TickTick CLI (ttg)
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward TickTick task-management skill, but it can change your tasks and uses local TickTick API credentials.
Review the upstream ttg CLI before installing because the install script builds from an unpinned GitHub source. Keep ~/.config/ttg/config.json private, restrict its permissions, do not share the client_secret, and require explicit confirmation before allowing an agent to edit, complete, or delete TickTick tasks.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.