Back to skill

Security audit

GitLab

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed GitLab integration skill that uses ClawLink OAuth and tells the agent to confirm state-changing actions before running them.

Before installing, understand that this skill can act on GitLab using your connected account through ClawLink, including creating or updating issues, branches, groups, members, pipelines, and potentially deleting or archiving projects. Only approve write previews that match your intent, and treat project archive/delete and member or pipeline actions as high-impact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Intent-Code Divergence

Low
Confidence
92% confidence
Finding
The tool table labels `gitlab_archive_project` as '(read-only)' while also marking it as a write operation, which is contradictory and can mislead an agent or user into underestimating the effect of the action. In this skill, archiving a project changes project state and can disrupt normal development workflows, so misclassification weakens the confirmation and safety model described elsewhere in the document.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.