禅道自动报告
Security checks across malware telemetry and agentic risk
Overview
This skill is purpose-aligned for logging ZenTao work hours, but it exposes session credentials in outputs/temp files and includes an unsafe shell fallback that can execute crafted input.
Only install this if you are comfortable giving the skill ZenTao account access. Review each proposed work-hour entry before confirmation, and consider fixing or removing the session-ID logging, /tmp cookie use, and unsafe shell matcher before using it with real credentials.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user confirms the wrong task, date, or hours, ZenTao records could be changed incorrectly.
The skill is explicitly designed to submit work-hour records to ZenTao after confirmation. This is purpose-aligned, but it is still a mutating account action.
向用户确认:匹配结果是否正确 ... 确认后自动记录工时 ... 调用 `recordworkhour` 接口提交
Before allowing submission, verify the task ID/name, date, consumed hours, work description, and computed remaining hours.
A ZenTao session ID can act like a logged-in session; exposing it could let someone with access to logs or the temp file reuse the session.
The script stores the ZenTao session cookie in a predictable /tmp path and prints the active session ID to stdout, where it may enter agent logs or transcripts.
curl -c /tmp/cookies.txt ... ZENTAO_SID=$(grep 'zentaosid' /tmp/cookies.txt | tail -1 | awk '{print $7}')
echo ">>> Got fresh zentaosid: $ZENTAO_SID"Do not print session IDs, use a private temporary cookie jar with restrictive permissions, clean it up after use, and prefer scoped tokens or safer authentication storage.
A maliciously crafted work description could cause unintended local Python code execution if the shell matching path is invoked.
The user-provided description is interpolated into Python source code instead of being passed as data. A crafted description containing Python string delimiters could break out of the string when the shell script is used.
python3 -c "
...
user_desc = '''$USER_DESC'''.lower()
..." $MATCH_FLAGRemove this shell fallback or pass the description through argv/environment and read it with sys.argv; do not construct executable code from user input.