القائمة
Download images from private GitHub issues and PRs using authenticated signed URLs.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
| name | github-images |
| description | Download images from private GitHub issues and PRs using authenticated signed URLs. |
Download image attachments from GitHub issues and pull requests, including private repos that require authentication.
# From a full GitHub URL
ghimg https://github.com/owner/repo/issues/39
# From a PR URL
ghimg https://github.com/owner/repo/pull/42
# Using owner/repo and number separately
ghimg owner/repo 39
# Custom output directory
ghimg owner/repo 39 -o ./screenshots
# Print signed URLs only (pipe-friendly)
ghimg owner/repo 39 --urls-only
Default output: /tmp/ghimg/<owner>/<repo>/<number>/
After downloading, use Read to view the images (Claude Code supports image files).
If ghimg is unavailable, use gh api directly:
# Fetch body_html with signed image URLs (valid ~5 min)
gh api repos/owner/repo/issues/39 \
-H "Accept: application/vnd.github.full+json" \
--jq '.body_html'
# Fetch comment images too
gh api repos/owner/repo/issues/39/comments \
-H "Accept: application/vnd.github.full+json" \
--paginate --jq '.[].body_html'
# Download a signed URL
curl -sL -o image.png "https://private-user-images.githubusercontent.com/..."
The key insight: application/vnd.github.full+json returns body_html containing JWT-signed URLs for private image attachments. These URLs expire after ~5 minutes.
Safely review, sync, and locally update forked tmux plugins. Use whenever the user mentions tmux-upstream, tmux plugin forks, `prefix + U`, a `connorads/<plugin>` fork being commits behind upstream, asks whether a tmux plugin update is dodgy/compromised/safe, or asks to sync/update a forked tmux plugin. Default to review-only and ask before syncing unless the user explicitly requested automatic safe sync.
Catalogue of preferred linter rules, TypeScript flags, clippy thresholds, and architectural boundary checks for making bug classes and design drift mechanically impossible. Use when setting up linting in a new project, hardening an existing project, responding to a class of bug by encoding a rule, or deciding which linter to reach for on a given stack. Pairs with the `hk` skill which handles wiring hooks.
Design and write effective tests for behavioural changes, bug fixes, and refactors. Use when choosing a test layer, practising TDD, picking doubles/fakes, reducing brittle or flaky tests, refactoring safely, or applying property-based, snapshot/approval, differential/metamorphic, or contract testing. For coverage, thresholds, mutation testing, fuzzing, and CI/hook enforcement, use the test-coverage skill.
Create, update, validate, and submit Homebrew formulae (homebrew-core, built from source). Use when the user mentions a Homebrew formula, Homebrew/homebrew-core, adding/updating a formula, brew create, building from source, a build system in a brew context (cargo/rust, go, cmake, meson, autotools/configure, make, python virtualenv, node/npm, ruby gem), resource blocks, depends_on/keg_only/uses_from_macos, the mandatory test do block, bottles, livecheck, brew bump-formula-pr, or when asked to run brew audit --new / brew test / brew style for a formula. For macOS GUI apps and prebuilt binaries use the homebrew-cask-authoring skill instead.
Systematically audit, improve, and enforce test coverage, and gate test quality in CI — across any ecosystem (TypeScript, Python, Go, Rust). Use to raise coverage, set thresholds, audit gaps, manage exclusions, merge reports, wire coverage into CI/hooks, or add mutation testing and fuzzing as quality gates. Composes with the hk skill for pre-commit enforcement. For how to design and write good tests — property-based, snapshot/approval, differential, contract, flaky-test handling — use the testing skill.
Safely refresh the vendored third-party agent skills in this dotfiles repo. Use whenever the user wants to update, refresh, upgrade, or re-pull vendored skills (`skills update`), or asks to check whether a skill refresh is safe / dodgy / compromised before committing. `skills update` is an unauthenticated git clone with no quarantine, no signature, and no scan — and skill files are instructions injected into every agent session — so this skill gates each refresh by reading the diff and only auto-commits trusted-source, clean-diff updates.