# Add to your Claude Code skills
git clone https://github.com/github/gh-awLast scanned: 4/20/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-04-20T06:14:47.951Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}gh-aw is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by github. GitHub Agentic Workflows. It has 4,747 GitHub stars.
Yes. gh-aw passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/github/gh-aw" and add it to your Claude Code skills directory (see the Installation section above). gh-aw ships a SKILL.md manifest, so compatible agents can discover and load it automatically.
gh-aw is primarily written in Go. It is open-source under github on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh gh-aw against similar tools.
No comments yet. Be the first to share your thoughts!
This repository builds gh-aw (GitHub Agentic Workflows), a GitHub CLI extension for writing workflows in markdown and compiling them to GitHub Actions.
.md) into compiled lock files (.lock.yml)copilot, claude, codex, custom)engine in frontmatter to control runtime agent behavior# Compile markdown workflows to lock files
gh aw compile
# Run a workflow manually
gh aw run .github/workflows/daily-skill-optimizer.md
# Inspect MCP server usage in workflows
gh aw mcp list
gh aw mcp inspect daily-skill-optimizer
# Audit a workflow run
gh aw audit 24814681146
/AGENTS.md for development/agent workflow conventions/skills/*/SKILL.md for focused domain guidance (GitHub MCP, docs, errors, etc.)Hey agent! If this repository hasn't been configured with agentic workflows yet, here is how to set it up.
Install the gh aw CLI extension using the install script (no GitHub token required):
curl -sL https://raw.githubusercontent.com/github/gh-aw/main/install-gh-aw.sh | bash
Run the init command to configure the repository:
gh aw init
Add a daily repo status agentic workflow using the add command:
gh aw add --create-pull-request
The workflow should:
copilot engine with copilot-requests: write permissionWrite agentic workflows in natural language markdown, and run them in GitHub Actions.
[!NOTE] Releases 0.68.4 through 0.71.3 are being retired due to a bug that impacts billing. If you are running one of these versions, please upgrade to the latest release as soon as possible.
Ready to get your first agentic workflow running? Follow our step-by-step Quick Start Guide to install the extension, add a sample workflow, and see it in action.
Learn about the concepts behind agentic workflows, explore available workflow types, and understand how AI can automate your repository tasks. See How It Works. Supports GitHub Copilot, Claude (Anthropic), Codex (OpenAI), and Gemini (Google) — pick whichever AI account you already have.
Guardrails, safety and security are foundational to GitHub Agentic Workflows. Workflows run with read-only permissions by default, with write operations only allowed through sanitized safe-outputs. The system implements multiple layers of protection including sandboxed execution, input sanitization, network isolation, supply chain security (SHA-pinned dependencies), tool allow-listing, and compile-time validation. Access can be gated to team members only, with human approval gates for critical operations, ensuring AI agents operate safely within controlled boundaries. See the Security Architecture for comprehensive details on threat modeling, implementation guidelines, and best practices.
Using agentic workflows in your repository requires careful attention to security considerations and careful human supervision, and even then things can still go wrong. Use it with caution, and at your own risk.
For complete documentation, examples, and guides, see the Documentation. If you are an agent, see llms.txt source and llms-full.txt source.
If you are running a version between 0.68.4 and 0.71.3, upgrading is strongly recommended due to a bug that impacts billing.
For development setup and contribution guidelines, see CONTRIBUTING.md.
To build and test repository custom linters:
go test ./pkg/linters/<linter-name>/...go build ./cmd/lintersmake golint-custommake golint-custom builds cmd/linters and runs the custom analyzers against ./cmd/... and ./pkg/....
Community members whose issues were resolved — updated automatically.
@ahmadabdalla (1) @AkshatRaj00 (1) @alanpeabody (1) @alcastaneda (1) @AlexDeMichieli (1) @alondahari (9) @anthonymastreanvae (9) @aoxiangtianyu-go (1) @apenab (1) @app/github-actions (10) @arthurfvives (7) @Artur- (1) @askpaisa (1) @astefan (1) @b2pacific (1) @babaakihiro (1) @bartul (1) @bbonafed (10) @benissimo (6) @benvillalobos (1) @bmerkle (2) @boydj (2) @Bra1nFartz (1) @bryanchen-d (13) @Calidus (4) @CatsMiaow (1) @chrizbo (4) @CiscoRob (1) @cknight (2) @clementbolin (1) @cogni-ai-ee (2) @consulthys (3) @corygehr (17) @Daidanny008 (1) @Dan-Albrecht (1) @danielmeppiel (3) @danquirk (1) @darwin-gonzales (1) @DeagleGross (1) @devantler (2) @deyaaeldeen (2) @dfrysinger (2) @dgolombek (1) [@dholmes (2)](https://github.com/github/gh-aw/issues?q=is%3Aissue+is%3Aclosed+label%3Acommunity+auth