Back to skill

Security audit

禅道自动报告

Security checks across malware telemetry and agentic risk

Overview

This ZenTao work-hour skill does what it claims, but it exposes live login sessions and handles credentials in ways users should review before installing.

Install only if you are comfortable granting ZenTao account access and allowing the skill to modify work-hour records. Before production use, remove zentaosid logging, require HTTPS for ZENTAO_URL, avoid /tmp/cookies.txt, restrict permissions on the .env file, and prefer a scoped token or dedicated account where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script prints a freshly obtained Zentao session ID to stdout immediately after re-login. Session identifiers are bearer tokens; anyone with access to terminal output, logs, chat transcripts, or orchestration traces could reuse the token to impersonate the user and access or modify Zentao data.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script prints the freshly obtained zentaosid session identifier to stdout, exposing a live authenticated session token. In agent, terminal, CI, or log-collection environments, this can be captured by other users or systems and reused to impersonate the user against ZenTao.

Missing User Warnings

High
Confidence
99% confidence
Finding
This is a true secret-disclosure issue: the code emits the live zentaosid token in plain text. In an agent skill context, stdout is often captured by the host platform, making the leak more dangerous because the token may be stored centrally, exposed to other operators, or returned to end users.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script reads ZenTao credentials from a local file and automatically transmits them during login, but there is no user-facing disclosure, consent boundary, or transport validation visible in the script. In an agent skill context, silent credential use increases the risk of unintended secret handling, especially if `ZENTAO_URL` is misconfigured to a non-HTTPS or attacker-controlled endpoint.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script stores authentication cookies in `/tmp/cookies.txt`, a predictable shared path that may be readable, replaceable, or raceable by other local users or processes depending on system configuration. This can expose or corrupt the ZenTao session, enabling session theft or misuse on multi-user systems.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
A sensitive session identifier is emitted in cleartext without masking or warning. Because this skill is designed for automated use, stdout may be persisted in transcripts, agent memory, shell history proxies, or centralized logs, making session theft substantially easier.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script prints the fresh zentaosid session identifier to stdout, which can be captured by terminal logs, CI logs, shell history wrappers, or other monitoring systems. Anyone who obtains that session cookie may be able to impersonate the user against ZenTao until the session expires or is invalidated.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.