Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From github-skills
Set up GitHub authentication for the agent using git (universally available) or the gh CLI. Covers HTTPS tokens, SSH keys, credential helpers, and gh auth — with a detection flow to pick the right method automatically.
npx claudepluginhub rnben/hermes-skills --plugin github-skillsHow this skill is triggered — by the user, by Claude, or both
Slash command
/github-skills:github-authThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill sets up authentication so the agent can work with GitHub repositories, PRs, issues, and CI. It covers two paths:
Guides technical evaluation of code review feedback: read fully, restate for understanding, verify against codebase, respond with reasoning or pushback before implementing.
Share bugs, ideas, or general feedback.
This skill sets up authentication so the agent can work with GitHub repositories, PRs, issues, and CI. It covers two paths:
git (always available) — uses HTTPS personal access tokens or SSH keysgh CLI (if installed) — richer GitHub API access with a simpler auth flowWhen a user asks you to work with GitHub, run this check first:
# Check what's available
git --version
gh --version 2>/dev/null || echo "gh not installed"
# Check if already authenticated
gh auth status 2>/dev/null || echo "gh not authenticated"
git config --global credential.helper 2>/dev/null || echo "no git credential helper"
Decision tree:
gh auth status shows authenticated → you're good, use gh for everythinggh is installed but not authenticated → use "gh auth" method belowgh is not installed → use "git-only" method below (no sudo needed)This works on any machine with git installed. No root access needed.
This is the most portable method — works everywhere, no SSH config needed.
Step 1: Create a personal access token
Tell the user to go to: https://github.com/settings/tokens
repo (full repository access — read, write, push, PRs)workflow (trigger and manage GitHub Actions)read:org (if working with organization repos)Step 2: Configure git to store the token
# Set up the credential helper to cache credentials
# "store" saves to ~/.git-credentials in plaintext (simple, persistent)
git config --global credential.helper store
# Now do a test operation that triggers auth — git will prompt for credentials
# Username: <their-github-username>
# Password: <paste the personal access token, NOT their GitHub password>
git ls-remote https://github.com/<their-username>/<any-repo>.git
After entering credentials once, they're saved and reused for all future operations.
Alternative: cache helper (credentials expire from memory)
# Cache in memory for 8 hours (28800 seconds) instead of saving to disk
git config --global credential.helper 'cache --timeout=28800'
Alternative: set the token directly in the remote URL (per-repo)
# Embed token in the remote URL (avoids credential prompts entirely)
git remote set-url origin https://<username>:<token>@github.com/<owner>/<repo>.git
Step 3: Configure git identity
# Required for commits — set name and email
git config --global user.name "Their Name"
git config --global user.email "their-email@example.com"
Step 4: Verify
# Test push access (this should work without any prompts now)
git ls-remote https://github.com/<their-username>/<any-repo>.git
# Verify identity
git config --global user.name
git config --global user.email
Good for users who prefer SSH or already have keys set up.
Step 1: Check for existing SSH keys
ls -la ~/.ssh/id_*.pub 2>/dev/null || echo "No SSH keys found"
Step 2: Generate a key if needed
# Generate an ed25519 key (modern, secure, fast)
ssh-keygen -t ed25519 -C "their-email@example.com" -f ~/.ssh/id_ed25519 -N ""
# Display the public key for them to add to GitHub
cat ~/.ssh/id_ed25519.pub
Tell the user to add the public key at: https://github.com/settings/keys
Step 3: Test the connection
ssh -T git@github.com
# Expected: "Hi <username>! You've successfully authenticated..."
Step 4: Configure git to use SSH for GitHub
# Rewrite HTTPS GitHub URLs to SSH automatically
git config --global url."git@github.com:".insteadOf "https://github.com/"
Step 5: Configure git identity
git config --global user.name "Their Name"
git config --global user.email "their-email@example.com"
If gh is installed, it handles both API access and git credentials in one step.
gh auth login
# Select: GitHub.com
# Select: HTTPS
# Authenticate via browser
echo "<THEIR_TOKEN>" | gh auth login --with-token
# Set up git credentials through gh
gh auth setup-git
gh auth status
When gh is not available, you can still access the full GitHub API using curl with a personal access token. This is how the other GitHub skills implement their fallbacks.
# Option 1: Export as env var (preferred — keeps it out of commands)
export GITHUB_TOKEN="<token>"
# Then use in curl calls:
curl -s -H "Authorization: token $GITHUB_TOKEN" \
https://api.github.com/user
If git credentials are already configured (via credential.helper store), the token can be extracted:
# Read from git credential store
grep "github.com" ~/.git-credentials 2>/dev/null | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|'
Use this pattern at the start of any GitHub workflow:
# Try gh first, fall back to git + curl
if command -v gh &>/dev/null && gh auth status &>/dev/null; then
echo "AUTH_METHOD=gh"
elif [ -n "$GITHUB_TOKEN" ]; then
echo "AUTH_METHOD=curl"
elif [ -f ~/.hermes/.env ] && grep -q "^GITHUB_TOKEN=" ~/.hermes/.env; then
export GITHUB_TOKEN=$(grep "^GITHUB_TOKEN=" ~/.hermes/.env | head -1 | cut -d= -f2 | tr -d '\n\r')
echo "AUTH_METHOD=curl"
elif grep -q "github.com" ~/.git-credentials 2>/dev/null; then
export GITHUB_TOKEN=$(grep "github.com" ~/.git-credentials | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|')
echo "AUTH_METHOD=curl"
else
echo "AUTH_METHOD=none"
echo "Need to set up authentication first"
fi
| Problem | Solution |
|---|---|
git push asks for password | GitHub disabled password auth. Use a personal access token as the password, or switch to SSH |
remote: Permission to X denied | Token may lack repo scope — regenerate with correct scopes |
fatal: Authentication failed | Cached credentials may be stale — run git credential reject then re-authenticate |
ssh: connect to host github.com port 22: Connection refused | Try SSH over HTTPS port: add Host github.com with Port 443 and Hostname ssh.github.com to ~/.ssh/config |
| Credentials not persisting | Check git config --global credential.helper — must be store or cache |
| Multiple GitHub accounts | Use SSH with different keys per host alias in ~/.ssh/config, or per-repo credential URLs |
gh: command not found + no sudo | Use git-only Method 1 above — no installation needed |