Security audit

Ticktick Skill For Power Users

Security checks across malware telemetry and agentic risk

Overview

This TickTick skill appears purpose-built for task management, but its file attachment feature uses a browser session cookie and can upload arbitrary local files, which deserves careful review before installation.

Install only if you are comfortable giving this CLI write access to your TickTick tasks and storing TickTick credentials locally. Avoid adding a browser session cookie unless you need attachments, treat that cookie like a password, and only attach files you intentionally want uploaded to TickTick.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill documents capabilities to read and write local files, invoke shell commands, and make network requests, but it does not declare corresponding permissions. This weakens transparency and policy enforcement, making it easier for an agent or user to invoke sensitive operations without understanding the full trust boundary.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The manifest says the skill manages TickTick tasks and projects with OAuth2, but the documentation also includes attachment upload of arbitrary local files and use of a browser session cookie against a different web API. That mismatch obscures materially different and more sensitive behavior, increasing the risk of unintended credential handling and data exfiltration.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill presents itself as OAuth2-based, but the documented attachment functionality depends on a browser session cookie and a separate web API. This is a security-relevant interface discrepancy because operators may assume the stronger OAuth trust model applies to all features when it does not.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill description focuses on tasks and projects, but the documented behavior also uploads arbitrary local files to a remote service. Because file transmission is more sensitive than ordinary task metadata management, omitting it from the high-level description can mislead users about privacy and data handling risks.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The attachment instructions enable sending arbitrary local files to TickTick without an explicit, prominent warning that file contents leave the local environment. In an agent context, that raises the chance of accidental disclosure of sensitive documents, tokens, or personal data.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The manual curl example instructs users to read a session cookie from local config and send it along with file contents to a remote endpoint, but it lacks strong safety guidance around credential exposure and secret handling. Session cookies can grant account access, so normalizing manual extraction and retransmission materially increases misuse and leakage risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This code stores the OAuth client secret, access token, and refresh token in a JSON file on disk. Although it attempts restrictive file permissions, plaintext secret storage increases the risk of credential theft from backups, malware, local compromise, or multi-user environments, especially because refresh tokens provide persistent access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal