Tiny Talking Todos
v0.1.2Manage TinyTalkingTodos lists and items via the ttt CLI
⭐ 1· 1.8k·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the runtime instructions. The only required binary is `ttt`, which is exactly what the SKILL.md instructs the agent to run. Examples and commands align with a todo-CLI purpose.
Instruction Scope
SKILL.md confines actions to running `ttt` CLI commands (list/create/update/delete/undo/daemon). It does not instruct reading unrelated system files or contacting endpoints beyond the service the CLI integrates with. Commands that touch auth and daemon behavior are expected for a CLI client.
Install Mechanism
The skill is instruction-only (no automatic install), but SKILL.md recommends installing `@ojschwa/ttt-cli` from npm. That is a plausible, proportional install route for a CLI; users should verify the npm package and publisher before installing. Absence of an automated install spec means no code will be written by the skill itself.
Credentials
The skill declares no required env vars. SKILL.md mentions `ttt auth export` which exports CLI credentials as environment variables for scripts—this is reasonable for automation, but users should be aware those tokens may appear in the environment and take care not to expose them. The skill does not request unrelated credentials.
Persistence & Privilege
No `always: true`. default invocation settings allow autonomous invocation (platform default) but the skill does not request persistent system-level privileges or modify other skills/configs. Its daemon behavior pertains to the CLI's own process, not the agent.
Assessment
This skill appears coherent and only needs the `ttt` CLI. Before installing or using it: 1) verify the npm package and publisher (@ojschwa) and the TinyTalkingTodos site; 2) confirm you trust the `ttt` binary on your PATH (it will make network calls to your account); 3) be careful with `ttt auth export` because it places tokens in the environment—don't export tokens into shells or CI where they can leak; and 4) if you want stronger assurance, inspect the npm package source or prefer installing from a vetted release. If you have sensitive data in todos, consider the privacy implications of giving a CLI network access to that data.Like a lobster shell, security has layers — review code before you run it.
latestvk97d613hmht7sfhp0fcjrg9e5d80fc9t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
✅ Clawdis
Binsttt