ai-zidong-tibug
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: ai-zidong-tibug Version: 1.0.0 The skill bundle is designed to automate bug report normalization and submission to a ZenTao instance, but it contains significant security risks. The script `scripts/zentao_submit_bugs.py` implements a file upload feature that resolves local paths using `Path(file_path).expanduser()` without any directory validation or sandboxing, potentially allowing an AI agent (if manipulated via prompt injection) to exfiltrate arbitrary local files to the remote ZenTao server. Additionally, the skill requires multiple sets of plaintext credentials (HTTP Basic Auth and ZenTao application passwords) and points to a specific default domain (`https://pm.jsyyds.com/`), which increases the risk profile despite being aligned with the stated automation purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
It could create and assign real tickets, and potentially upload attachments, when the user only expected drafting or normalization.
The skill directs the agent to create ZenTao defects by default, rather than requiring an explicit confirmation step before mutating the user's issue tracker.
默认行为:生成每条 Bug 后,自动登录禅道并创建缺陷单;仅当用户明确说“只生成不提单”时才跳过提交。
Make ticket submission opt-in, require a final review/confirmation for each batch, and use the “只生成不提单” mode unless automatic submission is explicitly intended.
Users may install it without realizing it needs real ZenTao and HTTP Basic credentials with authority to create defects.
The registry metadata says no credentials or environment variables are needed, but the skill's ZenTao workflow requires HTTP_USER, HTTP_PASS, ZENTAO_USER, and ZENTAO_PASS for automatic login and submission.
Required env vars: none; Env var declarations: none; Primary credential: none
Declare all required credentials and capabilities in metadata, and use a least-privileged bot account rather than a personal account.
A user from another organization could accidentally send credentials to the default domain if they do not explicitly configure their own ZenTao URL.
If ZENTAO_URL is not set, the script sends HTTP Basic credentials and the ZenTao username/password to a default external ZenTao host.
ZENTAO_URL=https://pm.jsyyds.com/ ... response = requests.post(endpoint, auth=HTTPBasicAuth(http_user, http_pass), json=payload, timeout=30, verify=verify_ssl)
Require ZENTAO_URL to be set explicitly before login, and clearly warn users which host will receive credentials.
Anyone with access to that file may be able to reuse the saved session token until it expires or is revoked.
The login script stores the ZenTao token and account name in a local state file for reuse.
"token": token, "account": config["username"], ... save_state(save_path, state)
Store the token file in a restricted location, avoid committing it, delete it after use, and rotate/revoke tokens if exposed.
The agent will run local scripts that make network requests and modify ZenTao when invoked.
The skill intentionally runs local Python scripts to log in and submit tickets. This is central to its purpose and disclosed, but still means installing the skill enables local code execution.
执行命令:`python3 scripts/zentao_login_and_save_state.py` ... `python3 scripts/zentao_submit_bugs.py --input <bugs.json> --product-id <产品ID>`
Inspect the scripts, run them in a controlled environment, and do a dry run or no-submit workflow before allowing automatic submissions.