← 返回 Skills 市场

tapd-api

Name: tapd-api
Author: kailian

作者 kailian · GitHub ↗ · v1.0.3

cross-platform ✓ 安全检测通过

400

总下载

当前安装

版本数

在 OpenClaw 中安装

/install tapd-api

功能描述

TAPD API 完整集成。实现 18 个模块、70+ API 方法，支持 OAuth 和 Basic Auth 认证。涵盖需求、任务、缺陷、迭代、测试、Wiki、工时等所有 TAPD 功能。

安全使用建议

This skill appears to do what it says (a TAPD API client) but consider these points before installing: - Secrets handling: you must provide TAPD clientId/clientSecret (tapd.json or env vars). The skill's metadata does not declare required env vars — follow the SKILL.md. Keep tapd.json out of source control and set file mode to 600 as recommended. - Local token cache: the client saves OAuth tokens to ~/.tapd_token_cache.json in plain JSON. If you are concerned about local token exposure, delete or restrict that file, or run the tool in an isolated environment. - Minor doc inconsistencies: examples reference jq and a tapd_oauth_client.py that isn't present — jq usage is only in examples (jq is not declared as a required binary). Double-check example commands before running them. - Review the code: tapd_client.py performs HTTP requests to https://api.tapd.cn and encodes credentials for OAuth/Basic flows; review it if you need stricter assurance (e.g., to confirm no extra network endpoints or telemetry are present). There is no obfuscation in the code, so a quick audit is straightforward. - Operational hygiene: follow the provided SECURITY.md (do not commit credentials, add tapd.json to .gitignore, rotate keys). Consider running the client in a dedicated account or container if you want to limit blast radius. If you want a safer install, run the scripts in a disposable environment and inspect tapd_client.py yourself; if you need the registry metadata to reflect required env vars/config paths, ask the publisher to update it.

功能分析

Type: OpenClaw Skill Name: tapd-api Version: 1.0.3 The tapd-api skill bundle is a legitimate and well-documented integration for the TAPD project management platform. The Python client (scripts/tapd_client.py) and shell wrapper (scripts/tapd-api.sh) implement standard OAuth2 and Basic Auth protocols using Python's built-in libraries, with no external dependencies or risky execution sinks like eval() or os.system(). It includes proactive security guidance in SECURITY.md and correctly handles sensitive token caching locally in the user's home directory (~/.tapd_token_cache.json) without evidence of data exfiltration or malicious intent.

能力评估

✓ Purpose & Capability

Name/description, README and included code (scripts/tapd-client.py and tapd-api.sh) consistently implement a TAPD API client (OAuth and Basic auth). Requiring python3 is proportional. The Skill correctly requires OAuth credentials in practice (tapd.json or env vars), although the registry metadata lists no required env vars — this is a documentation/metadata omission, not an indicator of hidden behavior.

ℹ Instruction Scope

Runtime instructions and code explicitly read a local config file (tapd.json) and may read environment variables (TAPD_CLIENT_ID/TAPD_CLIENT_SECRET/TAPD_WORKSPACE_ID). The Python client caches access tokens to ~/.tapd_token_cache.json and will write that file. Examples also use jq and reference alternative filenames (e.g., tapd_oauth_client.py) that are not declared or present — minor inconsistencies that could confuse users but are not themselves malicious.

✓ Install Mechanism

No install spec — instruction-only with bundled scripts. No external downloads or archive extraction. All code is included in the skill bundle; installation risk is low.

ℹ Credentials

The skill requires TAPD credentials (clientId/clientSecret or Basic auth), which are appropriate for its purpose. However, the registry metadata doesn't list any required env vars or config paths even though the SKILL.md and code expect tapd.json and optionally exported env vars. The skill also stores access tokens in ~/.tapd_token_cache.json (unprotected JSON), which is a security/privacy consideration.

✓ Persistence & Privilege

always:false and agent autonomous invocation is not disabled. The skill writes a token cache file to the user's home directory and suggests local git hooks in docs; it does not modify other skills or request system-wide privileges. Persisted access token storage is normal for an API client but worth noting.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install tapd-api
安装完成后，直接呼叫该 Skill 的名称或使用 /tapd-api 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.3

Version 1.0.3 of tapd-api - No code or documentation changes were detected in this version. - Version and content remain consistent with previous release.

v1.0.2

## tapd-api 1.0.2 Changelog - No file changes detected in this version. - No user-visible features, bug fixes, or documentation updates. - Version bump only; functionality remains unchanged.

v1.0.1

Version 1.0.1 - Added SECURITY.md file with security guidelines. - Added STANDALONE_CONFIG.md file describing configuration for standalone usage.

v1.0.0

tapd-api v2.0.0 is a major upgrade providing full integration with the TAPD platform. - Supports all 18 TAPD modules and over 70 API methods. - Dual authentication modes: OAuth and Basic Auth. - Offers both a Python SDK and Shell CLI tool. - Enables multi-workspace switching and automatic token refresh. - Features comprehensive documentation, usage examples, and best practices for security and performance.

元数据

Slug tapd-api

版本 1.0.3

许可证 —

累计安装 1

当前安装数 1

历史版本数 4

常见问题

tapd-api 是什么？

TAPD API 完整集成。实现 18 个模块、70+ API 方法，支持 OAuth 和 Basic Auth 认证。涵盖需求、任务、缺陷、迭代、测试、Wiki、工时等所有 TAPD 功能。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 400 次。

如何安装 tapd-api？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tapd-api」即可一键安装，无需额外配置。

tapd-api 是免费的吗？

是的，tapd-api 完全免费（开源免费），可自由下载、安装和使用。

tapd-api 支持哪些平台？

tapd-api 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 tapd-api？

由 kailian（@kailian）开发并维护，当前版本 v1.0.3。