滴答清单
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent Dida task-management helper, but it asks the agent to install a global CLI and authenticate to your Dida account, so review those setup steps before use.
Install only if you trust the @suibiji/dida-cli package and are comfortable giving it access to your Dida account. Prefer OAuth over pasting an API token, confirm any delete or bulk-change request carefully, and log out or revoke access when you no longer need the integration.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI can modify the local environment and will run code supplied by the npm package.
The skill instructs installation of a global, unpinned npm package. This is central to the CLI-based purpose, but it depends on trusting the external package source.
npm install -g @suibiji/dida-cli
Confirm the package name and publisher before installing, and prefer a trusted/pinned version if available.
The authenticated CLI may create, update, complete, move, or delete tasks in the user's Dida account.
The skill requires OAuth login or a direct API token so the CLI can access the user's Dida account. This is expected for task management, but it is privileged account access.
dida auth login ... dida auth token <token> # set access token directly
Use OAuth when possible, avoid sharing API tokens unnecessarily, and revoke/logout if you no longer want the CLI to have access.
Incorrect or misunderstood commands could change or remove task data, though the skill includes confirmation guidance for destructive cases.
The skill exposes commands that mutate or delete task data, but it also instructs the agent to require clear user intent for destructive operations.
dida task update ... dida task complete ... dida task delete ... For delete and other destructive operations, the user must clearly ask for it.
Review task IDs, project IDs, and deletion requests before approving changes, especially for vague cleanup requests.