← Back to Skills Marketplace
d1gl3

GitLab API

by d1gl3 · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
2078
Downloads
1
Stars
5
Active Installs
1
Versions
Install in OpenClaw
/install gitlab-api
Description
GitLab API integration for repository operations. Use when working with GitLab repositories for reading, writing, creating, or deleting files, listing projects, managing branches, or any other GitLab repository operations.
README (SKILL.md)

GitLab API

Interact with GitLab repositories via the REST API. Supports both GitLab.com and self-hosted instances.

Setup

Store your GitLab personal access token:

mkdir -p ~/.config/gitlab
echo "glpat-YOUR_TOKEN_HERE" > ~/.config/gitlab/api_token

Token scopes needed: api or read_api + write_repository

Get a token:

Configuration

Default instance: https://gitlab.com

For self-hosted GitLab, create a config file:

echo "https://gitlab.example.com" > ~/.config/gitlab/instance_url

Common Operations

List Projects

GITLAB_TOKEN=$(cat ~/.config/gitlab/api_token)
GITLAB_URL=$(cat ~/.config/gitlab/instance_url 2>/dev/null || echo "https://gitlab.com")

curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" \
  "$GITLAB_URL/api/v4/projects?owned=true&per_page=20"

Get Project ID

Projects are identified by ID or URL-encoded path (namespace%2Fproject).

# By path
curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" \
  "$GITLAB_URL/api/v4/projects/username%2Frepo"

# Extract ID from response: jq '.id'

Read File

PROJECT_ID="12345"
FILE_PATH="src/main.py"
BRANCH="main"

curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" \
  "$GITLAB_URL/api/v4/projects/$PROJECT_ID/repository/files/${FILE_PATH}?ref=$BRANCH" \
  | jq -r '.content' | base64 -d

Create/Update File

PROJECT_ID="12345"
FILE_PATH="src/new_file.py"
BRANCH="main"
CONTENT=$(echo "print('hello')" | base64)

curl -X POST -H "PRIVATE-TOKEN: $GITLAB_TOKEN" \
  -H "Content-Type: application/json" \
  "$GITLAB_URL/api/v4/projects/$PROJECT_ID/repository/files/${FILE_PATH}" \
  -d @- \x3C\x3CEOF
{
  "branch": "$BRANCH",
  "content": "$CONTENT",
  "commit_message": "Add new file",
  "encoding": "base64"
}
EOF

For updates, use -X PUT instead of -X POST.

Delete File

curl -X DELETE -H "PRIVATE-TOKEN: $GITLAB_TOKEN" \
  -H "Content-Type: application/json" \
  "$GITLAB_URL/api/v4/projects/$PROJECT_ID/repository/files/${FILE_PATH}" \
  -d '{"branch": "main", "commit_message": "Delete file"}'

List Files in Directory

curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" \
  "$GITLAB_URL/api/v4/projects/$PROJECT_ID/repository/tree?path=src&ref=main"

Get Repository Content (Archive)

curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" \
  "$GITLAB_URL/api/v4/projects/$PROJECT_ID/repository/archive.tar.gz" \
  -o repo.tar.gz

List Branches

curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" \
  "$GITLAB_URL/api/v4/projects/$PROJECT_ID/repository/branches"

Create Branch

curl -X POST -H "PRIVATE-TOKEN: $GITLAB_TOKEN" \
  -H "Content-Type: application/json" \
  "$GITLAB_URL/api/v4/projects/$PROJECT_ID/repository/branches" \
  -d '{"branch": "feature-xyz", "ref": "main"}'

Helper Script

Use scripts/gitlab_api.sh for common operations:

# List projects
./scripts/gitlab_api.sh list-projects

# Read file
./scripts/gitlab_api.sh read-file \x3Cproject-id> \x3Cfile-path> [branch]

# Write file
./scripts/gitlab_api.sh write-file \x3Cproject-id> \x3Cfile-path> \x3Ccontent> \x3Ccommit-msg> [branch]

# Delete file
./scripts/gitlab_api.sh delete-file \x3Cproject-id> \x3Cfile-path> \x3Ccommit-msg> [branch]

# List directory
./scripts/gitlab_api.sh list-dir \x3Cproject-id> \x3Cdir-path> [branch]

Rate Limits

  • GitLab.com: 300 requests/minute (authenticated)
  • Self-hosted: Configurable by admin

API Reference

Full API docs: https://docs.gitlab.com/ee/api/api_resources.html

Key endpoints:

  • Projects: /api/v4/projects
  • Repository files: /api/v4/projects/:id/repository/files
  • Repository tree: /api/v4/projects/:id/repository/tree
  • Branches: /api/v4/projects/:id/repository/branches
Usage Guidance
This skill implements a straightforward GitLab API helper, but before installing you should: 1) Verify you are comfortable giving it a GitLab personal access token — create a token with the minimum scopes needed (prefer read_api or limited repo write scopes rather than full 'api' if possible). 2) Note the SKILL.md recommends storing the token in plaintext at ~/.config/gitlab/api_token; consider using an environment variable or a secrets manager instead to reduce exposure. 3) Ensure the host running the skill has curl, jq and base64 available (the registry metadata did not declare these dependencies). 4) Review and test the included scripts in a safe environment (especially write-file and delete-file commands) before allowing autonomous agent use. 5) If you expect strict provenance, ask the publisher to correct the metadata to declare the required credential and runtime binaries so the permission surface is clear.
Capability Analysis
Type: OpenClaw Skill Name: gitlab-api Version: 0.1.0 The skill bundle provides a helper script and documentation for interacting with the GitLab API. It requires a GitLab Personal Access Token, which is read from `~/.config/gitlab/api_token` or an environment variable. All `curl` commands are directed at the configured GitLab instance and perform standard repository operations (read/write files, list projects, manage branches). There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or prompt injection attempts against the agent. The requested token scopes (`api` or `read_api` + `write_repository`) are appropriate for the skill's stated purpose.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md, and the included script all align on GitLab repository operations (read/write/delete files, list projects/branches). However the registry metadata claims no primary credential and no required binaries even though the skill expects a GitLab personal access token and uses curl/jq/base64. The missing declarations are an inconsistency (likely oversight) but not evidence of malicious intent.
Instruction Scope
The SKILL.md and scripts confine themselves to interacting with GitLab APIs and local config under ~/.config/gitlab. They do not instruct reading unrelated system files or exfiltrating data to unexpected endpoints; all network calls target the configured GitLab instance. Examples and helper script consistently use the token and instance URL stored under ~/.config/gitlab or via GITLAB_TOKEN/GITLAB_URL env vars.
Install Mechanism
This is an instruction-only skill with no install spec. Nothing is downloaded or written by an installer. The helper script is included in the package; no installation mechanism risk was found.
Credentials
The skill requires a GitLab personal access token (and optionally GITLAB_URL/GITLAB_TOKEN env vars), but the registry metadata lists no required env vars or primary credential. The script also implicitly requires external binaries (curl, jq, base64) which are not declared. Requiring an API token is reasonable for the stated purpose, but the omission in metadata reduces transparency and could lead to accidental misconfiguration or credential exposure. Users should note the token is stored in plaintext at ~/.config/gitlab/api_token by the recommended steps.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide agent settings. It reads a local config file and may be run by the agent, which is normal for a connector of this type.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gitlab-api
  3. After installation, invoke the skill by name or use /gitlab-api
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Basic GitLab repository operations
Metadata
Slug gitlab-api
Version 0.1.0
License
All-time Installs 5
Active Installs 5
Total Versions 1
Frequently Asked Questions

What is GitLab API?

GitLab API integration for repository operations. Use when working with GitLab repositories for reading, writing, creating, or deleting files, listing projects, managing branches, or any other GitLab repository operations. It is an AI Agent Skill for Claude Code / OpenClaw, with 2078 downloads so far.

How do I install GitLab API?

Run "/install gitlab-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is GitLab API free?

Yes, GitLab API is completely free (open-source). You can download, install and use it at no cost.

Which platforms does GitLab API support?

GitLab API is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created GitLab API?

It is built and maintained by d1gl3 (@d1gl3); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments