Back to skill
Skillv1.3.3
VirusTotal security
tick-md · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:33 AM
- Hash
- 9b305c064551c5d3f2896cc196ab85dbe3e7766c72a47a0b907cffa639ebb4ba
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: tick-md Version: 1.3.3 The skill is designed for multi-agent task coordination using Git-backed Markdown files. It transparently declares its requirements for `git` and network access for `npm` and `git remote`. Crucially, the `SKILL.md`, `INSTALL.md`, `CHANGELOG.md`, and role-specific instructions (`roles/ORCHESTRATOR.md`, `roles/WORKER.md`) repeatedly and explicitly instruct the AI agent to ask for user approval before performing sensitive actions like pushing to remote Git repositories (`tick sync --push` or `git push`) or modifying editor MCP configuration files. This strong emphasis on user consent and proactive security measures, including a changelog entry detailing security clarifications, indicates a design focused on safe operation rather than malicious intent. The capabilities provided are necessary for its stated purpose, and the prompt injection surface is used defensively to enforce safety boundaries.
- External report
- View on VirusTotal