gitlab-auto-review 安全扫描报告 — 低风险 | ClawSafe

20 /100

gitlab-auto-review

Automated AI code review for GitLab Merge Requests via polling

Legitimate GitLab MR code review automation skill with minor documentation gaps but no malicious behavior detected.

技能名称gitlab-auto-review

分析耗时43.3s

引擎pi

✓

可以安装

Add explicit filesystem:READ declaration in SKILL.md for the --file mode JSON reading. No action needed to block this skill.

安全发现 2 项

严重性	安全发现	位置
低危	Undeclared filesystem read operation The post-comment --file mode uses fs.readFileSync to read JSON payloads from files, but filesystem:READ is not declared in SKILL.md metadata or allowed-tools mapping. `const payload = fs.readFileSync(args[1], 'utf8');` → Add filesystem:READ to the capability declaration if this skill will be used via skill_invoke with file access.	`scripts/gitlab-api.js:138`
提示	No dependency pinning SKILL.md declares 'node' binary requirement but does not specify minimum version. Acceptable for CLI tools but worth documenting for reproducibility. `bins: ["node"]` → Consider documenting minimum Node.js version (e.g., Node 18+) for consistent behavior.	`SKILL.md:12`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	scripts/gitlab-api.js:27 Makes GET/POST requests to GitLab API only
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:18-22 Declares node command execution; cron-setup.md:7 documents full c…
环境变量	`READ`	`READ`	✓ 一致	scripts/gitlab-api.js:14-15 Reads GITLAB_URL and GITLAB_TOKEN from process.env
文件系统	`NONE`	`READ`	✓ 一致	scripts/gitlab-api.js:138 uses fs.readFileSync for --file mode; should be declar…
数据库	`NONE`	`NONE`	—	No database operations found
浏览器	`NONE`	`NONE`	—	No browser operations found
技能调用	`NONE`	`NONE`	—	No nested skill invocations
剪贴板	`NONE`	`NONE`	—	No clipboard operations found

4 文件 · 12.2 KB · 357 行

Markdown 3f · 184L JavaScript 1f · 173L

├─ ▾ 📁 references

│ ├─ 📝 cron-setup.md Markdown 41L · 1.9 KB

│ └─ 📝 review-guidelines.md Markdown 64L · 2.1 KB

├─ ▾ 📁 scripts

│ └─ 📜 gitlab-api.js JavaScript 173L · 5.2 KB

└─ 📝 SKILL.md Markdown 79L · 2.9 KB

包名	版本	来源	已知漏洞	备注
`node`	`unspecified`	system	否	No version constraint; assumes Node.js runtime is available

✓ All network requests are to GitLab API only (declared intent matches implementation)

✓ No credential exfiltration or suspicious data transmission

✓ No base64-encoded payloads, obfuscation, or hidden instructions

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env credentials)

✓ Clean codebase with no eval(), exec(), or shell injection vectors

✓ Proper JSON parsing with error handling for API responses

✓ Follows security best practices for comment posting via --file mode (Windows encoding fix)

✓ No curl|bash or remote script execution patterns