Zentao API Skills(禅道 API 技能)
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a mostly coherent ZenTao API helper, but its authentication helper uses unsafe shell eval and persists long-lived credentials in a way users should review first.
Before installing, review or fix scripts/get-token.sh so it does not require unsafe eval, and decide whether local token caching is acceptable. Use a least-privilege ZenTao account, verify the active server/account before any write, and clear or revoke ~/.zentao-token.json when switching accounts or uninstalling.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or poisoned ZenTao URL, account, token, or cache file could run shell commands in the user's agent environment.
The helper is intended to be eval'ed, but it emits unescaped shell assignments from cache, environment, or API-derived values. If any value contains shell metacharacters or command substitution syntax, eval can execute unintended commands.
# 用法:eval "$(bash get-token.sh)" ... echo "ZENTAO_URL=${url}" ... echo "ZENTAO_TOKEN=${token}" ... echo "ZENTAO_ACCOUNT=${account}"Avoid eval for this flow, or emit safely shell-escaped values with strict validation. Prefer JSON output parsed by the caller, or use a trusted credential-loading mechanism.
A stale, exposed, or modified cache could cause the agent to use the wrong ZenTao account/server or leak a reusable token to local readers.
The script persists a long-lived token in a predictable local file and later trusts that file to set connection state. The artifact does not show restrictive file mode, expiry, or cache validation.
CACHE_FILE="${HOME}/.zentao-token.json" ... # 缓存文件 ~/.zentao-token.json 保存 token、url、account ... # 注:禅道 token 永久有效 ... fs.writeFileSync(cachePath, JSON.stringify({ token, url, account }, null, 2));Store tokens in a secure credential store or write the cache with restrictive permissions, validate cached fields, provide expiry/revocation guidance, and make cache reuse explicit.
A user may set a new token expecting it to override the cache, but the agent could silently continue using a cached token for another account or server.
The helper script gives the cache higher priority than environment variables, while SKILL.md describes ZENTAO_TOKEN as the highest-priority direct token. This inconsistency can mislead users about which credential will be used.
# 获取禅道 API 调用所需的 URL、token 和用户名,按优先级:缓存文件 > 环境变量 > 账号密码登录。
Align the implementation with the documented precedence, display the active server/account before writes, and provide a clear no-cache or cache-clear workflow.
The agent can read or change ZenTao data to the extent allowed by the supplied account or token.
The skill needs delegated ZenTao credentials and uses the token for all business API calls. This is expected for the stated integration, but it grants the agent the privileges of that ZenTao account.
`ZENTAO_TOKEN` | 直接指定 token ... `ZENTAO_ACCOUNT` | 登录账号 ... `ZENTAO_PASSWORD` | 登录密码 ... 后续所有请求 Header 携带:`token: $ZENTAO_TOKEN`
Use a least-privilege ZenTao account/token, avoid admin credentials where possible, and revoke or delete cached credentials when no longer needed.
If the user confirms the wrong request or IDs are ambiguous, the agent could alter or delete important business records.
The skill exposes broad create, update, delete, and status-change operations, including user and file operations. It does instruct confirmation for writes, so this is purpose-aligned but high-impact.
覆盖...用户、文件等 20 个模块的增删改查及状态流转操作 ... 构造请求(方法、URL、Header、Body)并向用户确认写操作内容
Require explicit confirmation of object IDs, target server, account, and payload before any POST/PUT/DELETE operation; prefer read-before-write previews.
Users may not realize before installation that the skill depends on local command execution and ZenTao credentials.
The registry metadata under-declares runtime needs that SKILL.md and scripts/get-token.sh document, including curl, node, and ZenTao credential variables.
Required binaries (all must exist): none ... Required env vars: none ... Primary credential: none
Declare curl/node and the ZenTao credential configuration in metadata so users can make an informed install decision.