← 返回 Skills 市场
433
总下载
0
收藏
2
当前安装
5
版本数
在 OpenClaw 中安装
/install glab
功能描述
Manage GitLab projects from the command line: create, review, merge MRs; manage issues; monitor and trigger CI/CD; support self-hosted instances and automation.
使用说明 (SKILL.md)
GitLab CLI (glab)
Official CLI for GitLab. Manage issues, merge requests, pipelines, and more from the terminal.
Source: Inspired by NikiforovAll/glab-skill on Smithery.
⚠️ Security Notice
The glab api command provides unrestricted GitLab API access with your token.
- A compromised or overly-permissive token can delete projects, modify settings, expose secrets
- Recommendation: Use tokens with minimal scopes:
read_api- Read-only operationsapi- Full access (only when write operations needed)
- For automation, consider project-level tokens with limited scope
- Never use tokens with
sudoscope unless required
Prerequisites
Required binaries:
glab- GitLab CLIjq- JSON processor (for scripts and API parsing)
Required credentials:
GITLAB_TOKEN- GitLab personal access token
Optional configuration:
GITLAB_HOST- Self-hosted GitLab instance (default: gitlab.com)
# Verify installation
glab --version
jq --version
# Authenticate (interactive)
glab auth login
# Or via environment
export GITLAB_TOKEN="glpat-xxxxxxxxxxxxxxxxxxxx"
export GITLAB_HOST="gitlab.example.org" # for self-hosted
# Verify auth
glab auth status
Quick Reference
Merge Requests:
glab mr create --title "Fix" --description "Closes #123"
glab mr list --reviewer=@me # MRs awaiting your review
glab mr checkout 123 # Test MR locally
glab mr approve 123 && glab mr merge 123
Issues:
glab issue create --title "Bug" --label=bug
glab issue list --assignee=@me
glab issue close 456
CI/CD:
glab ci status # Current pipeline status
glab pipeline ci view # Watch pipeline live
glab ci lint # Validate .gitlab-ci.yml
glab ci retry # Retry failed pipeline
Working Outside Repo:
glab mr list -R owner/repo # Specify repository
Advanced API Access:
See references/api-advanced.md for glab api usage. This command enables arbitrary GitLab API calls and should be used with appropriately-scoped tokens.
Core Workflows
Create and Merge MR
# 1. Push branch
git push -u origin feature-branch
# 2. Create MR
glab mr create --title "Add feature" --description "Implements X" --reviewer=alice,bob --label="enhancement"
# 3. After approval, merge
glab mr approve 123
glab mr merge 123 --remove-source-branch
Review MR
# List MRs for review
glab mr list --reviewer=@me
# Checkout and test
glab mr checkout 123
# Approve or comment
glab mr approve 123
glab mr note 123 -m "Looks good, just one suggestion..."
Monitor Pipeline
# Watch current branch pipeline
glab pipeline ci view
# Check specific pipeline
glab ci view 456
# View failed job logs
glab ci trace
# Retry
glab ci retry
Self-Hosted GitLab
# Set default host
export GITLAB_HOST=gitlab.example.org
# Or per-command
glab mr list -R gitlab.example.org/owner/repo
Scripts
| Script | Description |
|---|---|
glab-mr-await.sh |
Wait for MR approval and successful pipeline |
glab-pipeline-watch.sh |
Monitor pipeline with exit codes for CI |
# Wait for MR to be approved and merged
./scripts/glab-mr-await.sh 123 --timeout 600
# Watch pipeline, exit 0 on success, 1 on failure
./scripts/glab-pipeline-watch.sh --timeout 300
Script environment variables:
TIMEOUT- Max wait time in seconds (default varies by script)INTERVAL- Polling interval in seconds (default 5-10s)
Troubleshooting
| Error | Fix |
|---|---|
command not found: glab |
Install glab |
command not found: jq |
Install jq |
401 Unauthorized |
Set GITLAB_TOKEN or run glab auth login |
404 Project Not Found |
Verify repo name and permissions |
not a git repository |
Use -R owner/repo flag |
source branch already has MR |
glab mr list to find existing |
For detailed troubleshooting, see references/troubleshooting.md.
Progressive Disclosure
- references/api-advanced.md -
glab apiusage with security considerations - references/commands-detailed.md - Full command reference with all flags
- references/troubleshooting.md - Detailed error scenarios and solutions
Load these when you need specific flag details or are debugging issues.
Best Practices
- Always verify auth:
glab auth status - Use minimal-scope tokens for read operations
- Link MRs to issues: "Closes #123" in description
- Lint CI config before pushing:
glab ci lint - Use
--output=jsonfor scripting - Most commands have
--webto open in browser
安全使用建议
This skill appears to be a legitimate glab (GitLab CLI) helper and the scripts are straightforward, but note two things: (1) the registry metadata does not declare the required binaries (glab, jq) or the required GITLAB_TOKEN though SKILL.md and the scripts do — treat that as a red flag in the packaging and confirm requirements before installing; (2) `glab api` can perform arbitrary API operations with your token, so only provide a token with the minimal scopes needed (prefer project-level tokens and read_api for read-only tasks). Before installing/run: inspect the two scripts locally, ensure you have glab and jq from trusted package sources (brew/apt), and never supply tokens with admin/sudo scope unless absolutely necessary. If you want to raise confidence to 'benign', ask the publisher to fix the registry metadata to list required binaries and env vars (GITLAB_TOKEN) and to confirm the install spec.
功能分析
Type: OpenClaw Skill
Name: glab
Version: 1.0.4
The OpenClaw AgentSkills skill bundle for 'glab' is classified as benign. While the underlying GitLab CLI (`glab`) is a powerful tool capable of destructive actions (especially via `glab api`), the skill's documentation (SKILL.md, references/api-advanced.md) explicitly and repeatedly warns about these capabilities and strongly recommends using GitLab tokens with minimal scopes (e.g., `read_api`). The provided scripts (`glab-mr-await.sh`, `glab-pipeline-watch.sh`) use `glab` for legitimate, read-only monitoring tasks. There is no evidence of intentional malicious behavior, data exfiltration, persistence mechanisms, obfuscation, or prompt injection attempts designed to trick the AI agent into unauthorized actions. The skill is transparent about its functionality and associated security risks, promoting secure usage.
能力评估
Purpose & Capability
The SKILL.md and included scripts clearly require the glab CLI, jq, and a GITLAB_TOKEN, and they document install via Homebrew/apt. However the registry-level requirements reported earlier list no required binaries and no required env vars — that mismatch is an incoherence: the skill legitimately needs glab/jq and a GitLab token, but the registry metadata does not declare them.
Instruction Scope
The runtime instructions and scripts stay within the stated purpose (creating/listing MRs, watching pipelines, and calling the GitLab API). The README explicitly warns that `glab api` allows arbitrary API calls and recommends minimal token scopes. The scripts call only glab and jq and do not read other system files or reach out to endpoints beyond the target GitLab instance.
Install Mechanism
No remote downloads or custom installers are present; SKILL.md suggests installing glab and jq via brew/apt (standard package managers). The registry manifest earlier claimed 'no install spec', while the skill's own metadata lists package manager install options — this inconsistency should be reconciled but the install sources themselves are low-risk (official package managers).
Credentials
The skill requires a GITLAB_TOKEN (and optionally GITLAB_HOST/TIMEOUT/INTERVAL) which is appropriate for a GitLab CLI. However the registry metadata listing no required env vars is inconsistent with SKILL.md. Also `glab api` enables unrestricted API calls: a token with overly broad scopes (api or sudo) would allow destructive or exfiltrative actions, so using minimal-scoped/project-level tokens is necessary.
Persistence & Privilege
The skill does not request always:true, does not claim to persist or modify other skills, and contains only shell scripts and documentation. It does not request elevated or system-wide privileges beyond running glab/jq commands in the user's environment.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install glab - 安装完成后,直接呼叫该 Skill 的名称或使用
/glab触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
Security: Add warnings for glab api command. Recommend minimal token scopes (read_api). Move API docs to api-advanced.md with security header.
v1.0.3
Update homepage to public GitHub repo: https://github.com/bezko/openclaw-skills/tree/main/skills/glab
v1.0.2
Add homepage URL for source verification. Repo: https://gitlab.xqqx.xyz/bezko/xicotencatl/-/tree/main/skills/glab
v1.0.1
Add proper credential/env declarations (GITLAB_TOKEN, GITLAB_HOST). Add jq to required bins. Document TIMEOUT/INTERVAL env vars for scripts.
v1.0.0
Initial release. GitLab CLI skill for managing issues, MRs, and CI/CD. Includes utility scripts for pipeline watching and MR awaiting. Inspired by NikiforovAll/glab-skill on Smithery.
元数据
常见问题
glab 是什么?
Manage GitLab projects from the command line: create, review, merge MRs; manage issues; monitor and trigger CI/CD; support self-hosted instances and automation. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 433 次。
如何安装 glab?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install glab」即可一键安装,无需额外配置。
glab 是免费的吗?
是的,glab 完全免费(开源免费),可自由下载、安装和使用。
glab 支持哪些平台?
glab 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 glab?
由 bezkom(@bezkom)开发并维护,当前版本 v1.0.4。
推荐 Skills