The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs environment checks and status verifications using commands such as node --version, npx octocode-cli status, and npx octocode-cli skills list. It also guides the user through GitHub authentication using gh auth login.
[EXTERNAL_DOWNLOADS]: The installer uses npx to fetch and run octocode-cli and octocode-mcp@latest from the npm registry. It also facilitates the download of additional skills into local IDE-specific directories (e.g., ~/.cursor/skills/).
[REMOTE_CODE_EXECUTION]: The skill executes remote code from the npm registry via npx commands to perform installation and configuration tasks. This behavior is consistent with the primary purpose of an automated installer for developer tools.
[CREDENTIALS_UNSAFE]: The skill provides instructions for GitHub authentication, including using OAuth via the Octocode CLI or manually creating and pasting a Personal Access Token (PAT). It instructs the user to store these tokens in environment variables or local configuration files like ~/.octocode/credentials.json. No unauthorized data exfiltration patterns were detected.
[DATA_EXPOSURE]: To detect existing installations, the skill reads configuration files for numerous IDEs (including Cursor, Claude Desktop, Windsurf, Zed, and VS Code extensions) from standard user directories. This access is scoped to identifying and configuring MCP server entries.

octocode-install