禅道-ZenTao
v1.0.6禅道-ZenTao 项目管理 API 集成技能。支持查询产品、项目、执行、需求、任务、缺陷等。触发词:禅道、zentao、禅道查询、禅道项目
⭐ 1· 339·0 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description claim ZenTao API integration and included files implement a REST + legacy API client, CLI, and SKILL.md that instructs storing ZenTao credentials in TOOLS.md — these requirements are coherent with the stated purpose.
Instruction Scope
SKILL.md and code instruct reading credentials from TOOLS.md, authenticating to the configured ZenTao endpoint, and calling API endpoints. Actions that modify data require interactive confirmation. There are no instructions to read unrelated system files, environment variables, or to transmit data to unexpected external services.
Install Mechanism
No install script or remote downloads; dependencies are standard Python packages declared in requirements.txt (requests, beautifulsoup4). This is a low-risk, typical install approach for a Python-based skill.
Credentials
The skill requests no environment variables and instead expects API credentials in a local TOOLS.md per SKILL.md. That is proportionate for a self-hosted ZenTao integration, though storing credentials in a plaintext file is a normal security concern (not a coherence problem).
Persistence & Privilege
always is false and the skill does not request elevated or system-wide privileges; it does network calls only to the configured ZenTao endpoint and does not attempt to modify other skills or global agent settings.
Assessment
This skill appears internally consistent for integrating with a self-hosted ZenTao instance, but consider these practical cautions before installing: 1) Source/attribution is unknown and there is no homepage — if you rely on it in production, review the full read_credentials implementation and the code paths that log or print responses to ensure credentials are not inadvertently recorded. 2) TOOLS.md holds plaintext credentials — do not commit it to version control; prefer a token or scoped account and use HTTPS endpoints. 3) The code performs network requests to the endpoint you configure; verify you trust the ZenTao host and that credentials are rotated and limited in scope. 4) Action (create/update/delete) flows require interactive confirmation via input(); if you plan to run this non-interactively (as an autonomous agent) test how confirmation is handled so it cannot be abused to perform writes without explicit consent. 5) If you want higher assurance, run the package in an isolated environment, review the full source (especially any omitted helper functions), and confirm there are no hidden remote URLs or logging of secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk97cv6jf3edtpy7ts0c9wkt7gh82v1hw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.