扫描报告
5 /100
gitlab-mr-review
Review GitLab merge requests using a standardized code review template
This is a legitimate GitLab MR review skill using the official glab CLI tool. All capabilities are properly declared, with no hidden functionality, credential access, or data exfiltration.
可以安装
No action needed. The skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md documents reading code-review-template.md |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md documents glab CLI commands for GitLab API operations |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md documents glab api calls to user-provided GitLab instances |
1 项发现
中危 外部 URL 外部 URL
https://gitlab.xxx.com/... SKILL.md:3 目录结构
2 文件 · 4.2 KB · 148 行 Markdown 2f · 148L
├─
code-review-template.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ All shell commands are explicitly documented in SKILL.md
✓ Uses official glab CLI tool for GitLab integration
✓ Requires user to provide MR URL - no autonomous action
✓ No credential harvesting or environment variable access
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No data exfiltration - only posts to user's own GitLab instance
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ No external dependencies or supply chain risks
✓ No persistence mechanisms or backdoors