GitLab MR Code Review
WarnAudited by ClawScan on May 18, 2026.
Overview
This is a coherent GitLab MR reviewer, but it would run in the background using your GitLab token to comment on all visible open merge requests, and repo-controlled prompt files can influence it.
Before installing, use a dedicated low-privilege GitLab bot token limited to the intended projects, restrict the cron workflow to an allowlist, and consider disabling source-branch custom prompt files. Monitor the cron job and GitLab comments closely, and only use it on repositories where AI processing of code diffs is acceptable.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill could post unwanted, incorrect, or overly broad review comments across every project the token can access.
The worker is told to automatically enumerate open MRs and post GitLab comments/notes without per-action approval or an explicit project allowlist.
1. Run: node {baseDir}/scripts/gitlab-api.js list-mrs — get all open MRs ... For each unreviewed MR: ... post-comment ... post-note ... 5. Do not ask for permission — execute directly.Restrict the worker to explicit projects, add a dry-run or approval option for posting, use rate limits/logging, and avoid broad default processing of all visible MRs.
An MR author could modify the custom prompt file to steer the autonomous reviewer’s conclusions, comments, or tool use.
The worker fetches a prompt/rules file from the MR source branch and the artifacts do not say to treat that content as untrusted or prevent it from overriding reviewer behavior.
c. Check for custom rules: node {baseDir}/scripts/gitlab-api.js get-file <project_id> <source_branch> .gitlab-review-prompt.mdLoad review rules only from a trusted protected branch or admin-controlled location, and explicitly treat repository content as untrusted data that cannot override system instructions or tool permissions.
A broadly scoped personal token could let the worker read code diffs and post comments under that identity across many projects.
The helper uses the supplied GitLab token for API access and the default MR listing spans all MRs visible to that credential.
const headers = { "PRIVATE-TOKEN": GITLAB_TOKEN, "Content-Type": "application/json" }; ... "/merge_requests?state=opened&scope=all&order_by=created_at&sort=asc&per_page=100"Use a dedicated bot token with minimal scopes and access only to intended projects; protect the .env file and rotate the token if exposed.
Repository changes may be processed by the AI reviewer and reflected in generated GitLab comments.
MR diffs are intentionally loaded into the AI review context. This is core to the skill, but those diffs may contain proprietary code or secrets.
Cron (*/2 * * * *) → gitlab-api.js list-mrs → skip reviewed → fetch diff → AI review → post comments/note
Use only on repositories where AI review is allowed, and add policies to avoid exposing secrets or sensitive code details in comments.
The reviewer can keep running and posting every two minutes after initial setup.
The setup creates a recurring background worker. This persistence is disclosed and purpose-aligned, but it continues until disabled and may not deliver local notifications.
openclaw cron add ... --cron "*/2 * * * *" ... --session "isolated" ... --no-deliver
Install it only if ongoing automation is intended; monitor with openclaw cron list and disable or remove the cron job when no longer needed.