Back to skill
Skillv1.0.0
VirusTotal security
TickTick CLI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:00 AM
- Hash
- 87cdf790f7706a46ba040639739d837409ba826ee451b1e9693b0c8652d8870a
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: ticktick Version: 1.0.0 The OpenClaw AgentSkills skill bundle for TickTick is benign. It provides a command-line interface for managing TickTick tasks and projects, utilizing standard OAuth2 for authentication. Credentials (client ID/secret, access/refresh tokens) are stored in the designated secure location `~/.clawdbot/credentials/ticktick-cli/config.json` with restrictive file permissions (0o600). All network communication is directed to the legitimate TickTick API (`https://api.ticktick.com/open/v1` and `https://ticktick.com/oauth`). The `SKILL.md` documentation provides clear, non-malicious instructions for both human users and AI agents, with no evidence of prompt injection attempts or instructions to perform unauthorized actions. There is no indication of data exfiltration, malicious execution, persistence, or obfuscation.
- External report
- View on VirusTotal