From release
Create, authenticate, and manage GitHub Apps. Use for: creating apps via manifest flow, generating JWTs, getting installation tokens, managing webhooks and installations, rotating keys. Triggers on: "create github app", "github app", "manage github app", "github app JWT", "github installation token", "github app manifest", "github webhook deliveries", "register github app", "gh app".
npx claudepluginhub fairchild/dotclaude --plugin skill-creatorThis skill uses the workspace's default tool permissions.
Script: `scripts/gh-apps.py`
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
Script: scripts/gh-apps.py
| Command | Description |
|---|---|
create NAME | Create a GitHub App via manifest flow (opens browser) |
list | List locally-registered apps |
info | Show app info from GitHub API |
setup | Validate stored credentials and test API access |
jwt | Generate and print a JWT (10-min expiry) |
token | Get an installation access token |
installations | List app installations |
repos | List accessible repos for an installation |
webhook-config | Show webhook configuration |
webhook-update | Update webhook URL/secret |
deliveries | List recent webhook deliveries |
redeliver ID | Redeliver a failed webhook |
rotate-key | Guide through private key rotation (web UI) |
permissions | Guide through permission changes (web UI) |
delete | Guide through app deletion (web UI) |
Global flag: --app SLUG selects which app (auto-detected if only one exists).
~/.config/gh-apps/<slug>/
app-id # GitHub App ID
app.pem # Private key (chmod 600)
client-id # OAuth client ID
client-secret # OAuth client secret
webhook-secret # Auto-generated webhook secret
Env var overrides: GH_APPS_APP_ID, GH_APPS_PRIVATE_KEY_PATH, GH_APPS_SLUG.
# Interactive browser flow — creates app and saves credentials automatically
scripts/gh-apps.py create my-bot --permissions issues:write,metadata:read --events issues,issue_comment
# Manual mode (no browser / headless)
scripts/gh-apps.py create my-bot --no-browser --permissions issues:write
# Create under an organization
scripts/gh-apps.py create org-bot --org my-org --permissions contents:read
# Verify credentials
scripts/gh-apps.py setup
# Generate JWT for API calls
scripts/gh-apps.py jwt
# Get installation token (for repo-scoped operations)
scripts/gh-apps.py token
scripts/gh-apps.py webhook-config
scripts/gh-apps.py deliveries --limit 20
scripts/gh-apps.py redeliver 12345678
These operations have no API — the script prints the URL and instructions:
rotate-key — generate new key in web UI, save PEM locallypermissions — modify in web UI, installations must re-approvedelete — confirm in web UI, then remove local credentialsreferences/manifest-schema.mdreferences/api-endpoints.mdreferences/permissions-guide.md