ClawHub

Zentao API Skills(禅道 API 技能)

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This ZenTao API skill is purpose-aligned, but it should be reviewed because it can broadly change business data and handles long-lived credentials in unsafe local shell/cache patterns.

Install only if you are comfortable granting this skill ZenTao access for the operations you request. Use a least-privilege ZenTao account or scoped token, avoid running the raw eval helper until it safely quotes output, protect or disable ~/.zentao-token.json, and carefully review any create, update, delete, or status-change action before execution.

Publisher note

推荐使用更好的 ZenTAO CLI 技能(https://clawhub.ai/catouse/zentao-cli)

SkillSpector (7)

By NVIDIA

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to execute shell commands (`bash`, `eval`, `curl`, `rm`) but does not declare shell capability or permissions. This creates a transparency and control gap: reviewers and runtime policy may underestimate the skill's ability to run commands that access credentials, network resources, and the local filesystem.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is broad enough to match generic project-management requests such as querying progress, bugs, or tasks, even when the user did not ask to use ZenTao. That can cause the agent to invoke this skill in the wrong context and send enterprise project data or credentials to a configured ZenTao instance unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document exposes a broad set of destructive and state-changing endpoints such as DELETE, close, activate, resolve, and change operations, but provides no guardrails about confirmation, authorization scope, or the fact that these actions can permanently alter system state. In an agent skill context, this omission is dangerous because an LLM-driven agent may treat these operations as routine and execute high-impact writes or deletions from ambiguous user requests without adequate warning or user confirmation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The login section instructs clients to send account credentials and then use a bearer-like token, but does not warn that passwords and tokens are highly sensitive secrets that must not be logged, echoed, stored insecurely, or exposed in prompts. In an agent environment, this raises the risk of credential leakage through conversation history, debug logs, traces, or downstream tools, potentially enabling full compromise of the ZenTao instance.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persists the ZenTao API token to ~/.zentao-token.json so later invocations can authenticate without prompting again, but it does not set restrictive file permissions or provide a clear runtime warning before storing a long-lived credential. If the host is multi-user, backed up, or otherwise accessible, another local process or user could recover the token and gain API access for as long as the token remains valid.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill directs persistence of the server URL, token, and account details into `~/.zentao-token.json` for reuse. Storing long-lived authentication material in a predictable plaintext local file increases exposure to local compromise, accidental leakage, cross-skill reuse, and stale-token abuse.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- **PUT 编辑接口**:先 GET 详情获取当前完整数据,再将用户修改的字段覆盖进去一并提交
- **状态流转操作** (resolve/close/activate/start/finish/change) 通常有独立的必填字段,不需要先 GET 详情
- 写操作前向用户确认,用户明确要求不确认则直接执行
- 401 响应表示 token 已失效,执行 `rm ~/.zentao-token.json` 清除缓存后重新运行
- **字段名不一致注意**:POST builds 用 `executionID`,PUT builds 用 `execution`;PUT testcases 的模块字段为 `moudule`(规范中的拼写)

## 完整 API 参考
Confidence
83% confidence
Finding
rm ~/

Static analysis

No static analysis findings were reported for this release.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal