74
/ 100
1 month ago
npm

efficient-gitlab-mcp-server

Production-ready GitLab MCP Server with progressive disclosure pattern

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
172 tools verified — handlers match their declared behaviour
90 read-only tools verified — handlers contain no write/delete/exec
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 1 credential: GITLAB_PERSONAL_ACCESS_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configENABLE_DYNAMIC_API_URLNo false Allow dynamic GitLab URLs
configGITLAB_ALLOWED_PROJECT_IDS"": "12345,67890,123"
configGITLAB_API_URL"": "https://gitlab.com"
configGITLAB_CA_CERT_PATH
configGITLAB_GRAPHQL_URL
configGITLAB_IS_OLDNo false For older GitLab instances
🔐 secretGITLAB_PERSONAL_ACCESS_TOKEN"": "glpat-xxxxxxxxxxxxxxxxxxxx",
configGITLAB_PROJECT_ID"": "12345"
configGITLAB_READ_ONLY_MODE"": "true"
configGITLAB_USE_OAUTH
configHOSTNo 127.0.0.1 HTTP server host
configHTTPS_PROXY
configHTTP_ALLOWED_HOSTSNo localhost,127.0.0.1 Allowed Host headers
configHTTP_ALLOWED_ORIGINSNo (any) Allowed Origin headers
configHTTP_ENABLE_DNS_REBINDING_PROTECTIONNo true Enable DNS rebinding attack protection
configHTTP_PROXY
configLOG_FORMATNo pretty json, pretty
configLOG_LEVELNo info debug, info, warn, error
configMAX_REQUESTS_PER_MINUTENo 60 Rate limit per session
configMAX_SESSIONSNo 1000 Maximum concurrent sessions
configPORTNo 3002 HTTP server port
configREMOTE_AUTHORIZATIONNo false Enable remote auth
configSESSION_TIMEOUT_SECONDSNo 3600 Session timeout
configSSENo false Enable SSE transport
configSTREAMABLE_HTTPNo false Enable HTTP transport
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/efficient-gitlab-mcp-server-8877a6)](https://m8ven.ai/mcp/efficient-gitlab-mcp-server-8877a6)
commit: 4b028179e6cfc91d7ba319e9866591e0e5080363
code hash: 5dc6736bb91329ca151e9946913193fdec6eac692ee0b1850a611302defe9208
verified: 6/6/2026, 9:43:43 AM
view raw JSON →