>_SkillsHub

> gh-cli

Enforces authenticated gh CLI workflows over unauthenticated curl/WebFetch patterns. Use when working with GitHub URLs, API access, pull requests, or issues.

fetch
$curl "https://skillshub.wtf/trailofbits/skills/gh-cli?format=md"
SKILL.mdgh-cli

gh-cli

When to Use

  • Working with GitHub repositories, pull requests, issues, releases, or raw file URLs.
  • You need authenticated access to private repositories or higher API rate limits.
  • You are about to use curl, wget, or unauthenticated web fetches against GitHub.

When NOT to Use

  • The target is not GitHub.
  • Plain local git operations already solve the task.

Guidance

Prefer the authenticated gh CLI over raw HTTP fetches for GitHub content. In particular:

  • Prefer gh repo view, gh pr view, gh pr list, gh issue view, and gh api over unauthenticated curl or wget.
  • Prefer cloning a repository and reading files locally over fetching raw.githubusercontent.com blobs directly.
  • Avoid using GitHub API /contents/ endpoints as a substitute for cloning and reading repository files.

Examples:

gh repo view owner/repo
gh pr view 123 --repo owner/repo
gh api repos/owner/repo/pulls

For the original Claude plugin implementation, see:

  • plugins/gh-cli/README.md
  • plugins/gh-cli/hooks/

> related_skills --same-repo

> zeroize-audit

Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.

> yara-rule-authoring

Guides authoring of high-quality YARA-X detection rules for malware identification. Use when writing, reviewing, or optimizing YARA rules. Covers naming conventions, string selection, performance optimization, migration from legacy YARA, and false positive reduction. Triggers on: YARA, YARA-X, malware detection, threat hunting, IOC, signature, crx module, dex module.

> designing-workflow-skills

Guides the design and structuring of workflow-based Claude Code skills with multi-step phases, decision trees, subagent delegation, and progressive disclosure. Use when creating skills that involve sequential pipelines, routing patterns, safety gates, task tracking, phased execution, or any multi-step workflow. Also applies when reviewing or refactoring existing workflow skills for quality.

> variant-analysis

Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue.

┌ stats

installs/wk0
░░░░░░░░░░
github stars3.6K
██████████
first seenMar 17, 2026
└────────────

┌ repo

trailofbits/skills
by trailofbits
└────────────

┌ tags

#backend#security#typescript#agent
└────────────