Skillv1.0.6

ClawScan security

禅道-ZenTao · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 12:55 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and required artifacts are consistent with a ZenTao API integration; nothing in the files appears to request unrelated credentials or external endpoints beyond the ZenTao host, but the package comes from an unknown source and stores credentials in a plaintext TOOLS.md which carries normal operational risk.
Guidance: This skill appears internally consistent for integrating with a self-hosted ZenTao instance, but consider these practical cautions before installing: 1) Source/attribution is unknown and there is no homepage — if you rely on it in production, review the full read_credentials implementation and the code paths that log or print responses to ensure credentials are not inadvertently recorded. 2) TOOLS.md holds plaintext credentials — do not commit it to version control; prefer a token or scoped account and use HTTPS endpoints. 3) The code performs network requests to the endpoint you configure; verify you trust the ZenTao host and that credentials are rotated and limited in scope. 4) Action (create/update/delete) flows require interactive confirmation via input(); if you plan to run this non-interactively (as an autonomous agent) test how confirmation is handled so it cannot be abused to perform writes without explicit consent. 5) If you want higher assurance, run the package in an isolated environment, review the full source (especially any omitted helper functions), and confirm there are no hidden remote URLs or logging of secrets.

Review Dimensions

Purpose & Capability: okName/description claim ZenTao API integration and included files implement a REST + legacy API client, CLI, and SKILL.md that instructs storing ZenTao credentials in TOOLS.md — these requirements are coherent with the stated purpose.
Instruction Scope: okSKILL.md and code instruct reading credentials from TOOLS.md, authenticating to the configured ZenTao endpoint, and calling API endpoints. Actions that modify data require interactive confirmation. There are no instructions to read unrelated system files, environment variables, or to transmit data to unexpected external services.
Install Mechanism: okNo install script or remote downloads; dependencies are standard Python packages declared in requirements.txt (requests, beautifulsoup4). This is a low-risk, typical install approach for a Python-based skill.
Credentials: okThe skill requests no environment variables and instead expects API credentials in a local TOOLS.md per SKILL.md. That is proportionate for a self-hosted ZenTao integration, though storing credentials in a plaintext file is a normal security concern (not a coherence problem).
Persistence & Privilege: okalways is false and the skill does not request elevated or system-wide privileges; it does network calls only to the configured ZenTao endpoint and does not attempt to modify other skills or global agent settings.