Historial de auditorías
zentao-api - 2 auditorías
Versión de auditoría 2
Más reciente Riesgo altoJun 29, 2026, 11:27 PM
Static analysis over-reported many Markdown backticks and weak-cryptography hits that are false positives in API documentation. However, manual review confirmed a high-risk eval workflow that emits unescaped credentials into the shell and a plaintext persistent token cache. No prompt injection attempt or confirmed malicious intent was found, so this is not a critical block.
Confirmed security concerns (4)
Capability review items (2)
These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.
Factores de riesgo
⚡ Contiene scripts (2)
⚙️ Comandos externos (3)
📁 Acceso al sistema de archivos (5)
🌐 Acceso a red (2)
Patrones detectados
Versión de auditoría 1
SeguroApr 27, 2026, 06:17 AM
All 628 static analysis findings are false positives. The skill is a legitimate ZenTao API integration tool for project management operations. Detected patterns (backtick syntax, weak crypto flags, high entropy) are misclassifications of markdown documentation and API parameter values. No malicious behavior confirmed after human review.