TAPD
当用户需要查询、修改 TAPD 项目中需求、缺陷、任务等信息时,如修改状态、添加评论等,通过调用 TAPD MCP 提供相应的服务。当用户要求时,通过 send_qiwei_message 发送消息到企业微信。
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 11 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The description and SKILL.md repeatedly instruct calling TAPD MCP APIs (get_releated_bugs, get_bug, get_iterations, get_stories_or_tasks, get_todo) and optionally send_qiwei_message to 企业微信. Yet the registry metadata declares no required environment variables, no primary credential, and no config paths. A skill that integrates with TAPD and WeChat would normally need API endpoints and auth tokens; their absence is an incoherence.
Instruction Scope
Runtime instructions list specific API calls to make for various reporting scenarios but do not specify how to authenticate, which endpoints to call, what parameters are mandatory, or how results are returned or transmitted. The instructions give the agent broad latitude to 'call' these interfaces without constraining data handling or confirming authorization.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes on-disk risk. There is no download or external installer declared.
Credentials
The skill will need credentials (TAPD API token/endpoint and credentials for send_qiwei_message / 企业微信) to perform its described actions, yet requires.env is empty. Either required secrets are missing from the metadata (incoherent) or the skill expects the agent runtime to already have unconstrained access to those credentials (risky).
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not declare any special persistent privileges or modifications to other skills.
What to consider before installing
This skill claims to interact with TAPD and send enterprise WeChat messages but provides no details about authentication, endpoints, or required secrets. Before installing: (1) ask the publisher for the exact API endpoints and which environment variables or tokens it needs (TAPD API key, MCP endpoint, 企业微信 corp/agent credentials); (2) require that the skill declare minimal, scoped env vars (not broad SECRET_* globals); (3) verify who controls the send_qiwei_message integration and what messages the skill will send; (4) prefer installing only in a trusted environment and after reviewing any implementation code — if you cannot obtain these details, treat the skill as untrusted and do not grant it access to sensitive credentials.Like a lobster shell, security has layers — review code before you run it.
Current versionv0.0.1
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
质量管理
需求下 bug 跟进
适合角色:研发、测试
场景:
- 当研发想查看自己开发完成的需求在测试阶段还有多少未解决的 bug 时;
- 当测试想查看自己负责测试的需求的 bug 解决进度时:产生了多少,修复了多少,还有多少待修复,处理人是谁。
要做什么:
- 调用 get_releated_bugs 接口,传入需求 ID 参数,获取信息
当天产生/修复 bug 情况
适合角色:研发 leader、测试、项目管理
场景:
- 看产品质量情况:今天产生了多少 bug 单,修复了多少 bug 单
要做什么:
- 调用 get_bug 接口查询创建时间是今天的 bug 单
- 调用 get_bug 接口查询状态为已结束状态,最近修改时间为今天的 bug 单
短线日
适合角色:开发人员、测试、研发 leader
场景:
- 列出今天待解决的 bug 单及对应处理人
要做什么:
- 调用 get_bug 接口查询状态为非结束状态,预计结束时间是今天的 bug 单
工作总结
获取更新日志
适合角色:研发 leader、项目管理
场景:这迭代完成了哪些需求,总结归纳,便于发布迭代总结,更新发布日志
要做什么:
- 调用 get_iterations 接口,获取迭代
- 调用 get_stories_or_tasks 获取迭代内需求和任务
个人工作总结
适合角色:开发人员
场景:
- 我今天完成了哪些需求,解决了哪些 bug,还有哪些待办,用于更新日报,或站会时同步
要做什么:
- 查询我的已办工作:调用 get_stories_or_tasks 查询开发人员是我,最近修改时间是昨天和今天的需求和任务
- 查询我的待办工作:调用 get_todo 接口查询
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…