gitlab-auto-review Security Report — Low Risk | ClawSafe

20 /100

gitlab-auto-review

Automated AI code review for GitLab Merge Requests via polling

Legitimate GitLab MR code review automation skill with minor documentation gaps but no malicious behavior detected.

Skill Namegitlab-auto-review

Duration43.3s

Enginepi

✓

Safe to install

Add explicit filesystem:READ declaration in SKILL.md for the --file mode JSON reading. No action needed to block this skill.

Findings 2 items

Severity	Finding	Location
Low	Undeclared filesystem read operation The post-comment --file mode uses fs.readFileSync to read JSON payloads from files, but filesystem:READ is not declared in SKILL.md metadata or allowed-tools mapping. `const payload = fs.readFileSync(args[1], 'utf8');` → Add filesystem:READ to the capability declaration if this skill will be used via skill_invoke with file access.	`scripts/gitlab-api.js:138`
Info	No dependency pinning SKILL.md declares 'node' binary requirement but does not specify minimum version. Acceptable for CLI tools but worth documenting for reproducibility. `bins: ["node"]` → Consider documenting minimum Node.js version (e.g., Node 18+) for consistent behavior.	`SKILL.md:12`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	scripts/gitlab-api.js:27 Makes GET/POST requests to GitLab API only
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:18-22 Declares node command execution; cron-setup.md:7 documents full c…
Environment	`READ`	`READ`	✓ Aligned	scripts/gitlab-api.js:14-15 Reads GITLAB_URL and GITLAB_TOKEN from process.env
Filesystem	`NONE`	`READ`	✓ Aligned	scripts/gitlab-api.js:138 uses fs.readFileSync for --file mode; should be declar…
Database	`NONE`	`NONE`	—	No database operations found
Browser	`NONE`	`NONE`	—	No browser operations found
Skill Invoke	`NONE`	`NONE`	—	No nested skill invocations
Clipboard	`NONE`	`NONE`	—	No clipboard operations found

4 files · 12.2 KB · 357 lines

Markdown 3f · 184L JavaScript 1f · 173L

├─ ▾ 📁 references

│ ├─ 📝 cron-setup.md Markdown 41L · 1.9 KB

│ └─ 📝 review-guidelines.md Markdown 64L · 2.1 KB

├─ ▾ 📁 scripts

│ └─ 📜 gitlab-api.js JavaScript 173L · 5.2 KB

└─ 📝 SKILL.md Markdown 79L · 2.9 KB

Package	Version	Source	Known Vulns	Notes
`node`	`unspecified`	system	No	No version constraint; assumes Node.js runtime is available

✓ All network requests are to GitLab API only (declared intent matches implementation)

✓ No credential exfiltration or suspicious data transmission

✓ No base64-encoded payloads, obfuscation, or hidden instructions

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env credentials)

✓ Clean codebase with no eval(), exec(), or shell injection vectors

✓ Proper JSON parsing with error handling for API responses

✓ Follows security best practices for comment posting via --file mode (Windows encoding fix)

✓ No curl|bash or remote script execution patterns