TickTick CLI
Security checks across malware telemetry and agentic risk
Overview
This looks like a legitimate TickTick command-line skill, but it can read and change your TickTick tasks and stores OAuth tokens locally in plaintext.
Install only if you are comfortable giving this skill read/write access to your TickTick tasks and projects. Protect the plaintext credential file, revoke the OAuth app when you no longer need it, and require confirmation before task/project mutations such as complete, abandon, batch-abandon, or project updates.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any process that can read that file may be able to access or modify the user's TickTick tasks.
The skill stores TickTick OAuth client secrets and tokens locally, giving ongoing access to the user's TickTick account.
Tokens are stored in `~/.clawdbot/credentials/ticktick-cli/config.json` ... "clientSecret" ... "accessToken" ... "refreshToken" ... Note: Credentials are stored in plaintext.
Use this only if you trust the skill with TickTick task access, protect the config file, revoke the OAuth app if no longer needed, and delete the config or log out when finished.
An agent or script using the skill can accidentally complete, abandon, rename, or create TickTick items if given the wrong instruction or task ID.
The CLI exposes account-mutating task and project commands, including a batch operation, without an additional confirmation layer.
.command("complete <task>") ... .command("abandon <task>") ... .command("batch-abandon <taskIds...>") ... .command("list <name>")Require explicit user approval before running write or batch commands, prefer task/project IDs, and review JSON output before follow-up mutations.
Private task titles, descriptions, tags, or other task data may be exposed to the agent session or logs, and task text should not be treated as trusted instructions.
By default the task-listing command can collect tasks from all projects and print full JSON into the agent's context.
let searchProjects = projects; ... console.log(JSON.stringify(filteredTasks, null, 2));
Use project/status filters where possible, avoid storing secrets in TickTick tasks, and treat returned task content as data rather than instructions.
A future dependency resolution could install different package versions than the reviewer saw.
The runtime dependencies are version ranges rather than pinned versions, and the supplied artifacts do not include a lockfile or install spec.
"dependencies": { "commander": "^12.0.0", "open": "^10.0.0" }Install in an isolated environment, pin dependencies with a lockfile if operationalizing this skill, and verify dependency provenance.