OpenTIL
PassAudited by ClawScan on May 1, 2026.
Overview
OpenTIL appears purpose-aligned for saving and managing TIL entries, but it does use an OpenTIL token and can publish, edit, sync, and delete entries when instructed.
This skill is reasonable for managing OpenTIL from the CLI. Before installing, be comfortable granting an OpenTIL token, storing local credentials and drafts under ~/.til/, and reviewing confirmations before publishing, editing, syncing, or deleting entries.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill can give the agent authority over your OpenTIL entries, including deletion if the token has that scope.
The skill requires or uses an OpenTIL account token that can read, write, and delete entries, and it can also read tokens from a local profile file.
create a Personal Access Token with `read:entries`, `write:entries`, and `delete:entries` scopes ... `$OPENTIL_TOKEN` ... `~/.til/credentials` file
Use the narrowest token scopes you need, protect ~/.til/credentials, and revoke the token if you stop using the skill.
A mistaken confirmation could publish, change, or delete an OpenTIL entry.
The skill can mutate OpenTIL content, including publishing, editing, and permanently deleting entries, but the documented flows include previews or confirmations for high-impact actions.
`publish` | `write:entries` ... `edit` | `read:entries` + `write:entries` ... `delete` | `delete:entries` ... Type "delete" to confirm
Review entry titles, diffs, and confirmation prompts carefully before approving publish, edit, sync, or delete actions.
Private information saved in local TIL drafts could later be uploaded if you approve syncing.
The skill stores drafts persistently on disk and later reuses those files during sync, uploading their contents to OpenTIL after the documented sync flow.
All platforms use `~/.til/drafts/` ... Parse the frontmatter ... Read the content body ... POST to API ... On 201 success: delete the local file
Keep ~/.til/drafts/ limited to intended TIL content and review drafts before syncing, especially on shared machines.
The agent may suggest saving an insight from the conversation even when you did not explicitly run /til.
The skill can alter normal agent responses by adding proactive capture suggestions, but it limits suggestions to once per session and requires user acceptance before capture.
Agent proactively detects TIL-worthy moments ... Append the suggestion at the end of your normal response ... Capture? (yes/no)
Decline or ignore suggestions for sensitive conversations; only answer yes when you want the insight captured.
Authentication may cause the agent to run local helper commands to open a browser and wait for authorization.
The auth flow documents local command use to open a browser and poll for authorization, which is purpose-aligned but still involves shell-level actions.
Open `{verification_uri}?user_code={user_code}` via `open` (macOS) or `xdg-open` (Linux) ... Use a bash script to poll in a single commandUse this flow only when you intend to connect an OpenTIL account, and review any displayed command or browser URL if prompted.