← Back to Skills Marketplace
kailian

tapd-api

by kailian · GitHub ↗ · v1.0.3
cross-platform ✓ Security Clean
400
Downloads
1
Stars
1
Active Installs
4
Versions
Install in OpenClaw
/install tapd-api
Description
TAPD API 完整集成。实现 18 个模块、70+ API 方法,支持 OAuth 和 Basic Auth 认证。涵盖需求、任务、缺陷、迭代、测试、Wiki、工时等所有 TAPD 功能。
Usage Guidance
This skill appears to do what it says (a TAPD API client) but consider these points before installing: - Secrets handling: you must provide TAPD clientId/clientSecret (tapd.json or env vars). The skill's metadata does not declare required env vars — follow the SKILL.md. Keep tapd.json out of source control and set file mode to 600 as recommended. - Local token cache: the client saves OAuth tokens to ~/.tapd_token_cache.json in plain JSON. If you are concerned about local token exposure, delete or restrict that file, or run the tool in an isolated environment. - Minor doc inconsistencies: examples reference jq and a tapd_oauth_client.py that isn't present — jq usage is only in examples (jq is not declared as a required binary). Double-check example commands before running them. - Review the code: tapd_client.py performs HTTP requests to https://api.tapd.cn and encodes credentials for OAuth/Basic flows; review it if you need stricter assurance (e.g., to confirm no extra network endpoints or telemetry are present). There is no obfuscation in the code, so a quick audit is straightforward. - Operational hygiene: follow the provided SECURITY.md (do not commit credentials, add tapd.json to .gitignore, rotate keys). Consider running the client in a dedicated account or container if you want to limit blast radius. If you want a safer install, run the scripts in a disposable environment and inspect tapd_client.py yourself; if you need the registry metadata to reflect required env vars/config paths, ask the publisher to update it.
Capability Analysis
Type: OpenClaw Skill Name: tapd-api Version: 1.0.3 The tapd-api skill bundle is a legitimate and well-documented integration for the TAPD project management platform. The Python client (scripts/tapd_client.py) and shell wrapper (scripts/tapd-api.sh) implement standard OAuth2 and Basic Auth protocols using Python's built-in libraries, with no external dependencies or risky execution sinks like eval() or os.system(). It includes proactive security guidance in SECURITY.md and correctly handles sensitive token caching locally in the user's home directory (~/.tapd_token_cache.json) without evidence of data exfiltration or malicious intent.
Capability Assessment
Purpose & Capability
Name/description, README and included code (scripts/tapd-client.py and tapd-api.sh) consistently implement a TAPD API client (OAuth and Basic auth). Requiring python3 is proportional. The Skill correctly requires OAuth credentials in practice (tapd.json or env vars), although the registry metadata lists no required env vars — this is a documentation/metadata omission, not an indicator of hidden behavior.
Instruction Scope
Runtime instructions and code explicitly read a local config file (tapd.json) and may read environment variables (TAPD_CLIENT_ID/TAPD_CLIENT_SECRET/TAPD_WORKSPACE_ID). The Python client caches access tokens to ~/.tapd_token_cache.json and will write that file. Examples also use jq and reference alternative filenames (e.g., tapd_oauth_client.py) that are not declared or present — minor inconsistencies that could confuse users but are not themselves malicious.
Install Mechanism
No install spec — instruction-only with bundled scripts. No external downloads or archive extraction. All code is included in the skill bundle; installation risk is low.
Credentials
The skill requires TAPD credentials (clientId/clientSecret or Basic auth), which are appropriate for its purpose. However, the registry metadata doesn't list any required env vars or config paths even though the SKILL.md and code expect tapd.json and optionally exported env vars. The skill also stores access tokens in ~/.tapd_token_cache.json (unprotected JSON), which is a security/privacy consideration.
Persistence & Privilege
always:false and agent autonomous invocation is not disabled. The skill writes a token cache file to the user's home directory and suggests local git hooks in docs; it does not modify other skills or request system-wide privileges. Persisted access token storage is normal for an API client but worth noting.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install tapd-api
  3. After installation, invoke the skill by name or use /tapd-api
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Version 1.0.3 of tapd-api - No code or documentation changes were detected in this version. - Version and content remain consistent with previous release.
v1.0.2
## tapd-api 1.0.2 Changelog - No file changes detected in this version. - No user-visible features, bug fixes, or documentation updates. - Version bump only; functionality remains unchanged.
v1.0.1
Version 1.0.1 - Added SECURITY.md file with security guidelines. - Added STANDALONE_CONFIG.md file describing configuration for standalone usage.
v1.0.0
tapd-api v2.0.0 is a major upgrade providing full integration with the TAPD platform. - Supports all 18 TAPD modules and over 70 API methods. - Dual authentication modes: OAuth and Basic Auth. - Offers both a Python SDK and Shell CLI tool. - Enables multi-workspace switching and automatic token refresh. - Features comprehensive documentation, usage examples, and best practices for security and performance.
Metadata
Slug tapd-api
Version 1.0.3
License
All-time Installs 1
Active Installs 1
Total Versions 4
Frequently Asked Questions

What is tapd-api?

TAPD API 完整集成。实现 18 个模块、70+ API 方法,支持 OAuth 和 Basic Auth 认证。涵盖需求、任务、缺陷、迭代、测试、Wiki、工时等所有 TAPD 功能。 It is an AI Agent Skill for Claude Code / OpenClaw, with 400 downloads so far.

How do I install tapd-api?

Run "/install tapd-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is tapd-api free?

Yes, tapd-api is completely free (open-source). You can download, install and use it at no cost.

Which platforms does tapd-api support?

tapd-api is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created tapd-api?

It is built and maintained by kailian (@kailian); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments