← Back to Skills Marketplace
Gitlab Ci Linter
by
charlie-morrison
· GitHub ↗
· v1.0.0
· MIT-0
78
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install gitlab-ci-linter
Description
Lint and validate GitLab CI/CD pipeline YAML files (.gitlab-ci.yml) for syntax errors, security issues, deprecated patterns, and best practices. Use when ask...
README (SKILL.md)
GitLab CI Linter
Lint GitLab CI/CD pipeline files for syntax errors, security issues, deprecated patterns, and best practices violations.
Commands
All commands use the bundled Python script at scripts/gitlab_ci_linter.py.
1. Lint a pipeline file
python3 scripts/gitlab_ci_linter.py lint \x3Cfile-or-directory> [--strict] [--format text|json|markdown]
Runs all lint rules against one or more .gitlab-ci.yml files. If given a directory, scans for *.yml and *.yaml files recursively.
Flags:
--strict-- exit code 1 on any warning (not just errors)--format-- output format:text(default),json,markdown
2. Audit for security issues
python3 scripts/gitlab_ci_linter.py security \x3Cfile> [--format text|json|markdown]
Focused security audit: hardcoded secrets, unprotected variables, privileged runners, insecure Docker image tags, security jobs with allow_failure.
3. Inspect stages
python3 scripts/gitlab_ci_linter.py stages \x3Cfile> [--format text|json|markdown]
Show defined stages and which jobs map to each stage. Flags undefined or unused stages.
4. Validate pipeline structure
python3 scripts/gitlab_ci_linter.py validate \x3Cfile> [--format text|json|markdown]
Structural validation only: required keys, stage definitions, job keywords, dependency graph (circular needs:, missing refs).
Lint Rules (24 total)
Syntax & Structure (8 rules)
- missing-stages -- No
stages:definition - undefined-stage -- Job uses stage not in
stages:list - empty-job -- Job has no
script:section - invalid-job-name -- Job name starts with
.but is not used as a template - missing-script -- Job without
script:,before_script:, ortrigger: - circular-needs -- Circular dependency in
needs:graph - duplicate-job -- Duplicate job names (YAML parser collapses them)
- invalid-keyword -- Unknown top-level or job-level keyword
Security (6 rules)
- hardcoded-secret -- Passwords, tokens, keys in plain text
- unprotected-variable -- Sensitive-looking variable not using
$CI_*references - allow-failure-security -- Security-related job with
allow_failure: true - privileged-runner --
tags:requesting privileged runners - unmasked-variable -- Variable looks sensitive but not described as masked
- insecure-image -- Using
:latesttag for Docker images
Best Practices (10 rules)
- missing-retry -- No
retry:on deploy/test jobs - missing-timeout -- No
timeout:specified - no-cache-key --
cache:without explicitkey: - broad-artifacts -- Overly broad
artifacts: paths:patterns - missing-rules -- Job without
rules:oronly:/except: - deprecated-only-except -- Using
only:/except:instead ofrules: - long-script --
script:block exceeds 30 lines - missing-interruptible -- Long-running job without
interruptible: - no-coverage-regex -- Test job without
coverage:regex - missing-when -- No
when:inrules:entries
Output Formats
Text (default)
.gitlab-ci.yml:12 error [missing-script] Job 'deploy' has no script:, before_script:, or trigger:
.gitlab-ci.yml:25 warning [missing-timeout] Job 'test' has no timeout: specified
.gitlab-ci.yml:31 info [deprecated-only-except] Job 'build' uses only:/except: instead of rules:
3 issues (1 error, 2 warnings)
JSON
{
"file": ".gitlab-ci.yml",
"issues": [...],
"summary": {"errors": 1, "warnings": 2, "info": 0}
}
Markdown
Summary table with severity, rule, location, and message.
CI Integration
# .gitlab-ci.yml
lint-pipeline:
stage: test
script:
- python3 scripts/gitlab_ci_linter.py lint .gitlab-ci.yml --strict
Exit codes: 0 = clean, 1 = errors found (or warnings in --strict mode).
Usage Guidance
This bundle appears coherent: it ships a local Python linter and the SKILL.md only instructs running that script on local .gitlab-ci.yml files. Before running it on sensitive repositories, review the bundled script for any network calls or unexpected os.*/subprocess usage (the provided portion uses only stdlib parsing). Run it first in a sandbox or on a non-production copy of your repo. Note the package owner is unknown and STATUS.md lists a price—if you plan to pay or publish this, confirm the provenance. If you want higher assurance, open the entire scripts/gitlab_ci_linter.py file and grep for requests, urllib, socket, subprocess, os.environ access, or writing outside the working directory; any of those would warrant closer review.
Capability Analysis
Type: OpenClaw Skill
Name: gitlab-ci-linter
Version: 1.0.0
The gitlab-ci-linter bundle is a legitimate static analysis tool for validating GitLab CI/CD YAML configurations. The core logic in scripts/gitlab_ci_linter.py is implemented using only the Python standard library and performs pattern matching (regex) to identify security risks like hardcoded secrets or insecure image tags. There is no evidence of data exfiltration, unauthorized network activity, or malicious execution; the tool operates strictly on the files provided by the user and outputs findings to the console.
Capability Assessment
Purpose & Capability
Name and description match the included tooling: a Python script that parses and lints .gitlab-ci.yml files. No unrelated environment variables, binaries, or cloud credentials are requested.
Instruction Scope
SKILL.md restricts runtime behavior to invoking the bundled script on local files or directories and selecting output formats. It does not instruct reading unrelated system paths, exfiltrating data, or contacting external endpoints.
Install Mechanism
No install spec is provided (instruction-only skill) and the linter is bundled as a pure-Python script using the standard library. No downloads, package installs, or archive extraction are declared.
Credentials
The skill declares no required environment variables, credentials, or config paths. The linter inspects YAML files for patterns like 'hardcoded-secret' but does not require or request secret values to operate.
Persistence & Privilege
Skill is not always-enabled, does not request persistent or elevated agent privileges, and does not declare any behavior that modifies other skills or system configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install gitlab-ci-linter - After installation, invoke the skill by name or use
/gitlab-ci-linter - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Gitlab Ci Linter?
Lint and validate GitLab CI/CD pipeline YAML files (.gitlab-ci.yml) for syntax errors, security issues, deprecated patterns, and best practices. Use when ask... It is an AI Agent Skill for Claude Code / OpenClaw, with 78 downloads so far.
How do I install Gitlab Ci Linter?
Run "/install gitlab-ci-linter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Gitlab Ci Linter free?
Yes, Gitlab Ci Linter is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Gitlab Ci Linter support?
Gitlab Ci Linter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Gitlab Ci Linter?
It is built and maintained by charlie-morrison (@charlie-morrison); the current version is v1.0.0.
More Skills