← All tools

@zereight/mcp-gitlab

MCP

MCP server for using the GitLab API

v2.0.24 MIT Tested 8 Feb 2026
3.0
Security gate triggered — critical vulnerabilities found. Overall score capped at 3.0.

Dimension scores

Security 3.0
Reliability 6.0
Agent usability 4.0
Compatibility 8.0
Code health 8.0

Compatibility

Framework Status Notes
Claude Code
OpenAI Agents SDK ~ Complex nested schemas may require flattening for OpenAI function calling, Some GitLab-specific types (like flexibleBoolean preprocessing) may not translate cleanly, Large schemas (101KB schemas.ts) could hit OpenAI's function definition limits
LangChain Minor: State management in client pool may require careful wrapping as stateless LangChain tools

Security findings

CRITICAL

Command injection vulnerability in test file execution

test/test-merge-request-approvals.ts spawns child process with spawn('node', [serverPath]) using user-controlled environment variables without validation. GITLAB_API_URL is passed directly to spawn without sanitization (line: spawn('node', [serverPath], { env: { ...process.env, GITLAB_PERSONAL_ACCESS_TOKEN: GITLAB_TOKEN, GITLAB_API_URL } }))

CRITICAL

Unvalidated URL construction allows SSRF

index.ts constructs GitLab API URLs from X-GitLab-API-URL header without validation. Line in gitlab-client-pool.ts: const url = new URL(apiUrl) with apiUrl from user input. Dynamic API URL feature (ENABLE_DYNAMIC_API_URL) allows arbitrary URLs from X-GitLab-API-URL header

CRITICAL

Credential exposure in error messages

gitlab-client-pool.ts line 44: console.error(`Failed to read CA certificate from ${caCertPath}:`, error) exposes filesystem paths in error output. Multiple test files log full error objects containing tokens

HIGH

Insufficient input validation on project_id parameter

schemas.ts defines project_id as z.string() or z.number().int() with no length limits or format validation. Used directly in URL construction: `/projects/${encodeURIComponent(PROJECT_ID)}` in test files without additional validation

HIGH

No rate limiting on connection pool

gitlab-client-pool.ts GITLAB_POOL_MAX_SIZE defaults to unlimited if not set. Line 73: if (this.options.poolMaxSize !== undefined && this.clients.size >= this.options.poolMaxSize) only checks if defined, allowing DoS via connection exhaustion

HIGH

Insecure SSL/TLS verification can be disabled globally

gitlab-client-pool.ts line 38: if (rejectUnauthorized === false) { sslOptions.rejectUnauthorized = false } allows disabling certificate validation, enabling MITM attacks

MEDIUM

Verbose error messages leak internal structure

MEDIUM

Session timeout not enforced by default

MEDIUM

Missing authorization checks in tool schemas

Reliability

Success rate

72%

Calls made

100

Avg latency

450ms

P95 latency

1200ms

Failure modes

  • Missing or invalid authentication tokens return 401 errors but may not be caught gracefully in all code paths
  • Pool exhaustion (GITLAB_POOL_MAX_SIZE) throws errors but clients receive generic 'Server capacity reached' messages without retry guidance
  • Dynamic API URL validation failures (invalid URL format) may cause connection attempts to hang or fail with network timeouts
  • GitLab API rate limiting not explicitly handled - will propagate HTTP 429 errors without retry logic
  • Concurrent requests to multiple GitLab instances may overwhelm connection pool, causing timeout failures
  • Schema validation errors (flexibleBoolean preprocessing) may silently coerce invalid inputs instead of rejecting them
  • Large responses (merge request diffs, project lists) have no size limits and could cause memory issues
  • Network timeouts on HTTP requests not explicitly configured - relies on default Node.js timeouts
  • Certificate validation errors (rejectUnauthorized, custom CA) fail with cryptic SSL errors
  • Session timeout in remote auth mode expires silently - clients may get 401 on next request without clear indication
  • Proxy configuration errors (SOCKS, HTTP/HTTPS proxy) fail during agent creation with unclear error messages
  • Missing required parameters sometimes return validation errors, other times null/undefined propagation
  • File path regex filtering (excluded_file_patterns) fails silently on invalid regex - returns unfiltered results

Code health

License

MIT

Has tests

Yes

Has CI

No

Dependencies

52

Well-maintained MCP server for GitLab API integration. Strong documentation with comprehensive README (24KB), detailed CHANGELOG (48KB), and setup guides for OAuth and dynamic API URLs. TypeScript codebase with proper types (customSchemas.ts, schemas.ts). Extensive test coverage across multiple transport modes (stdio, SSE, streamable-http) with dedicated test clients and mock server infrastructure. Docker support with compose configuration. Published to npm as @zereight/mcp-gitlab. No CI configuration detected (.github/workflows absent). Code includes proper error handling, logging (pino), connection pooling, and proxy support. Recent version 2.0.24 suggests active maintenance. Dependency analysis requires runtime inspection. Some test infrastructure complexity may indicate evolving architecture. Overall: production-ready with strong engineering practices.

View source on GitHub →