Sending Claude Code on a Daily GitHub Patrol — Auto-Scoring Useful OSS and Skills A developer built github-scout.sh, a script that runs daily to patrol GitHub, auto-score useful open-source software and Claude Code skills, and inject findings into a morning brief. The script separates crawling (free) from scoring (paid Claude API) to keep costs fixed, mechanically judges skill safety by file layout, and retries failed scoring the next day. It searches across three lanes—Claude Code skills, personal OSS needs, and trending repos—and outputs only to the tooling directory without touching protected areas. I kept meaning to browse GitHub for good tooling, but "whenever I felt like it" never turned into a habit. In the previous post, " Letting Claude Code Autonomously Improve Itself Unattended https://zenn.dev/bokuwalily/articles/claude-autopilot ," I built the skeleton of a morning brief. This time I'll write about github-scout.sh , which piggybacks on that brief-generation job: every morning it patrols GitHub, auto-scores useful OSS and skills, and injects only the items that need attention into the brief on my desktop. There are three design points. First, separate crawling gh , free from scoring claude -p , MAX plan quota so cost stays fixed. Second, mechanically judge a skill's safety by its file layout and route it into either auto-enablement or a review-required quarantine. Third, when scoring fails, don't stamp the seen ledger — leave it for the next morning's automatic retry. Some Claude Code skills are community-made and scattered across GitHub. The same goes for reference OSS for job-hunt trackers or Chrome extensions. But "manually searching when the mood strikes" isn't reproducible. I'd hit the same popular repos every time, and forget last week's discovery by the following week. I can't count how much waste came from missing a useful skill and rewriting the same thing myself. The mechanism for a morning brief already exists. Automatically injecting GitHub discoveries into it was the shortest path to a fix. It's written right there in the script's header comment. php CRAWL gh=無料 - DEDUP shell - ENRICH gh contents - SCORE+ROUTE+INGEST claude -p=MAX枠 - LEDGER Cost is incurred only in the scoring phase. By capping the number of candidates, I fix the token consumption of scoring. MAX CANDIDATES=30 claude へ渡す上位件数(コスト固定化) MAX ENRICH=8 SKILL.md 中身を取りに行く skill 候補の上限 TIMEOUT SEC=600 The output destination is only under ~/.claude/ . It never writes directly into the Vault an iCloud-synced, TCC-protected area . This follows the same "only touch my own tooling directory outside protected areas" design principle as autopilot, and it's spelled out in the script's comments too. 出力: - ブリーフ差し込み用: ~/.claude/logs/github-scout-latest.md - 安全スキル md のみ/read系権限 : ~/.claude/skills/auto/