中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:2 days ago Rescan
10 /100
gitlab-cli-skills
Comprehensive GitLab CLI (glab) command reference and workflows for all GitLab operations via terminal
This is a legitimate GitLab CLI (glab) documentation/reference skill with no malicious behavior. The only finding is a documentation example showing a masked PAT format, which is a false positive since the token is redacted.
Skill Namegitlab-cli-skills
Duration43.0s
Enginepi
Safe to install
No action required. This skill provides safe, documented access to GitLab CLI operations through the legitimate glab binary.

Findings 2 items

Severity Finding Location
Info
Masked PAT format example in documentation
Line 178 of glab-auth/references/commands.md shows 'glpat-xxxxxxxxxxxxxxxxxxxx' as a command example. This is a redacted/masked placeholder showing the expected PAT format, not an actual credential.
$ glab auth dpop-gen --private-key "~/.ssh/id_rsa" --pat "glpat-xxxxxxxxxxxxxxxxxxxx"
→ No action needed - this is a legitimate documentation example with redacted token
 glab-auth/references/commands.md:178
Info
No executable scripts present
SKILL.md references scripts/ directory for workflows but no scripts/ directory exists. This is a pure documentation/reference skill.
Scripts in this skill can post comments...
→ Documentation may reference non-existent scripts - consider removing or adding scripts if needed
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Network READ READ ✓ Aligned SKILL.md: requires network access to GitLab API via HTTPS
Filesystem READ READ ✓ Aligned SKILL.md: mentions ~./ssh/id_rsa and ~/.docker/config.json for DPoP and registry…
Environment READ READ ✓ Aligned SKILL.md: reads GITLAB_TOKEN, GITLAB_HOST env vars
Shell NONE NONE No shell execution - skill is documentation only, relies on glab binary
1 Critical 50 findings
🔑
Critical API Key 硬编码 API 密钥
glpat-xxxxxxxxxxxxxxxxxxxx
glab-auth/references/commands.md:178
🔗
Medium External URL 外部 URL
https://gitlab.com/gitlab-org/cli/-/releases
SKILL.md:4
🔗
Medium External URL 外部 URL
https://gitlab.com
SKILL.md:26
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/api/
glab-api/SKILL.md:20
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/api/graphql/
glab-api/SKILL.md:21
🔗
Medium External URL 外部 URL
https://jsonlines.org/
glab-api/SKILL.md:74
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/api/attestations/
glab-attestation/references/commands.md:38
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/ci/pipeline_security/slsa/provenance_v1/
glab-attestation/references/commands.md:39
🔗
Medium External URL 外部 URL
https://slsa.dev/attestation-model
glab-attestation/references/commands.md:40
🔗
Medium External URL 外部 URL
https://docs.sigstore.dev/cosign/system_config/installation/
glab-attestation/references/commands.md:43
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/cli/auth/
glab-auth/references/commands.md:3
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/user/profile/personal_access_tokens/#require-dpop-headers-with-personal-
glab-auth/references/commands.md:156
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/policy/development_stages_support/
glab-auth/references/commands.md:165
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/ci/jobs/job_rules/#ci_pipeline_source-predefined-variable
glab-ci/references/commands.md:213
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/editor_extensions/gitlab_cli/#run-…
glab-ci/references/commands.md:307
🔗
Medium External URL 外部 URL
https://staging.example.com
glab-ci/references/pipeline-best-practices.md:193
🔗
Medium External URL 外部 URL
https://gitlab.com/your-group/your-project/badges/main/coverage.svg
glab-ci/references/pipeline-best-practices.md:294
🔗
Medium External URL 外部 URL
https://api.example.com
glab-ci/references/pipeline-best-practices.md:569
🔗
Medium External URL 外部 URL
https://staging-api.example.com
glab-ci/references/pipeline-best-practices.md:577
🔗
Medium External URL 外部 URL
https://$CI_COMMIT_REF_SLUG.review.example.com
glab-ci/references/pipeline-best-practices.md:609
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/ee/ci/yaml/
glab-ci/references/pipeline-best-practices.md:663
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/ee/ci/examples/
glab-ci/references/pipeline-best-practices.md:664
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/ee/ci/pipelines/pipeline_efficiency.html
glab-ci/references/pipeline-best-practices.md:665
🔗
Medium External URL 外部 URL
https://docs.brew.sh/Shell-Completion
glab-completion/SKILL.md:97
🔗
Medium External URL 外部 URL
http://proxy.example.com:8080
glab-config/SKILL.md:60
🔗
Medium External URL 外部 URL
https://gitlab.mycompany.com
glab-config/SKILL.md:111
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/user/gitlab_duo_cli/
glab-duo/SKILL.md:19
🔗
Medium External URL 外部 URL
https://gitlab.com/groups/gitlab-org/-/work_items/20826
glab-duo/SKILL.md:22
🔗
Medium External URL 外部 URL
https://gitlab.com/NAMESPACE/REPO/-/issues/incident/123
glab-incident/references/commands.md:46
🔗
Medium External URL 外部 URL
https://gitlab.com/OWNER/REPO/-/issues/incident/123
glab-incident/references/commands.md:150
🔗
Medium External URL 外部 URL
https://gitlab.com/NAMESPACE/REPO/-/issues/123
glab-issue/references/commands.md:74
🔗
Medium External URL 外部 URL
https://gitlab.com/profclems/glab/-/issues/123
glab-issue/references/commands.md:138
🔗
Medium External URL 外部 URL
https://gitlab.com/OWNER/REPO/-/issues/123
glab-issue/references/commands.md:244
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/policy/development_stages_support/.
glab-mcp/SKILL.md:21
🔗
Medium External URL 外部 URL
https://gitlab.com/api/v4/projects/
glab-mr/SKILL.md:182
🔗
Medium External URL 外部 URL
https://gitlab.com/gitlab-org/cli/-/merge_requests/1234
glab-mr/references/commands.md:130
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/user/project/quick_actions/
glab-quick-actions/SKILL.md:424
🔗
Medium External URL 外部 URL
https://gitlab.com/upstream-group/project.git
glab-repo/SKILL.md:69
🔗
Medium External URL 外部 URL
https://gitlab.com/gitlab-org/cli
glab-repo/references/commands.md:92
🔗
Medium External URL 外部 URL
https://username:[email protected]/org/repo
glab-repo/references/commands.md:378
🔗
Medium External URL 外部 URL
https://gitlab.example.com/org/repo
glab-repo/references/commands.md:390
🔗
Medium External URL 外部 URL
https://username:[email protected]/org/priv…
glab-repo/references/commands.md:393
🔗
Medium External URL 外部 URL
https://gitlab-backup.example.com/backup/myproject
glab-repo/references/commands.md:399
🔗
Medium External URL 外部 URL
https://gitlab-backup.example.com/backup/repo
glab-repo/references/commands.md:402
🔗
Medium External URL 外部 URL
https://gitlab.company.org/user/repo
glab-repo/references/commands.md:540
🔗
Medium External URL 外部 URL
https://gitlab.company.org/user/repo.git
glab-repo/references/commands.md:541
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/api/user_tokens/#create-a-personal-access-token
glab-token/references/commands.md:45
🔗
Medium External URL 外部 URL
https://docs.gitlab.com/user/profile/personal_access_tokens/#personal-access-token-scopes.
glab-token/references/commands.md:83
📧
Info Email 邮箱地址
[email protected]
glab-repo/references/commands.md:378
📧
Info Email 邮箱地址
[email protected]
glab-repo/references/commands.md:539

File Tree

75 files · 435.6 KB · 11803 lines
Markdown 72f · 11466L YAML 3f · 337L
├─ 📁 glab-alias
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 105L · 5.1 KB
│ └─ 📝 SKILL.md Markdown 37L · 975 B
├─ 📁 glab-api
│ └─ 📝 SKILL.md Markdown 173L · 6.3 KB
├─ 📁 glab-attestation
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 64L · 3.2 KB
│ └─ 📝 SKILL.md Markdown 43L · 1.5 KB
├─ 📁 glab-auth
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 192L · 6.1 KB
│ └─ 📝 SKILL.md Markdown 199L · 7.5 KB
├─ 📁 glab-changelog
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 47L · 1.7 KB
│ └─ 📝 SKILL.md Markdown 35L · 858 B
├─ 📁 glab-check-update
│ └─ 📝 SKILL.md Markdown 38L · 1.6 KB
├─ 📁 glab-ci
│ ├─ 📁 references
│ │ ├─ 📝 commands.md Markdown 516L · 28.1 KB
│ │ └─ 📝 pipeline-best-practices.md Markdown 671L · 12.4 KB
│ ├─ 📁 templates
│ │ ├─ 📋 docker-build.yml YAML 122L · 2.8 KB
│ │ ├─ 📋 nodejs-basic.yml YAML 85L · 1.4 KB
│ │ ├─ 📋 nodejs-multistage.yml YAML 130L · 2.6 KB
│ │ └─ 📝 README.md Markdown 296L · 6.3 KB
│ └─ 📝 SKILL.md Markdown 311L · 7.5 KB
├─ 📁 glab-cluster
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 57L · 2.2 KB
│ └─ 📝 SKILL.md Markdown 51L · 1.6 KB
├─ 📁 glab-completion
│ └─ 📝 SKILL.md Markdown 118L · 10.9 KB
├─ 📁 glab-config
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 129L · 6.4 KB
│ └─ 📝 SKILL.md Markdown 116L · 5.1 KB
├─ 📁 glab-deploy-key
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 123L · 4.4 KB
│ └─ 📝 SKILL.md Markdown 53L · 1.7 KB
├─ 📁 glab-duo
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 67L · 4.1 KB
│ └─ 📝 SKILL.md Markdown 67L · 1.9 KB
├─ 📁 glab-gpg-key
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 113L · 3.3 KB
│ └─ 📝 SKILL.md Markdown 53L · 1.6 KB
├─ 📁 glab-help
│ └─ 📝 SKILL.md Markdown 31L · 743 B
├─ 📁 glab-incident
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 209L · 8.1 KB
│ └─ 📝 SKILL.md Markdown 46L · 1.5 KB
├─ 📁 glab-issue
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 337L · 13.6 KB
│ └─ 📝 SKILL.md Markdown 147L · 3.4 KB
├─ 📁 glab-iteration
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 49L · 1.4 KB
│ └─ 📝 SKILL.md Markdown 36L · 963 B
├─ 📁 glab-job
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 46L · 1.4 KB
│ └─ 📝 SKILL.md Markdown 125L · 3.3 KB
├─ 📁 glab-label
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 150L · 4.5 KB
│ └─ 📝 SKILL.md Markdown 117L · 3.3 KB
├─ 📁 glab-mcp
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 84L · 5.6 KB
│ └─ 📝 SKILL.md Markdown 57L · 2.8 KB
├─ 📁 glab-milestone
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 188L · 8.2 KB
│ └─ 📝 SKILL.md Markdown 54L · 1.6 KB
├─ 📁 glab-mr
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 692L · 22.7 KB
│ └─ 📝 SKILL.md Markdown 381L · 10.6 KB
├─ 📁 glab-opentofu
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 79L · 3.1 KB
│ └─ 📝 SKILL.md Markdown 47L · 1.4 KB
├─ 📁 glab-quick-actions
│ └─ 📝 SKILL.md Markdown 426L · 13.8 KB
├─ 📁 glab-release
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 286L · 18.1 KB
│ └─ 📝 SKILL.md Markdown 63L · 2.2 KB
├─ 📁 glab-repo
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 550L · 30.6 KB
│ └─ 📝 SKILL.md Markdown 227L · 5.2 KB
├─ 📁 glab-runner
│ └─ 📝 SKILL.md Markdown 226L · 6.5 KB
├─ 📁 glab-runner-controller
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 464L · 11.9 KB
│ └─ 📝 SKILL.md Markdown 269L · 7.5 KB
├─ 📁 glab-schedule
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 155L · 5.5 KB
│ └─ 📝 SKILL.md Markdown 50L · 1.5 KB
├─ 📁 glab-securefile
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 191L · 9.4 KB
│ └─ 📝 SKILL.md Markdown 44L · 1.8 KB
├─ 📁 glab-snippet
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 82L · 3.6 KB
│ └─ 📝 SKILL.md Markdown 41L · 1.4 KB
├─ 📁 glab-ssh-key
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 136L · 4.9 KB
│ └─ 📝 SKILL.md Markdown 76L · 2.4 KB
├─ 📁 glab-stack
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 386L · 19.6 KB
│ └─ 📝 SKILL.md Markdown 72L · 3.4 KB
├─ 📁 glab-token
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 224L · 15.5 KB
│ └─ 📝 SKILL.md Markdown 39L · 1.3 KB
├─ 📁 glab-user
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 40L · 923 B
│ └─ 📝 SKILL.md Markdown 35L · 799 B
├─ 📁 glab-variable
│ ├─ 📁 references
│ │ └─ 📝 commands.md Markdown 206L · 8.3 KB
│ └─ 📝 SKILL.md Markdown 41L · 1.4 KB
├─ 📁 glab-version
│ └─ 📝 SKILL.md Markdown 30L · 630 B
├─ 📁 glab-workitems
│ └─ 📝 SKILL.md Markdown 116L · 3.2 KB
├─ 📝 README.md Markdown 95L · 2.7 KB
└─ 📝 SKILL.md Markdown 347L · 14.1 KB

Security Positives

✓ HTTPS enforced for all GitLab API communication - token never sent over HTTP
✓ Clear security warnings about never uploading private SSH keys
✓ Well-documented credential management with multi-actor identity guidance
✓ DPoP SSH key access explicitly declared in documentation
✓ Token environment variable precedence clearly documented
✓ No suspicious patterns: no base64 encoding, no curl|bash, no direct IP connections
✓ No credential exfiltration observed - skill is read-only documentation
✓ 40+ sub-skills organized by function with clear security boundaries