Is d1gl3/gitlab-api safe?

https://github.com/openclaw/skills/tree/main/skills/d1gl3/gitlab-api

92
SAFE

This GitLab API skill provides legitimate functionality for interacting with GitLab repositories via their REST API. The skill contains well-structured shell scripts with proper input validation and follows standard GitLab API patterns. No malicious behavior, prompt injection attempts, or unauthorized data access was detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

INFO Executable shell script present -15

The skill contains a shell script (gitlab_api.sh) that provides command-line interface for GitLab API operations. The script is well-structured with proper input validation and follows GitLab API patterns.

LOW External URLs referenced -5

The documentation references external GitLab URLs for API documentation and token generation. These are legitimate references to official GitLab resources.

LOW Reads configuration files -10

The script reads GitLab token and instance URL from user configuration files. This is documented, expected behavior for a GitLab API client.

LOW Potential for misuse via legitimate functionality -15

While the skill itself is benign, it could theoretically be misused to upload sensitive data to GitLab repositories. However, this risk is inherent to any legitimate GitLab API client and requires user token permissions.