Compétences zentao-tour Historique des audits
📦

Historique des audits

zentao-tour - 2 audits

Version de l’audit 2

Dernier Risque moyen

Jun 29, 2026, 11:33 PM

Static analysis reported many command, network, filesystem, weak-crypto, and entropy issues, but the command and entropy hits are mostly Markdown examples, Mermaid syntax, Chinese prose, and documentation links. The confirmed risk is legitimate but elevated: the skill asks an agent to run zentao-cli against a live ZenTao instance, including create, update, state transition, and delete operations after user confirmation.

7
Fichiers analysés
760
Lignes analysées
8
Review items
0
False positives ignored
Capability review items (5)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Moyen
Live ZenTao Data Mutation Through CLI Commands
The skill instructs the agent to create products, stories, plans, projects, executions, tasks, test cases, bugs, and to perform status transitions in a real ZenTao environment. The workflow requires user consent before write operations, so this is legitimate product behavior, but a mistaken confirmation could alter production project data.
The files contain explicit zentao-cli create, update, resolve, close, start, and finish examples. The risk is moderated because SKILL.md also requires consent before create, update, delete, and status-flow commands.
Moyen
Credential And Token Handling In Setup Guidance
The onboarding guide shows ZenTao login commands, environment variables, token-based MCP configuration, and a local credential cache path. This is normal setup guidance, but users could expose credentials if they paste real secrets into shared prompts, logs, or configuration files with weak local permissions.
The documentation directly references passwords, tokens, environment variables, and local credential cache paths. I found no exfiltration behavior, so this remains a handling and disclosure risk rather than malicious activity.
Faible
Static Command-Execution Findings Are Mostly Markdown Examples
The scanner classified Markdown backticks and command snippets as Ruby or shell backtick execution. These are documentation examples for zentao-cli and Mermaid diagrams, not embedded executable code in the skill package.
Manual review shows Markdown code fences and inline command text, not Ruby source or dynamic shell execution primitives. The commands are intended examples for an AI assistant to run only within the tour workflow.
Faible
Hardcoded URLs Are Documentation And Example Endpoints
The hardcoded URLs point to the zentao-cli repository, ZenTao documentation, and a placeholder ZenTao server. I found no evidence that the skill sends hidden data to these URLs.
The reviewed URLs are visible documentation links or example configuration values. No hidden network call, webhook, or credential exfiltration instruction was found.
Faible
Filesystem And Weak-Crypto Alerts Appear To Be False Positives
Filesystem alerts are caused by relative Markdown links and documented local configuration paths. Weak-cryptography and entropy alerts appear to be triggered by Markdown filenames, MCP configuration text, Chinese content, and dense command tables rather than cryptographic code or encoded payloads.
The cited lines are documentation references or benign config paths, and there is no code implementing cryptography or decoding payloads. The entropy score is consistent with non-English prose and compact CLI syntax.

Motifs détectés

State-Changing CLI OperationsToken And Password Configuration Examples
Audité par: codex

Version de l’audit 1

Sûr

Apr 27, 2026, 06:21 AM

Evaluated 205 static findings across 7 files (760 lines). All patterns are legitimate documentation artifacts: backtick syntax in markdown code blocks showing zentao-cli commands, official product URLs (zentao.net), and relative documentation links. No malicious intent, data exfiltration, or prompt injection detected. Risk factors present are standard CLI tool characteristics.

7
Fichiers analysés
760
Lignes analysées
3
Review items
0
False positives ignored

Facteurs de risque

⚙️ Commandes externes (154)
overview.md:18-33 overview.md:33-42 overview.md:42-53 overview.md:53-58 overview.md:58-62 overview.md:62-64 overview.md:64-66 overview.md:66-68 overview.md:68 overview.md:68 overview.md:68 overview.md:68-74 overview.md:74-88 overview.md:88-90 overview.md:90 overview.md:90-96 overview.md:96-99 overview.md:99-103 overview.md:103 overview.md:103 overview.md:103-104 overview.md:104-105 roles/dev.md:13-15 roles/dev.md:15-21 roles/dev.md:21-23 roles/dev.md:23-28 roles/dev.md:28-32 roles/dev.md:32-34 roles/dev.md:34-37 roles/dev.md:37-39 roles/dev.md:39-45 roles/dev.md:45-47 roles/dev.md:47-55 roles/dev.md:55-57 roles/dev.md:57-59 roles/dev.md:59-61 roles/dev.md:61-63 roles/dev.md:63-65 roles/dev.md:65-79 roles/dev.md:79-80 roles/dev.md:80-81 roles/dev.md:81-82 roles/dev.md:82-83 roles/dev.md:83-84 roles/dev.md:84-85 roles/executive.md:24-26 roles/executive.md:26-30 roles/executive.md:30-33 roles/executive.md:33-39 roles/executive.md:39-41 roles/executive.md:41-45 roles/executive.md:45-48 roles/executive.md:48-54 roles/executive.md:54-57 roles/executive.md:57-63 roles/executive.md:63-66 roles/executive.md:66-74 roles/executive.md:74-87 roles/executive.md:87-88 roles/executive.md:88-89 roles/executive.md:89-90 roles/executive.md:90-91 roles/executive.md:91-92 roles/executive.md:92-93 roles/executive.md:93-94 roles/executive.md:94-95 roles/pjm.md:15-17 roles/pjm.md:17-25 roles/pjm.md:25-26 roles/pjm.md:26 roles/pjm.md:26-27 roles/pjm.md:27-31 roles/pjm.md:31-33 roles/pjm.md:33-35 roles/pjm.md:35 roles/pjm.md:35-43 roles/pjm.md:43-45 roles/pjm.md:45-47 roles/pjm.md:47-57 roles/pjm.md:57-59 roles/pjm.md:59-63 roles/pjm.md:63-65 roles/pjm.md:65-71 roles/pjm.md:71-73 roles/pjm.md:73-77 roles/pjm.md:77-80 roles/pjm.md:80-82 roles/pjm.md:82 roles/pjm.md:82 roles/pjm.md:82-98 roles/pjm.md:98-99 roles/pjm.md:99-100 roles/pjm.md:100-101 roles/pjm.md:101-102 roles/pjm.md:102-103 roles/pm.md:29 roles/pm.md:29 roles/pm.md:30 roles/pm.md:34-36 roles/pm.md:36-63 roles/pm.md:63-65 roles/pm.md:65-67 roles/pm.md:67-93 roles/pm.md:93-95 roles/pm.md:95-99 roles/pm.md:99-101 roles/pm.md:101-105 roles/pm.md:105-107 roles/pm.md:107-128 roles/pm.md:128 roles/pm.md:128-129 roles/pm.md:129-137 roles/pm.md:137-138 roles/pm.md:138-139 roles/pm.md:139-140 roles/pm.md:140-141 roles/pm.md:141-142 roles/test.md:15-17 roles/test.md:17-29 roles/test.md:29-31 roles/test.md:31-33 roles/test.md:33-39 roles/test.md:39-41 roles/test.md:41-43 roles/test.md:43-45 roles/test.md:45-47 roles/test.md:47-55 roles/test.md:55 roles/test.md:55 roles/test.md:55-57 roles/test.md:57-59 roles/test.md:59-63 roles/test.md:63-66 roles/test.md:66-82 roles/test.md:82-83 roles/test.md:83-84 roles/test.md:84-85 roles/test.md:85-86 roles/test.md:86-87 SKILL.md:21 SKILL.md:72 SKILL.md:72 SKILL.md:72 SKILL.md:72 SKILL.md:72 SKILL.md:72 SKILL.md:75 SKILL.md:83 SKILL.md:84 SKILL.md:86 SKILL.md:98 SKILL.md:98 SKILL.md:98 SKILL.md:113
🌐 Accès réseau (13)
📁 Accès au système de fichiers (16)

Motifs détectés

Markdown Code Block Syntax (False Positive)
Audité par: claude