Skillv1.0.0

ClawScan security

ZenTao Analytics · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 1, 2026, 1:18 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (analyzing ZenTao task data) matches the code and instructions, but there are inconsistencies and missing declarations (sensitive env vars not listed in registry, references to non‑existent helper scripts, and incomplete implementation) that warrant caution before installing or running with real credentials.
Guidance: This skill appears to be an analytics helper for ZenTao and is not obviously malicious, but it's incomplete and inconsistent. Before installing or running it: 1) Do not run it with production/root DB credentials — create a limited read‑only account or use a test instance. 2) Expect that the scripts are partially stubbed: fetchTaskData is a demo and there are missing helper scripts (test-connection.js) and no package.json; ask the author for a full implementation and dependency list. 3) Verify where credentials are stored (use a secure .env and avoid committing secrets). 4) Review the code locally to ensure no hidden network endpoints or exfiltration paths were added, and test on a sandboxed ZenTao instance first. 5) If you need the registry to show required env vars, request that the publisher update metadata to declare ZENTAO_URL, ZENTAO_API_KEY and/or DB credentials explicitly and provide guidance on least-privilege credentials.

Review Dimensions

Purpose & Capability: noteThe name/description (ZenTao analytics) matches the code and docs: the skill legitimately needs access to a ZenTao API or database to compute task and workload metrics. Requiring ZENTAO_URL, ZENTAO_API_KEY or DB credentials is coherent with the stated purpose. However, the registry metadata claims no required environment variables while the SKILL.md and scripts clearly expect environment variables for API/DB access — this mismatch is unexpected and should have been declared.
Instruction Scope: concernSKILL.md instructs the agent/user to configure env vars and run node scripts. The included analyze/export scripts read process.env and local files only and currently use simulated data (fetchTaskData is a stub). The docs reference additional test scripts (test-connection.js/test-db-connection.js) and an api-schema.md that are not present; the README also mentions exporting 'to external systems' but export-metrics.js only writes local JSON/CSV. The instructions therefore over-promise and refer to files/actions that aren't included, which increases risk if users run it expecting working network/DB behavior.
Install Mechanism: okThere is no install spec (instruction-only with a couple of scripts). That is low risk from an install perspective — no remote downloads or package installs are performed by the registry metadata. However, the scripts assume a Node environment and any missing runtime dependencies or package.json are not declared here.
Credentials: concernThe skill requires sensitive credentials (ZENTAO_API_KEY, or DB credentials including ZENTAO_DB_USER/ ZENTAO_DB_PASS) to perform its function — that is reasonable for this purpose. The problem is the registry metadata does not declare any required environment variables or primary credential, so users won't be warned by the installer. Also the SKILL.md suggests using a read-only DB account (good), but the code has no safeguards and there is no guidance to avoid using high‑privilege accounts. The missing declaration and lack of explicit guidance about credential scope are concerning.
Persistence & Privilege: okThe skill does not request 'always: true' and does not attempt to modify other skills or system-wide settings. It runs on demand and writes only local output files when invoked, which is consistent with its purpose.