ClawHub

MantisBT Manager

v0.0.1

Manage Mantis Bug Tracker (issues, projects, users, filters, configs) via the official Mantis REST API. Supports full CRUD operations on issues, projects, users, attachments, notes, tags, relationships, and configuration management. Features dynamic instance switching with context-aware base URL and token resolution.

3· 1.6k·0 current·0 all-time
by@willykinfoussia
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Mantis issue/project/user management) match the declared requirements: MANTIS_BASE_URL and MANTIS_API_TOKEN. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md stays within the stated purpose (API calls, context switching between Mantis instances, impersonation header for admin flows). It documents runtime context variables (temporary_/user_) for switching tokens/URLs. Caution: the docs instruct the agent to show 'current token' (masked in examples) and to persist user_token for a session — the actual agent implementation must ensure tokens are masked and not leaked in logs or messages.
Install Mechanism
Instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk. This is the lowest-risk install mechanism.
Credentials
Only two environment variables are required and both are directly related to the stated purpose. The doc supports additional runtime tokens (temporary/user) but marks them as session/runtime context rather than required env vars.
Persistence & Privilege
always:false and no system config paths requested. The skill documents storing user_token values for the session and temporary values for one-off operations — reasonable for multi-instance management, but users should understand session-stored tokens persist until cleared and could be available to the agent for subsequent operations.
Assessment
This skill appears to do what it says: call your Mantis instance API and manage issues/projects/users. Before installing/providing credentials: (1) Use a token with minimal permissions rather than an administrator token when possible; (2) avoid pasting long-lived admin tokens into chat — prefer environment variables or short-lived tokens; (3) understand the skill keeps session-level user_token values until cleared, so clear session tokens or end the session when done; (4) be cautious with impersonation flows (X-Impersonate-User) — they allow acting as another user and require appropriate privileges; (5) test first against a staging instance or a low-privilege account, and revoke/rotate tokens if you suspect they were exposed. If you need higher confidence, request the skill author/source code or a signed provenance for the skill package.

Like a lobster shell, security has layers — review code before you run it.

latestvk97brmcb5t3p8z6kfm22795kgs80hgb4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐞 Clawdis
EnvMANTIS_BASE_URL, MANTIS_API_TOKEN
Primary envMANTIS_API_TOKEN

Comments