expected for this purpose and the instructions do not request unrelated files or network endpoints, but they do rely on the user providing sensitive GitHub App credentials and a private key.
Install Mechanism
Installation is via a Homebrew formula (operator-kit/tap/ghapp). A brew formula is a reasonable install method, but this is a third‑party tap rather than an official Homebrew-core package — that increases the need to verify the formula/source before trusting the installed binary.
Credentials
The runtime requires GitHub App credentials (App ID, Installation ID, private key) and will cache installation tokens locally, but the registry metadata lists no required env vars or config paths. The SKILL.md explicitly references ~/.config/ghapp/config.yaml and a .pem key path; the lack of declared required credentials/config in the registry is an inconsistency the user should be aware of.
Persistence & Privilege
always is false and the skill is user-invocable only; it does store tokens/config under ~/.config/ghapp (expected for its function). Note the CLI supports a self-update command, which could update the installed binary — verify update behavior and origin if you rely on this in a sensitive environment.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ghapp - 安装完成后,直接呼叫该 Skill 的名称或使用
/ghapp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.5
No significant code or documentation changes; SKILL.md reorganized for clarity.
- Streamlined SKILL.md to focus on core setup and command usage.
- Clarified setup steps and command explanations.
- Revised authentication mode descriptions for brevity.
- Removed some detailed usage notes for a more concise overview.
- No functional or file content changes in this release.
v0.1.4
- SKILL.md is now the official documentation file (renamed from skill.md).
- Metadata for bash-based installation has been removed; Homebrew installation remains available.
v0.1.2
- Updated description to clearly emphasize GitHub App authentication for AI agents and automations.
- Clarified that all GitHub actions are attributed to the bot's own identity, not a personal account.
- No changes to commands, features, or setup instructions.
v0.1.0
Initial release of ghapp — secure GitHub App authentication for bots, enabling seamless git and gh CLI usage without user accounts.
- Authenticate bots/apps via GitHub App, not user accounts.
- Interactive and non-interactive setup supported.
- Offers transparent integration with git and gh commands (with multiple authentication modes).
- Tokens auto-cached and managed; no manual tokens needed for bots.
- Commits are attributed to the bot (app) account.
- Supports local and keyring storage of private keys.
- Easy installation via Homebrew or bash script.
元数据
常见问题
Github App Authentication 是什么?
Give your AI agents and automations their own GitHub (App) identity. Authenticate using GitHub Apps so every commit, PR, and action is attributed to the bot... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 569 次。
如何安装 Github App Authentication?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ghapp」即可一键安装,无需额外配置。
Github App Authentication 是免费的吗?
是的,Github App Authentication 完全免费(开源免费),可自由下载、安装和使用。
Github App Authentication 支持哪些平台?
Github App Authentication 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Github App Authentication?
由 Ross Morsali(@rmorse)开发并维护,当前版本 v0.1.5。
推荐 Skills