Manage GitLab projects, merge requests, issues, and pipelines in one place.
This MCP tool is a typical GitLab integration that requires credentials and accesses remote GitLab APIs for project and collaboration resources. Its source appears relatively trustworthy and open for audit, with no clear malicious red flags, but it should still be treated with caution due to code execution, possible write actions, and configurable TLS behavior.
It requires sensitive credentials or auth material such as GITLAB_PERSONAL_ACCESS_TOKEN, GITLAB_JOB_TOKEN, or an auth cookie path. These can represent a user or CI job against GitLab resources, so exposure may allow reading or acting on projects, merge requests, issues, or pipelines. This is consistent with the tool’s purpose, but least-privilege configuration is important.
No fixed remote host is listed, but the tool can connect to a configured GitLab API via GITLAB_API_URL and send queries, project metadata, and action requests to that endpoint. This egress is aligned with the stated functionality and is typical for such integrations; however, setting NODE_TLS_REJECT_UNAUTHORIZED to disable certificate verification would weaken transport security.
The system flags that it executes code/spawns processes. For an MCP tool, this is a normal capability, but it means local Node-side logic will run and process external inputs. The material does not show requests for extra system privileges unrelated to GitLab integration, so caution is more appropriate than risk.
By description, it can access GitLab projects, merge requests, issues, pipelines, wiki, releases, and more. The presence of GITLAB_READ_ONLY_MODE, GITLAB_ALLOWED_PROJECT_IDS, and tool allow/deny controls suggests the default capability may include non-read-only actions, but the scope can be constrained. Local data access appears mainly limited to reading an auth cookie and CA certificate path, with no clear indication of excessive local file permissions.
It comes from an official registry and has a public GitHub repository with updates within the last year, which materially lowers supply-chain risk through openness and some maintenance activity. However, the README is absent, the license is undeclared, and community adoption is minimal (0 stars), so caution is still the more prudent rating.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "io.github.zereight/gitlab-mcp" MCP server from askskill: Run: claude mcp add 'io-github-zereight-gitlab-mcp' -- npx -y @zereight/mcp-gitlab
Manage GitLab projects, merge requests, pipelines, and related DevOps workflows.
Lets AI read and manage GitLab projects, MRs, issues, and pipelines.
Automate issue-driven GitLab development from analysis to branching, coding, and merge requests.
Connect AI to GitLab for managing projects, issues, merge requests, and files.
Search code, read files, and manage GitLab projects via API.
Manage GitLab repositories, merge requests, issues, and pipelines using natural language.