Compétences zentao-cli Historique des audits
📦

Historique des audits

zentao-cli - 2 audits

Version de l’audit 2

Dernier Risque moyen

Jun 29, 2026, 11:30 PM

Most command-execution hits are Markdown examples for using zentao-cli, not executable skill code. Confirmed risks are external CLI execution, ZenTao authentication, local credential caching, and write or delete operations. No prompt injection or malicious exfiltration evidence was found.

1
Fichiers analysés
260
Lignes analysées
6
Review items
2
False positives ignored

Confirmed security concerns (3)

Moyen
External CLI Installation and Execution
The skill tells users to install zentao-cli globally or run it through npx. This is expected, but it executes third-party code locally.
The referenced lines explicitly instruct installation and execution of an external command-line tool. The behavior is legitimate for this skill, but the execution risk is real because the package runs locally.
Moyen
Credential Handling and Local Credential Cache
The skill documents login with server URL, account, password, token, and local credential storage. Exposed local files could reveal ZenTao access.
The skill explicitly documents password or token authentication and local credential caching. No malicious exfiltration is shown, but credential exposure risk is directly evidenced.
Moyen
State-Changing and Destructive ZenTao Operations
The skill includes create, update, delete, resolve, close, start, and finish operations. It also shows --yes for delete confirmation bypass.
The cited examples directly perform writes and deletion. The skill also advises confirmation before writes, which lowers but does not remove operational risk.
Static false positives ignored (2)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

Faible
Hardcoded Documentation URLs
The repository URL and sample ZenTao server URL are documentation references. No evidence found of unauthorized external data transfer.
The URLs appear in metadata and login examples. They are consistent with project documentation and do not show exfiltration logic.
Faible
Scanner False Positives From Markdown Formatting
The weak-cryptography and high-entropy alerts appear to come from front matter, Chinese text, and Markdown examples. No obfuscated payload was found.
Manual review found normal YAML front matter and Chinese documentation text at the flagged lines. The file is readable Markdown, not obfuscated code.

Facteurs de risque

⚙️ Commandes externes (5)
🌐 Accès réseau (2)
📁 Accès au système de fichiers (1)

Motifs détectés

Global Package Installation CommandCredential Cache Location DocumentedDelete Confirmation Bypass Example
Audité par: codex

Version de l’audit 1

Sûr

Apr 27, 2026, 06:19 AM

This is a legitimate project management CLI documentation file. The static analyzer flagged 96 instances of 'external_commands' but all are FALSE POSITIVES - they are example commands shown in markdown documentation blocks, not actual code execution. No malicious intent, prompt injection, or security threats found after human evaluation.

1
Fichiers analysés
260
Lignes analysées
0
Review items
0
False positives ignored
Aucun problème de sécurité trouvé
Audité par: claude