gitlab-code-reviewer
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly aligned with GitLab code review, but it can post MR comments without a clear confirmation step and may send your GitLab token to the host contained in a supplied MR URL.
Use this only with a dedicated, least-privileged GitLab token. Before running it, verify that MR URLs are on the exact GitLab host you trust, and do not allow it to post comments unless you have reviewed and approved the exact comments.
VirusTotal
62/62 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your GitLab personal access token could be exposed to a server named in an MR URL if that URL is not the intended GitLab host.
The GitLab token is loaded from the local credential file, but API requests use the host parsed from the user-supplied MR URL rather than validating it against the configured credential host. A crafted or mistaken MR URL could cause the token to be sent to an unintended host.
creds = load_credentials() host, project, iid = parse_mr_url(mr_url) ... data = api_get(host, creds["token"], ...) ... result = api_post(host, creds["token"], ...)
Validate that the MR URL host exactly matches the configured credential host, or require separate per-host credentials and refuse mismatches before making any API request.
The agent could post review comments to a real merge request based on its own generated findings, which may affect teammates or project workflow.
Posting comments is described as a normal workflow step once write scope is available. The artifact does not clearly require a separate user confirmation or an explicit 'post these comments' request before mutating the MR.
### 6. Post inline comments to GitLab Only execute this step if `check-token` (step 1) returned `"can_write": true`. ... python scripts/post_comments.py <mr_url> /tmp/mr_comments.json
Default to chat-only review, show the exact comments to be posted, and require explicit user approval before running the posting script.
Installing and using the skill may require storing a GitLab token with read or write access to projects the token can reach.
The skill explicitly uses a GitLab personal access token, including the broad 'api' scope for posting. This is purpose-aligned for GitLab review, but users should notice the required account authority.
Credentials: `~/.openclaw/credentials/gitlab.json` ... Required API scopes: - `api` — required for posting inline comments - `read_api` — sufficient for analysis only
Use the least-privileged token possible, prefer read_api for analysis-only reviews, and create a dedicated token limited to the intended GitLab host and projects.