v1.11.0

OpenTIL

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:35 AM.

Analysis

OpenTIL appears purpose-aligned for saving and managing TIL entries, but it does use an OpenTIL token and can publish, edit, sync, and delete entries when instructed.

GuidanceThis skill is reasonable for managing OpenTIL from the CLI. Before installing, be comfortable granting an OpenTIL token, storing local credentials and drafts under ~/.til/, and reviewing confirmations before publishing, editing, syncing, or deleting entries.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

references/management.md

`publish` | `write:entries` ... `edit` | `read:entries` + `write:entries` ... `delete` | `delete:entries` ... Type "delete" to confirm

The skill can mutate OpenTIL content, including publishing, editing, and permanently deleting entries, but the documented flows include previews or confirmations for high-impact actions.

User impactA mistaken confirmation could publish, change, or delete an OpenTIL entry.

RecommendationReview entry titles, diffs, and confirmation prompts carefully before approving publish, edit, sync, or delete actions.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

references/auto-detection.md

Agent proactively detects TIL-worthy moments ... Append the suggestion at the end of your normal response ... Capture? (yes/no)

The skill can alter normal agent responses by adding proactive capture suggestions, but it limits suggestions to once per session and requires user acceptance before capture.

User impactThe agent may suggest saving an insight from the conversation even when you did not explicitly run /til.

RecommendationDecline or ignore suggestions for sensitive conversations; only answer yes when you want the insight captured.

Unexpected Code Execution

SeverityLowConfidenceMediumStatusNote

references/management.md

Open `{verification_uri}?user_code={user_code}` via `open` (macOS) or `xdg-open` (Linux) ... Use a bash script to poll in a single command

The auth flow documents local command use to open a browser and poll for authorization, which is purpose-aligned but still involves shell-level actions.

User impactAuthentication may cause the agent to run local helper commands to open a browser and wait for authorization.

RecommendationUse this flow only when you intend to connect an OpenTIL account, and review any displayed command or browser URL if prompted.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

create a Personal Access Token with `read:entries`, `write:entries`, and `delete:entries` scopes ... `$OPENTIL_TOKEN` ... `~/.til/credentials` file

The skill requires or uses an OpenTIL account token that can read, write, and delete entries, and it can also read tokens from a local profile file.

User impactInstalling and using the skill can give the agent authority over your OpenTIL entries, including deletion if the token has that scope.

RecommendationUse the narrowest token scopes you need, protect ~/.til/credentials, and revoke the token if you stop using the skill.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

references/local-drafts.md

All platforms use `~/.til/drafts/` ... Parse the frontmatter ... Read the content body ... POST to API ... On 201 success: delete the local file

The skill stores drafts persistently on disk and later reuses those files during sync, uploading their contents to OpenTIL after the documented sync flow.

User impactPrivate information saved in local TIL drafts could later be uploaded if you approve syncing.

RecommendationKeep ~/.til/drafts/ limited to intended TIL content and review drafts before syncing, especially on shared machines.