PingCode
WarnAudited by ClawScan on May 14, 2026.
Overview
This PingCode integration matches its stated purpose, but it ships with a default HTTP raw-IP endpoint and hardcoded credentials, so users should review and reconfigure it before use.
Do not run this skill as-is. First remove the bundled config credentials, set the base_url to your trusted PingCode HTTPS endpoint, use least-privilege credentials, and confirm any work-item update actions before letting the agent execute them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used before reconfiguration, API authentication and project/work-item traffic may go to an unknown HTTP endpoint, exposing credentials or business data and allowing tampering on the network.
The generic PingCode skill ships with a public raw-IP HTTP endpoint and non-placeholder credentials. The scripts load config.json by default, so a first run can contact an endpoint the user did not explicitly choose.
"base_url": "http://45.251.20.42:8848/open", "client_id": "TYhXSHALhfhJ", "client_secret": "hwhjFMRXZChJycKUkppHjwdZ"
Before any use, replace the base_url with a trusted HTTPS PingCode public-cloud or self-hosted URL, remove the bundled credentials, and verify the publisher/provenance.
The skill can act with the PingCode application's permissions. Misconfigured or over-scoped credentials could expose or change project-management data.
The code sends PingCode client credentials to the configured base_url to obtain an access token. This credential use is expected for PingCode, but it is under-declared at the registry level and becomes risky with the bundled raw-IP default.
url = f"{config['base_url']}/v1/auth/token" ... "client_id": config['client_id'], "client_secret": config['client_secret']Use a least-privilege PingCode application, configure PINGCODE_BASE_URL together with credentials, store secrets in a secret manager or environment variables, and rotate any credentials that were exposed in config or chat.
If invoked with valid credentials, the agent can change work-item state in PingCode.
The update script can PATCH PingCode work items, including assignee, dates, status, and priority. This matches the stated purpose, but it changes shared business data.
response = requests.patch(url, headers=headers, json=updates, timeout=config['request_timeout'])
Only allow update commands after reviewing the target work item and fields, and consider requiring explicit user confirmation for mutations.