Automated AI code review for GitLab Merge Requests via polling. Periodically checks for open MRs, reviews code diffs for security vulnerabilities, bugs, and...
Security Analysis
high confidenceThe skill's code, declared requirements, and runtime instructions are consistent with an automated GitLab MR reviewer; nothing requested is unrelated to that purpose.
Name/description (automated MR review) align with requested binaries (node), required env vars (GITLAB_URL, GITLAB_TOKEN), and included scripts that call the GitLab API. The primary credential is the GitLab token as expected.
SKILL.md and cron instructions stay inside the review workflow (polling MRs, fetching diffs, posting comments/notes). They explicitly direct the agent to read/write {baseDir}/mr-reviewed.json and to create a local .env with credentials (expected for an autonomous worker). The cron message instructs the worker to "Do not ask for permission — execute directly," which is normal for unattended cron workers but worth noting because it emphasizes autonomous actions.
No install spec — instruction-only with a single local JS helper script. Nothing is downloaded or installed from external arbitrary URLs.
Only GITLAB_URL and GITLAB_TOKEN are required, which are proportional to the task. No unrelated credentials, secrets, or unexpected config paths are requested.
Skill doesn't set always:true. The provided cron setup will create a persistent scheduled worker that runs autonomously (the cron message explicitly tells the worker to act without asking). This is reasonable for automation but increases how often the token is used and the blast radius if the token has broad scopes.
Guidance
This skill appears to do what it says, but take these precautions before enabling it: - Review the included script (scripts/gitlab-api.js) yourself — it makes only GitLab API calls and writes/reads a local reviewed-log file. - Use a least-privilege GitLab token: grant only the scopes needed to read MRs and post comments/notes (avoid full admin scopes). Prefer a project-scoped token if possible. - Protect the .env file and any stored token (file permissions, secrets manager) and rotate the token if compromised. - Test the worker in a safe/test project first to verify behavior and comment formatting. - Note the cron setup instructs the worker to run without prompts — ensure you want an unattended process that will post directly to MRs. - Minor technical notes: the helper uses md5-based line_code (comment text said SHA256), and it relies on Node's fetch availability (Node 18+ or polyfill). Ensure your environment matches. If you want tighter control, run the script manually or limit the cron schedule while evaluating, and confirm the token scope before granting it to the worker.
Latest Release
v1.0.3
Version 1.0.3 - Added troubleshooting guidance: clarify that cron prompt should have an explicit "never re-review" rule at highest priority to prevent duplicate reviews. - No code or functional changes; documentation update only.
More by @gotoloops
Published by @gotoloops on ClawHub
