ClawHub

Ticktick

Security checks across malware telemetry and agentic risk

Overview

This TickTick skill mostly matches its purpose, but it deserves review because it can immediately change remote task data and keeps OAuth secrets on disk.

Review before installing. Use it only if you trust the publisher with TickTick read/write access, understand that task changes can happen immediately from commands, and are comfortable with credentials stored under ~/.clawdbot/credentials/ticktick-cli/. Verify task IDs carefully before completing or abandoning tasks, especially in batches, and revoke the OAuth app if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Low
Confidence
78% confidence
Finding
The skill documents destructive task-state changes like complete, abandon, and batch-abandon without warning users that these operations modify remote task data and may be hard to notice or reverse. In a task-management context this is not system compromise, but it can still cause integrity loss, accidental workflow disruption, and unintended data changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This handler invokes task-modifying TickTick CLI actions such as add, complete, and abandon immediately based on user-supplied arguments, with no confirmation prompt, dry-run mode, or warning before state-changing operations. In an agent-driven context, this increases the risk of accidental or prompt-induced modification of a user's task data, especially because the same trigger accepts both read and write operations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code persists highly sensitive material including the OAuth client secret, access token, and refresh token to a local JSON file. Although file and directory permissions are restricted to 0600/0700, storing long-lived secrets on disk without explicit user consent or safer secret-storage mechanisms increases the chance of credential theft from local compromise, backups, sync tools, or multi-user environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal