Back to skill
Skillv1.1.1
VirusTotal security
TickTick CLI (ttg) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:34 AM
- Hash
- 1728f5df41949247fb11aa596e43c2194f3617ae6870e9f05d85cd08afe391ec
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ticktick-go Version: 1.1.1 The skill bundle's installation script in `SKILL.md` performs a `git clone` from a third-party repository (`github.com/dhruvkelawala/ticktick-go`) followed by `make install`. This represents an unverified remote code execution risk and a supply chain vulnerability, as the installation process fetches and executes code that is not pinned to a specific commit or checksum. While this behavior is consistent with the stated goal of installing the `ttg` CLI, it allows for potential compromise if the remote repository is altered.
- External report
- View on VirusTotal