История аудитов
zentao-api - 2 аудиты
Версия аудита 2
Последняя Высокий рискJun 29, 2026, 11:27 PM
Static analysis over-reported many Markdown backticks and weak-cryptography hits that are false positives in API documentation. However, manual review confirmed a high-risk eval workflow that emits unescaped credentials into the shell and a plaintext persistent token cache. No prompt injection attempt or confirmed malicious intent was found, so this is not a critical block.
Confirmed security concerns (4)
Capability review items (2)
These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.
Факторы риска
⚡ Содержит скрипты (2)
⚙️ Внешние команды (3)
📁 Доступ к файловой системе (5)
🌐 Доступ к сети (2)
Обнаруженные паттерны
Версия аудита 1
БезопасноApr 27, 2026, 06:17 AM
All 628 static analysis findings are false positives. The skill is a legitimate ZenTao API integration tool for project management operations. Detected patterns (backtick syntax, weak crypto flags, high entropy) are misclassifications of markdown documentation and API parameter values. No malicious behavior confirmed after human review.