Dev ToolsFreev0.1.0
npx skills add lovstudio/gh-access-skilllovstudio:gh-access
Grant, revoke, and audit collaborator access on private GitHub repos โ by GitHub username or email address โ with read-only as the safe default.
Use when you want to share a private repo with a client or contractor without making the repo public.
Install
npx skills add lovstudio/gh-access-skill
Or clone directly:
git clone https://github.com/lovstudio/gh-access-skill \
~/.claude/skills/lovstudio-gh-access
Prerequisites
ghCLI authenticated (gh auth status)- Token scopes:
repo(always),admin:org(for org-owned repos) - You must be a repo admin (personal repo) or org owner / repo admin (org repo)
What it does
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Client input: โ alice โ
"give these โ bob@example.com โ
folks access" โ carol@startup.io โ
โ typo-user โ
โโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Resolve each identifier โ
โ โข username โ verify exists โ
โ โข email โ search by email โ
โ โ org invite fallbackโ
โโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Show resolution table, confirm โ
โโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ PUT /repos/{owner}/{repo}/collaborators โ
โ (permission=pull by default) โ
โโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโ
โผ
Invitation emails sent
Subcommands
| Mode | What it does |
|---|---|
| grant | Invite one or more people as collaborators with a chosen permission. |
| revoke | Remove collaborators (idempotent โ safe to re-run). |
| list | Show active collaborators + pending invitations for the repo. |
Permission levels
| Level | Effect | When to use |
|---|---|---|
pull (default) | Read code, clone, open/comment on issues and PRs | Clients, reviewers, most external access |
triage | pull + manage issues/PRs (label, close) | Trusted external collaborators |
push | Write to non-protected branches | Contractors actively contributing code |
maintain | push + manage repo settings (except destructive) | Senior contractors |
admin | Full control | Rare โ requires explicit confirmation |
The skill defaults to pull and requires an explicit request to escalate.
Usage examples
Invite one client by email (org repo)
User: ๆ acme/internal-dashboard ๅผ็ป client@acme.com๏ผๅช่ฏป
โ Skill resolves client@acme.com:
- If they have a GitHub account with that email โ invite by username
- If not โ send org invite by email (pending until they create / link account)
โ Permission: pull
Batch invite mixed list
User: ็ป่ฟๅ ไธชไบบๅผ lovstudio/handoff-bundle ็ๆ้:
alice
bob@startup.io
carol-github
โ Skill resolves all three, shows a table, asks to confirm,
then issues 3 PUT calls with permission=pull.
List who has access
User: ่ฐ็ฐๅจ่ฝ่ฎฟ้ฎ lovstudio/handoff-bundle?
โ Skill shows:
Active: alice (pull), carol-github (push)
Pending: bob@startup.io (pull, invited 2d ago)
Revoke
User: ๆ alice ไป lovstudio/handoff-bundle ่ธขๅบๅป
โ Skill confirms, then DELETEs the collaborator.
Resolution statuses
When processing a mixed list, each identifier ends up in one of these buckets:
| Status | Meaning | Action |
|---|---|---|
user_ok | Username verified on GitHub | Invite directly |
email_to_user | Email resolved to a public GitHub account | Invite that username |
email_invited | Email had no public account, org invite sent | Recipient accepts via email |
email_no_account | Email, no GitHub account, personal repo | Skip โ ask user for username |
user_not_found | Username doesn't exist (typo?) | Skip, report |
Safety defaults
- Read-only (
pull) unless explicitly overridden - Always show a resolution table before writing
- Ask to confirm before batch revokes
- Escalation to
admin/maintainrequires explicit secondary confirmation - Writes are sequential so partial failures are legible in the report
License
MIT
githubcollaboratoraccessinviteprivate-repopermissions