ClawHub

zentao

v1.0.1

Use the zentao CLI to login and query ZenTao products and bugs. ZENTAO_URL usually includes /zentao.

4· 1.9k·3 current·4 all-time
by郭立lee@leeguooooo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and install spec match: the skill installs the @leeguoo/zentao-mcp npm package which provides a 'zentao' CLI and the SKILL.md documents commands for listing products and bugs and logging in — all coherent with the stated purpose.
Instruction Scope
Runtime instructions are narrowly scoped to installing the CLI and using it (login, whoami, list/get commands). The only filesystem interaction described is writing credentials to ~/.config/zentao/config.toml (or $XDG_CONFIG_HOME), which is expected for a CLI that stores credentials; the SKILL.md does not instruct reading unrelated system files or exfiltrating data to unexpected endpoints.
Install Mechanism
Install uses an npm package (@leeguoo/zentao-mcp) from the public registry — expected for a JS CLI. This is a normal choice but npm packages can run lifecycle/postinstall scripts, so verify the package and publisher before installing on sensitive systems.
Credentials
The skill declares no required environment variables or credentials, which matches the instructions. However the CLI stores login credentials to a local config file (~/.config/zentao/config.toml or $XDG_CONFIG_HOME), so users should be aware credentials will be persisted on disk and verify file permissions/format.
Persistence & Privilege
The skill is not always-enabled and is user-invocable only. It modifies only its own CLI config file (per the doc) and does not request elevated or system-wide privileges.
Assessment
Before installing: (1) verify the npm package and author (@leeguoo/zentao-mcp) on the npm page and, if possible, inspect the package source or repository for postinstall scripts; (2) be aware logging in will persist credentials to ~/.config/zentao/config.toml (or $XDG_CONFIG_HOME) — check file contents and permissions and avoid storing high-privilege passwords on shared machines; (3) consider using least-privilege or API-token login if ZenTao supports it; (4) install in an isolated environment if you are unsure about the package's trustworthiness.

Like a lobster shell, security has layers — review code before you run it.

latestvk979yqsvmcs3a9rcar5nratars80db5h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐞 Clawdis

Install

Install zentao CLI (node)
Bins: zentao
npm i -g @leeguoo/zentao-mcp

Comments