TickTick
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent TickTick integration, but it relies on a Maton API key/OAuth connection and can change or delete TickTick data when approved.
Before installing, confirm that you trust Maton with your TickTick OAuth connection, keep MATON_API_KEY private, and carefully approve any create, update, complete, or delete operation. If you have multiple TickTick connections, make sure the intended Maton-Connection is used.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent can change or remove tasks and projects in the connected TickTick account.
The skill can create, update, and delete TickTick resources, but it discloses this and instructs the agent to confirm write operations with the user.
Manage tasks and projects with full CRUD operations... All write operations require explicit user approval.
Review every proposed create, update, complete, or delete action, especially project deletions, and confirm the target account/resource before proceeding.
Anyone with the Maton API key or active OAuth connection may be able to access or manage the connected TickTick data through the integration.
The skill requires a sensitive Maton API key and delegated OAuth access to the user's TickTick account, which is expected for this integration but security-relevant.
All requests require the Maton API key... Authorization: Bearer $MATON_API_KEY... Maton proxies requests to api.ticktick.com and automatically injects your OAuth token.
Store MATON_API_KEY securely, do not paste it into shared chats or logs, and revoke the Maton key or TickTick connection if it is no longer needed.
Task and project details may pass through Maton while using the skill.
TickTick API requests and responses flow through the Maton gateway rather than directly to TickTick, so the gateway is part of the data and trust boundary.
https://api.maton.ai/ticktick/{native-api-path}... Maton proxies requests to api.ticktick.comUse this skill only if you trust Maton to handle your TickTick API traffic and OAuth connection appropriately.
It may be harder to independently verify the publisher, support channel, or service documentation before granting access.
The registry metadata does not provide a source repository or homepage, which is a provenance gap even though the skill is instruction-only and has no bundled code.
Source: unknown; Homepage: none
Verify the Maton service and the TickTick OAuth flow through trusted channels before supplying an API key or authorizing an account.