功能描述

当需要审核 GitLab 合并请求、检查 MR diff 风险、发布 GitLab 审查评论、执行 approve/request changes，或发送 MR 审查通知时使用。

使用说明 (SKILL.md)

\r \r

GitLab MR Reviewer\r

Name: gitlab-mr-reviewer
Author: whrime

\r GitLab MR 审查调度层技能。只定义触发条件、执行顺序、硬规则和失败回退；命令细节与长参考统一放到 references/。\r \r

适用场景\r

\r

用户明确提到 GitLab MR 审查，例如：审核 MR #42、检查合并请求 42\r
需要对 MR 发布行内评论、总结评论、approve 或 request changes\r
需要在审查后发送飞书通知\r
需要对 MR 做静态分析或 AI 深审（在配置允许时）\r \r

不适用场景\r

\r

GitHub PR 审查（非 GitLab）\r
纯本地代码评审且用户明确不希望与 GitLab 交互\r
缺少最小配置且用户不希望先做初始化\r \r

执行前检查清单（Preflight）\r

\r 执行前必须确认（配置优先从 reviewer.config.json 读取，其次才是环境变量）：\r \r

工具可用：git、glab、python\r
配置齐全：gitlab.projectId、review.repoPath、gitlab.defaultBaseBranch\r
主机格式一致：gitlab.host 统一使用主机名（例如 gitlab.example.com，不带协议）\r
已认证：glab auth status 可通过，或存在有效 GITLAB_TOKEN\r
当前任务目标明确：仅审查 / 审查并评论 / 审查并通知 / approve\r
配置读取来源：统一以 reviewer.config.json 为准（不要依赖环境变量回填）\r \r 缺少最小配置时，先停下并向用户追问，不得猜测 project id、host、repo path。\r \r

核心工作流\r

\r

同步仓库：进入 REVIEW_REPO_PATH 并执行 git fetch --all --prune\r
切换 MR：优先 glab mr checkout \x3CMR_ID>\r
运行分析：执行 scripts/mr_analyzer.py 生成 JSON 结果\r
生成结论：根据严重级别与置信度，得出 approve 或 request_changes\r
发布评论：\r
- 有有效文件与行号 -> scripts/gitlab_inline_commenter.py\r
- 无法定位行号 -> 回退为 MR 总结评论\r
需要通知时：执行 scripts/feishu_notifier.py\r \r

Webhook 触发语义（强制）\r

\r

任何 System Hook GitLab / webhook 自动触发，默认等价于：审核 MR #\x3Cid> 并通知飞书\r
webhook 触发不是“仅分析”模式，必须执行完整闭环：\r
1. 完成 MR 审查并生成结论 \r
2. 发布 GitLab 审查结果（优先行内评论，失败回退总结评论） \r
3. 发送飞书通知 \r
4. 返回发送回执（gitlab_publish / feishu_notify 的 success|fail 与失败原因）\r
不允许只输出审查结论而不执行发送动作\r
飞书配置缺失时必须显式报错，不允许静默跳过\r
GitLab 发布必须走脚本 API 路径（scripts/gitlab_inline_commenter.py），不要直接用终端文本粘贴 glab mr note\r
同一次 webhook 任务只允许 1 条总结评论，禁止重复发布\r
发布文本必须是 UTF-8 中文可读，禁止乱码评论\r \r

硬规则\r

\r

永远先静态分析，再决定是否做 AI 深审\r
审查结论、行内评论、总结报告必须使用中文\r
允许简化的是 skill 的表达风格，不允许简化审查结果与报告结构\r
不泄露任何 secret（如 GITLAB_TOKEN、FEISHU_WEBHOOK_URL）\r
confidence \x3C 0.6 不下结论，改为提问式评论\r
单个问题只评论一次，避免重复刷屏\r
行号缺失或定位失败时，必须降级为 summary note\r
大 MR 优先审查高风险文件，不做无边界全量深审\r
检测到 notifications.feishuWebhookUrl 已配置时，默认执行飞书通知；除非用户明确要求不通知\r
webhook 自动触发时，默认执行 GitLab 发布 + 飞书通知；除非用户在指令中明确禁止\r \r

失败回退顺序（必须按顺序）\r

\r

glab mr checkout 失败 -> 检查 glab version、认证、host\r
仍失败 -> 使用 git fetch origin merge-requests/\x3CMR_ID>/head:mr-\x3CMR_ID> + git checkout\r
mr_analyzer.py 显示无 diff -> 校验 base 分支与当前 HEAD\r
行内评论发布失败 -> 回退到 MR 总结评论（Overview）\r
AI 上下文超限 -> 仅审查 review_order 前 N 个高风险文件\r
证据不足 -> 停止断言并向作者提问\r \r

输出契约\r

\r

mr_analyzer.py 输出是后续评论/通知的事实来源\r
至少保证字段：verdict、score、findings、severity_counts\r
findings 中 file 或 line 缺失时，不发送行内评论\r
审查结论只允许：approve、request_changes、block\r \r

最小示例\r

\r

示例 1：审核 MR\r

\r 输入：审核 MR #42\r \r 动作：preflight -> checkout -> analyzer -> 评论总结 -> 给出结论\r \r

示例 2：审核并通知\r

\r 输入：审核 MR #42 并通知飞书\r \r 动作：示例 1 全流程 + feishu_notifier.py\r \r

示例 3：通过 MR\r

\r 输入：通过 MR #42\r \r 动作：仅在无阻塞问题时执行 glab mr approve 42；否则改为 request changes 并解释原因\r \r

参考文档\r

\r

运行配置：reviewer.config.json\r
GitLab 命令与发布流程：references/gitlab_review_workflow.md\r
审查清单：references/mr_review_checklist.md\r
AI 审查提示词：references/review_prompts.md\r

安全使用建议

Key things to check before installing or running this skill: - Credentials and config: reviewer.config.json references ${GITLAB_TOKEN}, ${FEISHU_WEBHOOK_URL}, ${OPENCLAW_HOOK_TOKEN}, and ${GITLAB_WEBHOOK_SECRET}. Although the registry lists no required env vars, the scripts will need these values to function. Provide them only in a trusted environment and avoid embedding secrets in plain files checked into repos. - Configuration defaults: reviewer.config.json contains an internal gitlab host, projectId and a default OpenClaw gateway (127.0.0.1:18789). Verify and replace these defaults to your own endpoints before use. - Webhook behavior: webhook_listener is opinionated — it forces a full publish+Feishu notify flow for webhook triggers and will POST to the configured OpenClaw gateway (including an Authorization Bearer token). If you don't want automatic posting/commenting/notifications, adjust reviewer.config.json (or disable the listener) and test with dry-run modes. - Secrets handling mismatch: SKILL.md prefers config file over env, but context_config will fall back to env vars and will silently expand ${ENV} to empty string if missing. Test failure modes and ensure you don't unintentionally leak tokens into logs or comments. - Test in a safe environment: run scripts in dry-run mode (gitlab_inline_commenter supports --dry-run) against a non-production project to confirm actual API calls and messages. Review what the skill will post to GitLab/Feishu and ensure it won't spam or publish secrets. - Audit network endpoints: confirm the Feishu webhook and OpenClaw gateway URLs are correct, and limit network exposure. If you don't use OpenClaw, remove or disable webhook_listener to avoid unnecessary outbound calls. If you want, I can list the exact places in files where each credential/endpoint is referenced and suggest minimal changes to make required envs explicit in the skill metadata and to fail fast (rather than silently) when secrets are missing.

功能分析

Type: OpenClaw Skill Name: gitlab-mr-reviewer Version: 1.0.3 The skill bundle provides a functional GitLab Merge Request review automation system, but it is classified as suspicious due to a prompt injection vulnerability in 'webhook_listener.py'. This script embeds untrusted, user-controlled data (such as the MR title and author name) directly into the instructions sent to the AI agent without sanitization, which could allow an attacker to influence the agent's behavior via a malicious Merge Request. While the scripts ('mr_analyzer.py', 'gitlab_inline_commenter.py', 'feishu_notifier.py') appear to serve their stated purpose and use standard APIs, the lack of input validation on the webhook-triggered prompt creates a significant attack surface for indirect prompt injection.

能力标签

cryptocan-make-purchasesrequires-oauth-tokenrequires-sensitive-credentials

能力评估

⚠ Purpose & Capability

Name/description match the included scripts: mr_analyzer.py, gitlab_inline_commenter.py, feishu_notifier.py and webhook_listener.py implement MR analysis, posting to GitLab, and sending Feishu notifications — this is coherent. Concern: registry metadata lists no required env vars/credentials, yet reviewer.config.json and code reference GITLAB_TOKEN, FEISHU_WEBHOOK_URL, OPENCLAW_HOOK_TOKEN and GITLAB_WEBHOOK_SECRET. Also reviewer.config.json contains a concrete internal host and projectId by default, which may be surprising and deserves scrutiny.

⚠ Instruction Scope

SKILL.md prescribes reading reviewer.config.json and running local tools (git, glab, python) and scripts to post comments and notifications. It enforces that webhook triggers must perform full publish+notify flows (including Feishu). However SKILL.md states configuration priority should be reviewer.config.json and says 'don't rely on env', while the code (context_config.resolve_value) will fall back to environment variables — an inconsistency that could cause silent credential usage. The webhook_listener will POST payloads to an OpenClaw gateway URL and requires a hook token — this network triggering is within purpose but expands the attack surface (able to wake/drive agents via configured gateway).

✓ Install Mechanism

There is no install spec (no packages downloaded or extracted). The skill is delivered as scripts and reference docs only. This is lower install risk, but the included Python scripts will perform network calls when run.

⚠ Credentials

Although the registry says 'required env vars: none', the code and reviewer.config.json reference the following sensitive values: GITLAB_TOKEN (used as PRIVATE-TOKEN for GitLab API), FEISHU_WEBHOOK_URL (outbound webhook), OPENCLAW_HOOK_TOKEN / OPENCLAW_GATEWAY_URL (authorization to trigger an OpenClaw gateway/agent), and GITLAB_WEBHOOK_SECRET (to validate incoming webhooks). These are reasonable for the claimed functionality, but the mismatch between declared requirements and actual usage is problematic: secrets may be required at runtime and the code will silently expand ${ENV} references to empty strings if unset, potentially causing failures or accidental behavior. The config also contains default values pointing to internal hosts which may be unintended.

ℹ Persistence & Privilege

always:false (not force-included). The webhook listener is designed to run as a persistent HTTP server and will trigger the OpenClaw gateway (potentially invoking other agents) using a bearer token. That is expected for a webhook bridge, but it increases blast radius if the gateway URL/token are misconfigured or leaked. No code modifies other skills' configs, but the ability to call a gateway is a privilege to be granted deliberately.

版本历史

v1.0.3

修改中文审查

v1.0.2

更换为json

v1.0.1

修复了文件过于繁琐的问题

v1.0.0

Initial release of gitlab-mr-reviewer: automated end-to-end code review workflow for GitLab Merge Requests. - Automates repository cloning, MR syncing, checkout, analysis, and review comment posting using git and glab CLI. - Runs static code analysis on MR diffs and generates structured feedback. - Supports posting detailed inline comments and summary notes directly to the GitLab MR. - Sends post-review notifications via Feishu webhook or email (SMTP), with sample commands provided. - Includes guidance for handling authentication, self-hosted GitLab instances, and version/tool prerequisites.

元数据

Slug gitlab-mr-reviewer

版本 1.0.3

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题

gitlab-mr-reviewer 是什么？

当需要审核 GitLab 合并请求、检查 MR diff 风险、发布 GitLab 审查评论、执行 approve/request changes，或发送 MR 审查通知时使用。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 202 次。

如何安装 gitlab-mr-reviewer？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install gitlab-mr-reviewer」即可一键安装，无需额外配置。

gitlab-mr-reviewer 是免费的吗？

是的，gitlab-mr-reviewer 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

gitlab-mr-reviewer 支持哪些平台？

gitlab-mr-reviewer 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 gitlab-mr-reviewer？

由 whrime（@whrime）开发并维护，当前版本 v1.0.3。

gitlab-mr-reviewer