> gh-cli
Enforces authenticated gh CLI workflows over unauthenticated curl/WebFetch patterns. Use when working with GitHub URLs, API access, pull requests, or issues.
curl "https://skillshub.wtf/trailofbits/skills/gh-cli?format=md"gh-cli
When to Use
- Working with GitHub repositories, pull requests, issues, releases, or raw file URLs.
- You need authenticated access to private repositories or higher API rate limits.
- You are about to use
curl,wget, or unauthenticated web fetches against GitHub.
When NOT to Use
- The target is not GitHub.
- Plain local git operations already solve the task.
Guidance
Prefer the authenticated gh CLI over raw HTTP fetches for GitHub content. In particular:
- Prefer
gh repo view,gh pr view,gh pr list,gh issue view, andgh apiover unauthenticatedcurlorwget. - Prefer cloning a repository and reading files locally over fetching
raw.githubusercontent.comblobs directly. - Avoid using GitHub API
/contents/endpoints as a substitute for cloning and reading repository files.
Examples:
gh repo view owner/repo
gh pr view 123 --repo owner/repo
gh api repos/owner/repo/pulls
For the original Claude plugin implementation, see:
plugins/gh-cli/README.mdplugins/gh-cli/hooks/
> related_skills --same-repo
> wycheproof
Wycheproof provides test vectors for validating cryptographic implementations. Use when testing crypto code for known attacks and edge cases.
> ossfuzz
OSS-Fuzz provides free continuous fuzzing for open source projects. Use when setting up continuous fuzzing infrastructure or enrolling projects.
> libafl
LibAFL is a modular fuzzing library for building custom fuzzers. Use for advanced fuzzing needs, custom mutators, or non-standard fuzzing targets.
> harness-writing
Techniques for writing effective fuzzing harnesses across languages. Use when creating new fuzz targets or improving existing harness code.