Bundled skills should prefer gh CLI over mcp__github__* tools when project instructions indicate that preference

Open 💬 0 comments Opened Jun 10, 2026 by tpolson

Summary

When a project's CLAUDE.md or user memory specifies that gh CLI should be used for GitHub operations (because the user's shell session is already authenticated), bundled skills like /code-review still reach for mcp__github__* MCP tools directly. This triggers an OAuth permission popup on every invocation even though gh is already fully authed.

Steps to reproduce

  1. Add a preference to CLAUDE.md or Claude memory: "use gh CLI for all GitHub operations, never mcp__github__* tools"
  2. Run /code-review on a PR
  3. Observe: mcp__github__get_pull_request_files (and related tools) still prompt for permission, ignoring the project-level instruction

Expected behavior

Bundled skills should check project-level tool preferences / CLAUDE.md instructions and route GitHub API calls through gh CLI via Bash when that preference is set, instead of hardcoding mcp__github__* tool calls.

Actual behavior

Skill ignores project instructions and calls mcp__github__* tools, triggering permission popups on every use.

Workaround

Auto-allow mcp__github__* in settings — but this sidesteps the underlying issue that bundled skills don't respect project-level tool preferences.

View original on GitHub ↗