Manage Mantis Bug Tracker (issues, projects, users, filters, configs) via the official Mantis REST API. Supports full CRUD operations on issues, projects, users, attachments, notes, tags, relationships, and configuration management. Features dynamic instance switching with context-aware base URL and token resolution.
Security Analysis
high confidenceThe skill's requests and runtime instructions are coherent with a Mantis BT management tool: it only requires a Mantis base URL and API token and its instructions focus on calling the Mantis REST API and managing per-session/temporary instance tokens.
Name/description (Mantis issue/project/user management) match the declared requirements: MANTIS_BASE_URL and MANTIS_API_TOKEN. No unrelated credentials, binaries, or install steps are requested.
SKILL.md stays within the stated purpose (API calls, context switching between Mantis instances, impersonation header for admin flows). It documents runtime context variables (temporary_/user_) for switching tokens/URLs. Caution: the docs instruct the agent to show 'current token' (masked in examples) and to persist user_token for a session — the actual agent implementation must ensure tokens are masked and not leaked in logs or messages.
Instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk. This is the lowest-risk install mechanism.
Only two environment variables are required and both are directly related to the stated purpose. The doc supports additional runtime tokens (temporary/user) but marks them as session/runtime context rather than required env vars.
always:false and no system config paths requested. The skill documents storing user_token values for the session and temporary values for one-off operations — reasonable for multi-instance management, but users should understand session-stored tokens persist until cleared and could be available to the agent for subsequent operations.
Guidance
This skill appears to do what it says: call your Mantis instance API and manage issues/projects/users. Before installing/providing credentials: (1) Use a token with minimal permissions rather than an administrator token when possible; (2) avoid pasting long-lived admin tokens into chat — prefer environment variables or short-lived tokens; (3) understand the skill keeps session-level user_token values until cleared, so clear session tokens or end the session when done; (4) be cautious with impersonation flows (X-Impersonate-User) — they allow acting as another user and require appropriate privileges; (5) test first against a staging instance or a low-privilege account, and revoke/rotate tokens if you suspect they were exposed. If you need higher confidence, request the skill author/source code or a signed provenance for the skill package.
Latest Release
v0.0.1
Initial release of mantis_manager: Manage MantisBT via official REST API with dynamic context & multi-instance support. - Supports full CRUD operations on issues, projects, users, attachments, notes, tags, relationships, and configurations. - Dynamic instance switching: use different Mantis base URLs and tokens per operation or session, resolved by runtime context. - Environment variables MANTIS_BASE_URL and MANTIS_API_TOKEN required; can override via temporary/session context variables. - Includes context management commands for switching, viewing, and resetting current API connection or auth token. - Extensive documentation and usage examples for all major operations and context management patterns.
More by @willykinfoussia
Published by @willykinfoussia on ClawHub
