gitlab-code-reviewer

The OpenClaw AgentSkills bundle is designed for GitLab MR code reviews. It reads necessary GitLab API credentials from `~/.openclaw/credentials/gitlab.json` and uses them to fetch MR data and post comments. The `SKILL.md` instructions explicitly guide the AI agent to perform token scope checks, restrict actions (e.g., no auto-approval, no labels), and use a dedicated script (`scripts/post_comments.py`) with a temporary JSON file for posting comments, specifically to avoid shell escaping issues with comment bodies. The Python scripts (`gitlab_client.py`, `ignore_matcher.py`, `post_comments.py`) use standard libraries, parse URLs with regex, and interact with the GitLab API without any evidence of data exfiltration, malicious execution (e.g., `eval`/`exec` of untrusted input), persistence mechanisms, or prompt injection attempts against the agent. The design includes safeguards and adheres to the stated purpose.