zentao
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the
@leeguoo/zentao-mcppackage from the NPM registry. This package is owned by the skill's author and is used to provide the underlying CLI functionality. - [COMMAND_EXECUTION]: The skill relies on executing the
zentaocommand-line tool to perform operations such as querying bugs, updating tasks, and generating reports. This is the primary mechanism of the skill. - [CREDENTIALS_UNSAFE]: The skill manages authentication for ZenTao instances using credentials provided by the user via command-line flags (e.g.,
--zentao-password) or environment variables (e.g.,ZENTAO_PASSWORD). This is standard practice for CLI-based integrations with project management software.
Audit Metadata