Back to skill

Security audit

Gitlab Manager

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward GitLab API helper that uses a user-provided token for expected GitLab repository, merge request, issue, and comment actions.

Install only if you intend to let the skill act on GitLab with your token. Use the narrowest GitLab token scopes possible, avoid using it on sensitive private projects unless authorized, and review any mutating action before it runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation exposes capabilities that require environment access and network communication, but it does not declare corresponding permissions or clearly scope those capabilities. This can mislead users and reviewers about the trust boundary of the skill, especially because it sends authenticated requests to GitLab using a token from the environment.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation describes operations on repositories, merge requests, issues, and comments via the GitLab API, but it does not warn users that this content will be transmitted to a third-party service. Users may unknowingly send sensitive source code, issue details, or internal project metadata off-platform, creating confidentiality and compliance risk.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/gitlab_api.js:7