Scan Report
5 /100
gitlab-mr-review
Review GitLab merge requests using a standardized code review template
This is a legitimate GitLab MR review skill using the official glab CLI tool. All capabilities are properly declared, with no hidden functionality, credential access, or data exfiltration.
Safe to install
No action needed. The skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md documents reading code-review-template.md |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md documents glab CLI commands for GitLab API operations |
| Network | READ | READ | ✓ Aligned | SKILL.md documents glab api calls to user-provided GitLab instances |
1 findings
Medium External URL 外部 URL
https://gitlab.xxx.com/... SKILL.md:3 File Tree
2 files · 4.2 KB · 148 lines Markdown 2f · 148L
├─
code-review-template.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ All shell commands are explicitly documented in SKILL.md
✓ Uses official glab CLI tool for GitLab integration
✓ Requires user to provide MR URL - no autonomous action
✓ No credential harvesting or environment variable access
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No data exfiltration - only posts to user's own GitLab instance
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ No external dependencies or supply chain risks
✓ No persistence mechanisms or backdoors