accessing-github-repos
GitHub repository access in containerized environments using REST API and credential detection. Use when git clone fails, or when accessing private repos/writing files via API.
git clone --depth 1 https://github.com/oaustegard/claude-skills /tmp/accessing-github-repos && cp -r /tmp/accessing-github-repos/accessing-github-repos ~/.claude/skills/accessing-github-reposSKILL.md
# Accessing GitHub Repositories
Git clone is blocked in containerized AI environments (egress proxy rejects CONNECT tunnel), but full repository access is available via GitHub REST API and raw file URLs.
## Quick Start
### Public Repos (no setup needed)
```bash
# Individual file via raw URL
curl -sL "https://raw.githubusercontent.com/OWNER/REPO/BRANCH/path/file"
# Directory tree via API
curl -sL "https://api.github.com/repos/OWNER/REPO/git/trees/BRANCH?recursive=1"
```
### Private Repos or Write Access
Requires GitHub Personal Access Token (PAT). See Setup section below.
## Setup
### Credential Configuration
The skill automatically detects PATs from environment variables or project files:
**Environment Variables** (checked in order):
- `GITHUB_PAT`
- `GH_PAT`
- `GITHUB_TOKEN`
- `GH_TOKEN`
**Project Files** (Claude.ai):
- `/mnt/project/.env`
- `/mnt/project/github.env`
Format:
```bash
GITHUB_PAT=github_pat_11AAAAAA...
```
### Creating a GitHub PAT
1. GitHub → Settings → Developer settings → Fine-grained tokens
2. Create token scoped to needed repositories
3. Set permissions:
- **Contents: Read** - for private repo access
- **Contents: Write** - for pushing files
- **Issues: Write** - for issue management
- **Pull requests: Write** - for creating PRs
### Network Access (Claude.ai Projects)
Add to network allowlist:
- `api.github.com`
- `raw.githubusercontent.com`
## Capabilities by Auth Level
| Capability | No PAT (public only) | PAT (read) | PAT (write) |
|------------|---------------------|------------|-------------|
| Fetch public files | ✅ | ✅ | ✅ |
| Fetch private files | ❌ | ✅ | ✅ |
| Download tarball | ✅ public | ✅ | ✅ |
| Create/update files | ❌ | ❌ | ✅ |
| Create branches | ❌ | ❌ | ✅ |
| Manage issues | ❌ | ❌ | ✅ |
| Create PRs | ❌ | ❌ | ✅ |
## Python Helper Functions
### Credential Detection
```python
import os
def get_github_auth():
"""Returns (token, source) or (None, None)"""
# Check environment variables
for var in ['GITHUB_PAT', 'GH_PAT', 'GITHUB_TOKEN', 'GH_TOKEN']:
if token := os.environ.get(var):
return token, var
# Check project .env files
env_paths = ['/mnt/project/.env', '/mnt/project/github.env']
for path in env_paths:
try:
with open(path) as f:
for line in f:
if '=' in line and not line.startswith('#'):
key, val = line.strip().split('=', 1)
if key in ['GITHUB_PAT', 'GH_PAT', 'GITHUB_TOKEN']:
return val.strip(), f'{path}:{key}'
except FileNotFoundError:
continue
return None, None
```
### Fetch Single File
```python
import base64
import urllib.request
import json
def fetch_file(owner: str, repo: str, path: str, ref: str = 'main', token: str = None) -> str:
"""Fetch single file. Uses API if token provided, raw URL otherwise."""
if token:
# Use API (works for private repos)
url = f'https://api.github.com/repos/{owner}/{repo}/contents/{path}?ref={ref}'
req = urllib.request.Request(url, headers={
'Authorization': f'Bearer {token}',
'Accept': 'application/vnd.github+json'
})
with urllib.request.urlopen(req) as resp:
data = json.load(resp)
return base64.b64decode(data['content']).decode()
else:
# Use raw URL (public repos only)
url = f'https://raw.githubusercontent.com/{owner}/{repo}/{ref}/{path}'
with urllib.request.urlopen(url) as resp:
return resp.read().decode()
```
### Fetch Repository Tarball
```python
def fetch_repo_tarball(owner: str, repo: str, ref: str = 'main', token: str = None) -> bytes:
"""Download full repo as tarball. Requires token for private repos."""
url = f'https://api.github.com/repos/{owner}/{repo}/tarball/{ref}'
headers = {'Accept': 'application/vnd.github+json'}
if token:
headers['Authorization'] = f'Bearer {token}'
req = urllib.request.Request(url, headers=headers)
with urllib.request.urlopen(req) as resp:
return resp.read()
# Usage:
tarball = fetch_repo_tarball('owner', 'repo', 'main', token)
with open('/tmp/repo.tar.gz', 'wb') as f:
f.write(tarball)
# Extract: tar -xzf /tmp/repo.tar.gz
```
### Create or Update File
```python
def push_file(owner: str, repo: str, path: str, content: str,
message: str, token: str, sha: str = None) -> dict:
"""Create/update file via API. Returns commit info.
Args:
sha: Required when updating existing file (get via contents API)
"""
url = f'https://api.github.com/repos/{owner}/{repo}/contents/{path}'
payload = {
'message': message,
'content': base64.b64encode(content.encode()).decode()
}
if sha: # Update existing file
payload['sha'] = sha
req = urllib.request.Request(url,
data=json.dumps(payload).encode(),
headers={
'Authorization': f'Bearer {token}',
'Accept': 'application/vnd.github+json',
'Content-Type': 'application/json'
},
method='PUT')
with urllib.request.urlopen(req) as resp:
return json.load(resp)
```
### Get File SHA (for updates)
```python
def get_file_sha(owner: str, repo: str, path: str, token: str, ref: str = 'main') -> str:
"""Get file SHA needed for updates."""
url = f'https://api.github.com/repos/{owner}/{repo}/contents/{path}?ref={ref}'
req = urllib.request.Request(url, headers={
'Authorization': f'Bearer {token}',
'Accept': 'application/vnd.github+json'
})
with urllib.request.urlopen(req) as resp:
data = json.load(resp)
return data['sha']
```
## Bash Examples
### Fetch Public File
```bash
curl -sL "https://raw.githubusercontent.com/owner/repo/main/path/file.py"
```
### Fetch Private File (with PAT)
```bash
curl -H "Authorization: Bearer $GITHUB_PAT" \
-H "AccepSecurely manages API credentials for multiple providers (Anthropic Claude, Google Gemini, GitHub). Use when skills need to access stored API keys for external service invocations.
Guidance for asking clarifying questions when user requests are ambiguous, have multiple valid approaches, or require critical decisions. Use when implementation choices exist that could significantly affect outcomes.
>-
>-
Browse Bluesky content via API and firehose - search posts, fetch user activity, sample trending topics, read feeds and lists, analyze and categorize accounts. Supports authenticated access for personalized feeds. Use for Bluesky research, user monitoring, trend analysis, feed reading, firehose sampling, account categorization.
Generate progressive disclosure indexes for GitHub repositories to use as Claude project knowledge. Use when setting up projects referencing external documentation, creating searchable indexes of technical blogs or knowledge bases, combining multiple repos into one index, or when user mentions "index", "github repo", "project knowledge", or "documentation reference".
Analyze and categorize Bluesky accounts by topic using keyword extraction. Use when users mention Bluesky account analysis, following/follower lists, topic discovery, account curation, or network analysis.
Cross-context adversarial review for deliverables before shipping. Use when producing blog posts, technical recommendations, analysis briefs, code, or any artifact where accuracy matters more than speed. Triggers on "challenge this", "review before shipping", "adversarial pass", "stress test this".