禅道自动报告
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s ZenTao time-reporting purpose is coherent, but it exposes reusable session cookies and includes an unsafe shell helper that can turn a work description into Python code.
Review or patch the scripts before installing. Only use this with a trusted ZenTao account, remove zentaosid/token logging, secure the ~/.config/zentao/.env file, avoid the shell matcher until its quoting bug is fixed, and manually confirm every task and hour entry before recording.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A valid session ID may appear in agent transcripts, terminal output, or logs and could let someone act as the user in ZenTao while the session is valid.
After logging in with the user’s ZenTao account/password, the preferred Python reporter prints the fresh session cookie to stdout instead of redacting it.
zentaosid = relogin(zentao_url, zentao_account, zentao_password)
print(f">>> Got fresh zentaosid: {zentaosid}")Remove session-token printing, redact debug output, and keep credentials/session material only in protected storage.
Other local processes, shared machines, or retained logs may gain access to a reusable ZenTao session cookie.
The shell reporter stores login cookies in a predictable /tmp path and then echoes the extracted session ID.
curl -c /tmp/cookies.txt "$ZENTAO_URL/user-login.html" -s > /dev/null
curl -b /tmp/cookies.txt -c /tmp/cookies.txt "$ZENTAO_URL/index.php?m=user&f=login&t=json" ...
ZENTAO_SID=$(grep 'zentaosid' /tmp/cookies.txt | tail -1 | awk '{print $7}')
echo ">>> Got fresh zentaosid: $ZENTAO_SID"Use a securely created private temp file or in-memory cookie jar, set restrictive permissions, clean it up, and never echo the session value.
If the shell helper is used with untrusted or pasted text, that text could run local Python commands on the user’s machine.
The shell helper interpolates the work description directly into a python3 -c program instead of passing it as data, so crafted quotes in the description can break out into executable Python.
user_desc = '''$USER_DESC'''.lower()
Pass the description via sys.argv, stdin, or a safely encoded JSON value; avoid constructing executable code from user-controlled text.
A wrong task match or wrong hour amount would create incorrect business time records.
The skill is explicitly designed to make a state-changing ZenTao API call after user confirmation.
向用户确认:匹配结果是否正确 ... 确认后自动记录工时 ... 调用 `recordworkhour` 接口提交
Confirm the task ID, work description, date, and hours before allowing the report script to run.
Project/task names and workload details may enter chat transcripts or logs during matching.
The matcher prints all fetched task names, IDs, consumed hours, and remaining hours into the agent-visible output.
lines.append(f'# Found {len(tasks)} tasks:')
lines.append('| Task ID | Task Name | Consumed | Left |')
lines.append(f'| {tid} | {name} | {consumed}h | {left}h |')Use this only in trusted workspaces, and consider limiting output to the top matches instead of the full task list.
Users may not realize before reading the full skill that it needs ZenTao account credentials and local credential storage.
Registry metadata does not advertise the credential/config requirements that SKILL.md and the scripts actually rely on.
Source: unknown; Homepage: none; Required env vars: none; Primary credential: none; Required config paths: none
Declare the ZenTao credential, config path, network/API capability, and provenance clearly in metadata.