GitLab Zero-Leak MCP

MCPOpen Source11.5

by JerryR7 • Identity & Access

A security-hardened MCP server for GitLab that prevents source-code leakage by disabling read handlers by default and providing allowlist-based controlled read access for LLM agents like Claude Desktop.

Example Use Cases

1
Perform write operations on GitLab (create/update files, push commits, create branches, merge requests, and issues) while ensuring no arbitrary source-code reads occur.
2
Integrate with Claude Desktop or other LLM-based agents to manage repositories securely with audit logging and a zero-read default policy.
3
Controlled, allowlist-limited read access to specific public or documentation projects while blocking read access to all other repositories.

Description

This MCP server wraps the GitLab API with a zero-read default policy, disabling sensitive handlers (e.g., get_file_contents) and enabling environment-driven configuration for allowed read operations. It supports common repository operations (create/update files, push commits, branches, merge requests, issues, forks) while enforcing project-level allowlists and comprehensive audit logging. The project is Dockerized for local/self-hosted deployment and is designed for safe integration with Claude Desktop and other LLM-based agents. Recommended practices and environment variables are documented to minimize token and exposure risk.

Quick Actions

View on GitHub

Security

Scanned 2 month(s) ago

Risk Level

MINIMAL

Read-only data retrieval, no side effects

Trust Score

D46/100

8/17 checks passed

Scores are informational only and provided “as is” without warranty. AgentHotspot assumes no liability for actions taken based on these ratings.

Quick Stats

Service TypeMCP

Pricing ModelFree

Capabilities0 Tools / 0 Prompts / 0 Resources

OwnerJerryR7

CategoryIdentity & Access

DependenciesStandalone