ClawHub

gitlab-cli-skills

v1.13.1

Comprehensive GitLab CLI (glab) command reference and workflows for all GitLab operations via terminal. Use when user mentions GitLab CLI, glab commands, Git...

6· 4.5k·19 current·22 all-time
byVince Lozada@vince-winkintel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan sign transactionsRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (glab/GitLab CLI workflows) match the content: the skill documents glab commands, auth, CI, MRs, issues, etc. Requested binaries (glab, optional cosign for attestations) and optional access to GitLab tokens/SSH keys/Docker config are appropriate for a GitLab CLI helper.
Instruction Scope
Runtime instructions focus on running glab commands, running glab api, and performing auth checks. References to config files (~/.config/glab-cli/config.yml), SSH keys for DPoP, and Docker config are relevant to the described operations; the SKILL.md warns about sensitive files and untrusted content. There are no instructions that attempt unrelated system reads or external exfiltration.
Install Mechanism
Primary install spec is Homebrew (brew install glab), which is appropriate. The embedded metadata also mentions a generic download URL pointing at the GitLab releases page rather than a direct binary artifact; this is a minor inconsistency and could be clarified. A direct arbitrary download/extract step is not present in the registry install listing, so risk is low but verify which installer will be used.
Credentials
No required environment variables are declared; an optional GITLAB_TOKEN is documented and justified for performing API writes. The skill explicitly documents that scripts can perform writes (post comments, approvals) and warns users to review scripts before use. No unrelated credentials are requested.
Persistence & Privilege
The skill does not request 'always: true' and does not ask to modify other skills or global agent settings. Autonomous invocation (model-invocation enabled) is the platform default and not itself a red flag here, but you should still review write behaviors before allowing agentic runs.
Assessment
This skill appears to be a coherent, documentation-first set of instructions for the GitLab CLI. Before installing or enabling autonomous use: (1) prefer installing glab via Homebrew (the listed safe option); (2) review any included scripts that perform writes (e.g. post-inline-comment.py, scripts/ci-debug.sh) so you know what actions they will take; (3) supply a least-privilege GitLab token or use a dedicated bot account if the agent will perform writes; (4) be aware the skill may read your glab config (~/.config/glab-cli/config.yml), SSH private keys (for DPoP), and Docker config when relevant—do not expose high-privilege credentials; and (5) clarify which install method the agent will run if you see both a brew and a generic download entry in metadata.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ar9xkgyxw2z6x168n8rhmfn84rsxg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsglab
Any bincosign

Install

Install glab (brew)
Bins: glab
brew install glab

Comments