brew package intelligence

gh

Automic Vault tracks gh because trivially accessible secrets matters when AI agents run command-line tools on macOS.

Read docs Run scanner

overview

What Automic Vault knows about gh

GitHub command-line tool

Homepage

Not present in the local metadata.

Commands and aliases

No executable aliases were found in the local package database.

radioisotope

Trivially Accessible Secrets

`gh` stores its secrets in the Keychain but they can be trivially obtained: 1. `gh auth token` 2. `security find-generic-password -s 'gh:github.com' -w` Our isotope prevents anything but `gh` itself from accessing its secrets by gating `gh auth token` behind a Automic Vault human-approval prompt and gating attempts to use the macOS `security` tool behind a keychain approval prompt.

Local README excerpt

Automic Vault Fork Notes

This repository is the Automic Vault fork of GitHub CLI.

Automic Vault is a macOS-first secret and execution control system that keeps sensitive credentials behind explicit human approval in the Automic Vault GUI app instead of exposing them directly to terminal tools.

This fork currently adds the following behavior on top of upstream cli/cli:

Direct macOS Keychain access from the signed gh binary instead of

/usr/bin/security, so Keychain trust is attached to this app binary.

Human approval gating through the Automic Vault GUI daemon before commands

print stored tokens in plain text. This covers gh auth token, gh auth status --show-token, gh config get -h HOST oauth_token, and the hidden gh auth git-credential get helper.

A migration [subcommand] that the Automic Vault app uses when migrating

secrets from the factory-release to our isotope.

A hazard detector that reports insecure gh installs, including plaintext

hosts.yml tokens and Keychain ACLs that allow /usr/bin/security to read gh secrets.

Source: data/isotopes/gh-cli/README.md

Coverage source

https://github.com/automic-vault/gh-cli/releases/tag/v2.92.0

Caveats

No caveats were listed in the local manifest.

approval gates

Human review metadata for risky commands

The local approval-gate seed includes 8 rules for gh. Covered entrypoints: gh. Severity labels: critical, high.

Example gated actions

GitHub command-line tool
Print the active GitHub authentication token.
Create or refresh local GitHub authentication state.
Delete a GitHub repository.
Change repository settings, visibility, topics, or metadata.
Merge a pull request.
Create, upload to, edit, or delete GitHub releases.

install metadata

Resolver facts

Package key	brew:gh
Last updated	2026-05-21T14:58:05+02:00
Pulse	updated

source trail

Generated from repository data

This page is regenerated by scripts/generate-pkg-pages.py. Deployments refuse to publish if www/pkg/ is stale relative to local package data.

Used sources

Nucleus package database
approval-gate seed metadata
local isotope README
radioisotope security manifest