← 返回 Skills 市场
dannyshmueli

GitHub Token

作者 Danny Shmueli · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1699
总下载
1
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install github-token
功能描述
Interact with GitHub using Personal Access Tokens. Secure, user-controlled access - no OAuth, no full account access. Clone, push, branch, PR, issues. Use when user wants to work with GitHub repos.
使用说明 (SKILL.md)

GitHub PAT

Interact with GitHub using Personal Access Tokens. User controls access via PAT scopes.

Setup

User provides their PAT:

1. Create PAT at github.com/settings/tokens
2. Select scopes (repo for full, public_repo for public only)
3. Provide token to agent

Store in TOOLS.md or pass via --token.

Commands

# List repos you have access to
python3 scripts/gh.py repos [--token TOKEN]

# Clone a repo
python3 scripts/gh.py clone owner/repo [--token TOKEN]

# Create branch
python3 scripts/gh.py branch \x3Cbranch-name> [--repo owner/repo]

# Commit and push
python3 scripts/gh.py push "\x3Cmessage>" [--branch branch] [--repo owner/repo]

# Open a pull request
python3 scripts/gh.py pr "\x3Ctitle>" [--body "description"] [--base main] [--head branch]

# Create an issue
python3 scripts/gh.py issue "\x3Ctitle>" [--body "description"] [--repo owner/repo]

# View repo info
python3 scripts/gh.py info owner/repo

Security Model

  • User controls access via PAT scopes
  • No OAuth - no "allow full access" prompts
  • Least privilege - user creates PAT with minimal needed scopes
  • Fine-grained PATs supported for specific repo access

Token Storage

Agent stores token in TOOLS.md under ### GitHub section. Never expose in logs or messages.

安全使用建议
This skill appears to implement the described GitHub PAT operations, but take these precautions before installing or using it: (1) do not paste your PAT into chat; prefer setting GITHUB_TOKEN in a secure environment (not a shared TOOLS.md). (2) Avoid passing PAT via --token on the command line (it can appear in process lists). (3) Review and consider modifying scripts/gh.py to avoid embedding tokens into HTTPS remote URLs — embedding the token can cause it to be written into .git/config and persist on disk. Use a git credential helper or the GitHub CLI (gh) or OAuth device flow instead if possible. (4) Update the skill metadata to declare that 'git' is required; lack of that declaration is an incoherence. (5) Inspect .git/config and your working directories after use to ensure no credentials were saved. If you don't accept these risks, do not install or run the skill; if you proceed, review and harden the token-handling code (e.g., use HTTP Authorization header for API calls only, use git credential helpers, avoid storing tokens in plain text).
功能分析
Type: OpenClaw Skill Name: github-token Version: 1.0.0 The OpenClaw skill 'github-token' is designed to interact with GitHub using Personal Access Tokens (PATs). The `SKILL.md` clearly outlines its purpose and commands, and includes an instruction for the agent to store the token securely in `TOOLS.md` and 'Never expose in logs or messages'. The `scripts/gh.py` implements standard GitHub API calls and Git CLI commands (`git clone`, `git push`, etc.) using the provided PAT. While PATs are sensitive and are injected into Git URLs for authentication in `cmd_clone` and `cmd_push`, this is a common and expected method for authenticating Git operations with PATs and is not indicative of malicious intent. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution beyond the stated purpose, persistence mechanisms, or prompt injection attempts against the agent. The skill's behavior is aligned with its stated purpose.
能力评估
Purpose & Capability
The name/description match the included code: the Python CLI uses a GitHub PAT to call the API and run git operations (clone, push, PRs, issues). However the registry metadata claims no required binaries while the script relies heavily on the git binary via subprocess calls — that is an inconsistency (the skill should declare 'git' as a required binary). Other than that, requested capabilities align with the stated purpose.
Instruction Scope
SKILL.md tells the agent to accept a PAT and to 'Store in TOOLS.md or pass via --token'. Storing tokens in a plain text TOOLS.md or passing tokens on the command line are insecure practices. The included script embeds PATs into HTTPS URLs for clone/push which can cause tokens to be written into .git/config or otherwise persist on disk. The instructions ask the agent to handle tokens but give unsafe storage guidance and do not warn about process-list exposure when using --token on the CLI. The SKILL.md's 'Never expose in logs' guidance is good but insufficient; the code's use of subprocess and URL injection can still lead to accidental exposure.
Install Mechanism
This is instruction-only with one script file; there is no install spec or remote downloads. That minimizes supply-chain risk — nothing is fetched from arbitrary URLs at install time.
Credentials
The skill declares no required env vars, and the code reads GITHUB_TOKEN from the environment (DEFAULT_TOKEN). That is reasonable. However SKILL.md's explicit instruction to save the token in TOOLS.md is disproportionate and insecure. Also the runtime behavior (embedding the token into HTTPS URLs or accepting it as a CLI arg) increases chances of exposure (saved in .git/config or visible in process lists). There are no unrelated credentials requested, so the scope of credentials is narrow, but the handling choices are risky.
Persistence & Privilege
always is false and the skill doesn't request persistent platform privileges. It does, however, encourage storing the token in a file the agent controls (TOOLS.md), which would be persistence of a secret under the agent's files — the skill itself does not change other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install github-token
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /github-token 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Secure GitHub via PAT
元数据
Slug github-token
版本 1.0.0
许可证
累计安装 2
当前安装数 2
历史版本数 1
常见问题

GitHub Token 是什么?

Interact with GitHub using Personal Access Tokens. Secure, user-controlled access - no OAuth, no full account access. Clone, push, branch, PR, issues. Use when user wants to work with GitHub repos. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1699 次。

如何安装 GitHub Token?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install github-token」即可一键安装,无需额外配置。

GitHub Token 是免费的吗?

是的,GitHub Token 完全免费(开源免费),可自由下载、安装和使用。

GitHub Token 支持哪些平台?

GitHub Token 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 GitHub Token?

由 Danny Shmueli(@dannyshmueli)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论