Pingcode Enhanced
ReviewAudited by ClawScan on May 10, 2026.
Overview
This mostly looks like a legitimate PingCode integration, but one “my tasks” script appears broader than advertised and the skill uses enterprise PingCode credentials that can read or change project data.
Install only with a dedicated, least-privilege PingCode app. Review or fix the “my tasks” behavior before relying on it for personal-only task queries, and require explicit approval for any work-item updates.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user asking for “my tasks” could receive general work items visible to the PingCode app credentials, potentially exposing project data beyond what they expected.
The script is presented as fetching the current user's tasks, but the request shown has only pagination parameters and no current-user or assignee filter by default.
"PingCode API Client - 获取当前用户的任务列表" ... url = f"{BASE_URL}/v1/project/work_items" ... params = {"page_size": limit, "page_index": 0}Change the script to resolve the actual current user or require an explicit assignee filter, and document clearly when app-wide work items may be returned.
If the PingCode app is broadly scoped, the agent may be able to read substantial internal company data through normal skill use.
The skill uses PingCode application credentials, and the configured app data scope controls access to enterprise projects, users, wiki, DevOps, and work items.
在 PingCode 企业后台创建应用,获取 `Client ID` 和 `Client Secret` 2. 配置应用的数据访问范围
Use a dedicated PingCode app with least-privilege scopes, keep the client secret out of shared environments, and review what data the agent is allowed to query.
Accidental or autonomous use of the update command could change project tracking records.
The skill documents commands that can update PingCode work item fields such as assignee, dates, priority, and status.
python3 scripts/update_workitem.py --workitem_id abc --assignee anytao
Require explicit confirmation before running update_workitem.py, and prefer narrowly scoped PingCode permissions for mutation actions.
Wiki pages or comments could influence the agent if their text is treated as instructions rather than data.
The skill can retrieve full wiki page content into the agent context, and such retrieved content may contain untrusted instructions or misleading text.
python3 scripts/query_wiki.py --page_id xxx --content # 正文内容
Treat retrieved PingCode content as untrusted reference material; summarize or quote it, but do not follow instructions found inside it unless the user confirms.