Навыки zentao-api История аудитов
📦

История аудитов

zentao-api - 2 аудиты

Версия аудита 2

Последняя Высокий риск

Jun 29, 2026, 11:27 PM

Static analysis over-reported many Markdown backticks and weak-cryptography hits that are false positives in API documentation. However, manual review confirmed a high-risk eval workflow that emits unescaped credentials into the shell and a plaintext persistent token cache. No prompt injection attempt or confirmed malicious intent was found, so this is not a critical block.

3
Просканировано файлов
776
Проанализировано строк
10
Review items
0
False positives ignored

Confirmed security concerns (4)

Высокий
Shell Eval Command Injection in Token Setup
The skill tells users to run the token helper through eval. The helper prints unescaped URL, token, and account values as shell assignments, so metacharacters from environment variables, the cache file, or a server response can execute in the user shell.
The eval instruction is explicit, and the script emits raw variable values without shell escaping. This creates a direct command execution path if any emitted value is attacker controlled.
Высокий
Persistent Plaintext ZenTao Token Cache
The helper stores ZenTao URL, account, and token in a hidden home-directory JSON file. The documentation states ZenTao tokens are permanent, so local file disclosure can expose long-lived account access.
The cache path and write operations are directly present, and the comments describe permanent token behavior. The risk depends on local file permissions but the credential persistence is confirmed.
Низкий
Markdown Backticks Misclassified as External Commands
Most static external command hits in SKILL.md and api-reference.md are Markdown code spans, shell examples, endpoint paths, or API tables. They are not executable Ruby backticks in a source file.
The cited lines are documentation text and tables, not Ruby code. The exception is the documented shell eval workflow, which is captured as a separate high-risk finding.
Низкий
Weak Cryptography Findings Are Terminology False Positives
The weak cryptography hits map to API documentation terms, enum values, field names, and Markdown content. No evidence found of hashing, encryption, or custom cryptographic implementation in the reviewed files.
Manual review of representative flagged lines shows API fields and status values rather than crypto operations. This makes the high static severity misleading for that pattern.
Capability review items (2)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Средний
Authenticated Network Requests and Mutating API Operations
The skill is designed to send authenticated requests to a user-configured ZenTao server and supports create, update, delete, and status transition actions. This is expected for the skill, but it can change project records and should require clear user confirmation.
The network call and many mutating curl examples are visible. The behavior is legitimate for this integration, but it raises operational risk when credentials are available.
Низкий
High Entropy Heuristic Appears Caused by Documentation Text
The high entropy heuristic points at normal shell script and Markdown files containing Chinese text and dense API references. No evidence found of encoded payloads, binary blobs, or encrypted content.
The flagged files are readable source and documentation. The confidence is below very high because entropy is a heuristic, but the reviewed context does not show obfuscation.

Факторы риска

Обнаруженные паттерны

Shell Eval Command Injection in Token SetupPersistent Plaintext ZenTao Token Cache
Аудитор:: codex

Версия аудита 1

Безопасно

Apr 27, 2026, 06:17 AM

All 628 static analysis findings are false positives. The skill is a legitimate ZenTao API integration tool for project management operations. Detected patterns (backtick syntax, weak crypto flags, high entropy) are misclassifications of markdown documentation and API parameter values. No malicious behavior confirmed after human review.

3
Просканировано файлов
776
Проанализировано строк
0
Review items
0
False positives ignored
Проблем безопасности не найдено
Аудитор:: claude