Historique des audits
zentao-api - 2 audits
Version de l’audit 2
Dernier Risque élevéJun 29, 2026, 11:27 PM
Static analysis over-reported many Markdown backticks and weak-cryptography hits that are false positives in API documentation. However, manual review confirmed a high-risk eval workflow that emits unescaped credentials into the shell and a plaintext persistent token cache. No prompt injection attempt or confirmed malicious intent was found, so this is not a critical block.
Confirmed security concerns (4)
Capability review items (2)
These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.
Facteurs de risque
⚡ Contient des scripts (2)
⚙️ Commandes externes (3)
📁 Accès au système de fichiers (5)
🌐 Accès réseau (2)
Motifs détectés
Version de l’audit 1
SûrApr 27, 2026, 06:17 AM
All 628 static analysis findings are false positives. The skill is a legitimate ZenTao API integration tool for project management operations. Detected patterns (backtick syntax, weak crypto flags, high entropy) are misclassifications of markdown documentation and API parameter values. No malicious behavior confirmed after human review.