gitlab-api

clawhub:gitlab-api

View source

84/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

84/100

MEDIUM 2

LOW 5

Findings (7)

MEDIUM

Sensitive file read pattern EXFIL_002

exfiltration L40

Detects reads of sensitive system or credential files

cat ~/.config

FIX

Prevent the tool from reading environment variables and sending them to external endpoints. If env access is needed, restrict it to specific variable names via an allowlist.

FP?

Likely FP if the match is documentation about how to configure environment variables, not code that reads and transmits them.

MEDIUM

Sensitive file read pattern EXFIL_002

exfiltration L41

Detects reads of sensitive system or credential files

cat ~/.config

FIX

Prevent the tool from reading environment variables and sending them to external endpoints. If env access is needed, restrict it to specific variable names via an allowlist.

FP?

Likely FP if the match is documentation about how to configure environment variables, not code that reads and transmits them.

LOW

Shell script file execution CMDEXEC_013

command-execution L140

Detects execution of shell script files via bash/sh command or direct invocation

./scripts/gitlab_api.sh

FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW

Shell script file execution CMDEXEC_013

command-execution L143

Detects execution of shell script files via bash/sh command or direct invocation

./scripts/gitlab_api.sh

FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW

Shell script file execution CMDEXEC_013

command-execution L146

Detects execution of shell script files via bash/sh command or direct invocation

./scripts/gitlab_api.sh

FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW

Shell script file execution CMDEXEC_013

command-execution L149

Detects execution of shell script files via bash/sh command or direct invocation

./scripts/gitlab_api.sh

FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW

Shell script file execution CMDEXEC_013

command-execution L152

Detects execution of shell script files via bash/sh command or direct invocation

./scripts/gitlab_api.sh

FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.