Skillv1.1.0

ClawScan security

禅道MCP agent pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 12, 2026, 11:41 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and install behavior match its ZenTao integration purpose, but lack of a verifiable source/homepage for the npm package and missing declarations about credential storage create notable trust concerns.
Guidance: This skill appears to do what it says (ZenTao task dashboard, create tasks, log effort, etc.), but exercise caution before installing: 1) Verify the npm package source and maintainer (look up @chenish/zentao-mcp-agent on the npm registry, inspect its repository and recent commits). 2) Prefer installing in a sandbox or VM first; review the package contents (especially any code that runs on install or creates binaries). 3) Understand where credentials will be stored — avoid supplying privileged admin credentials unless you trust the publisher. 4) If possible, create a limited ZenTao account (least privilege) for the integration. 5) If you need higher confidence, ask the publisher for a repository link, a published changelog, or a signed release; providing those would increase my confidence and could change the verdict to benign.

Review Dimensions

Purpose & Capability: okName/description, CLI examples, and LLM tool calls (getDashboard, createTask, addEstimate, etc.) are coherent for a ZenTao management assistant — the declared npm package and created binaries (zentao-mcp, zentao-cli) are consistent with the described capabilities.
Instruction Scope: noteSKILL.md instructs the agent to call specific tools and to use the CLI for login and operations — instructions stay within the stated purpose (querying, creating tasks, logging effort, state transitions, extracting links). It also references team caches and local 'team save' state: the skill will read/write local CLI configuration/state, which is reasonable but not explicitly declared.
Install Mechanism: concernInstall is via an npm package (@chenish/zentao-mcp-agent) that creates CLI binaries. Using npm is normal for a CLI, but the skill metadata provides no homepage/source repository or publisher information. Without a verifiable upstream (repo, homepage, or known maintainer), installing unknown npm code that creates binaries is a higher-risk operation.
Credentials: concernThe skill declares no required env vars, but runtime instructions require logging in with a ZenTao account (zentao-cli login --url ... --account <账号> --pwd <密码>) and imply local caching of team lists/credentials. Requesting user ZenTao credentials is expected for this integration, but the skill does not document where/how credentials and tokens are stored, nor does it declare any required config paths — this opacity raises a proportionality/credential-handling concern.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does create CLI tooling that may persist configuration locally (team cache, login tokens), which is expected for a CLI helper but not over-privileged relative to its purpose.