Security audit

gitlab-code-reviewer

Security checks across malware telemetry and agentic risk

Overview

This GitLab review skill is mostly purpose-aligned, but it can post public MR comments without a clear final confirmation and has under-scoped handling of GitLab tokens and temporary review files.

Install only if you are comfortable giving it a dedicated, least-privileged GitLab token. Before running it, verify the MR URL host matches the intended GitLab instance, review the exact comments before allowing them to be posted, and delete the temporary /tmp/mr_comments.json file if it is created.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs the agent to post inline comments back to GitLab, but it does not require a clear user confirmation immediately before taking that external write action. This creates a real risk of unintended third-party side effects, especially because review comments are visible to collaborators and may be posted based on an inferred rather than explicitly confirmed user intent.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal