Gitlab Manager

Manage GitLab repositories, merge requests, and issues via API. Use for tasks like creating repos, reviewing code in MRs, or tracking issues.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 4 · 2.6k · 5 current installs · 5 all-time installs

by@jorgermp

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The name/description, SKILL.md, and the included script consistently implement GitLab API operations (create repo, list/comment MRs, create issues) calling https://gitlab.com/api/v4. However the registry metadata claims no required environment variables or primary credential while both SKILL.md and the script require GITLAB_TOKEN. That metadata omission is disproportionate and reduces transparency about needed credentials.

✓

Instruction Scope

SKILL.md limits runtime actions to running the provided Node script to talk to the GitLab API. The instructions do not ask the agent to read unrelated files or send data to endpoints other than GitLab. The runtime behavior is scoped to repository/MR/issue operations.

✓

Install Mechanism

There is no install spec (instruction-only) and the package only includes a short Node script. Nothing is downloaded or extracted from external/untrusted URLs.

Credentials

Requiring a GITLAB_TOKEN (PAT with 'api' scope) is appropriate for the declared functionality, but the registry metadata does not list this required env var or a primary credential. That mismatch is problematic because the platform may not prompt you to provide a token or treat it as a secret. Also, giving a PAT to an installed skill grants it direct API access to your projects — you should ensure the token is least-privilege, short-lived, and issued only if you trust the skill.

✓

Persistence & Privilege

always is false and there are no config paths or system-wide changes requested. The skill can be invoked autonomously (platform default) — normal for skills, but note that autonomous invocation plus a supplied PAT allows the skill to act on your GitLab resources without further prompts.

What to consider before installing

Before installing: (1) Ask the publisher/registry to update the metadata to declare GITLAB_TOKEN as a required credential so the platform can treat it as a secret. (2) Inspect the included script (it's short) and confirm it only talks to https://gitlab.com/api/v4 (no hidden endpoints). (3) If you proceed, create a dedicated GitLab Personal Access Token with the minimum scopes and expiration needed (avoid broad scopes), and store it in the platform's secret store rather than passing it on the command line. (4) Consider running the script locally or in an isolated environment first. (5) If you cannot verify the origin/trustworthiness of the skill (source is unknown), prefer not to grant a PAT to it.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk97226ff5y0wxc64xhpk76txm180az1n

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

GitLab Manager

This skill allows interaction with GitLab.com via the API.

Prerequisites

GITLAB_TOKEN: A Personal Access Token with api scope must be set in the environment.

Usage

Use the provided Node.js script to interact with GitLab.

Script Location

scripts/gitlab_api.js

Commands

1. Create Repository

Create a new project in GitLab.

./scripts/gitlab_api.js create_repo "<name>" "<description>" "<visibility>"
# Visibility: private (default), public, internal

2. List Merge Requests

List MRs for a specific project.

./scripts/gitlab_api.js list_mrs "<project_path>" "[state]"
# Project path: e.g., "jorgermp/my-repo" (will be URL encoded automatically)
# State: opened (default), closed, merged, all

3. Comment on Merge Request

Add a comment (note) to a specific MR. Useful for code review.

./scripts/gitlab_api.js comment_mr "<project_path>" <mr_iid> "<comment_body>"

4. Create Issue

Open a new issue.

./scripts/gitlab_api.js create_issue "<project_path>" "<title>" "<description>"

Examples

Create a private repo:

GITLAB_TOKEN=... ./scripts/gitlab_api.js create_repo "new-tool" "A cool new tool" "private"

Review an MR:

# First list to find ID
GITLAB_TOKEN=... ./scripts/gitlab_api.js list_mrs "jorgermp/my-tool" "opened"
# Then comment
GITLAB_TOKEN=... ./scripts/gitlab_api.js comment_mr "jorgermp/my-tool" 1 "Great work, but check indentation."

Files

2 total

Select a file

Select a file to preview.

Comments

Loading comments…