Back to skill
Skillv1.0.0
ClawScan security
Ticktick Cli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:27 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement a legitimate TickTick CLI, but there are packaging and disclosure inconsistencies (notably the runtime requirement for Bun is not declared and credentials are stored in plaintext), so you should review and trust the source before installing.
- Guidance
- This skill is functionally coherent with a TickTick CLI, but note two things before installing: (1) the skill and SKILL.md assume the Bun runtime (commands use 'bun run' and the main script has a bun shebang), yet the metadata does not list Bun as a required binary — make sure Bun is installed and that you trust running Bun scripts from this source. (2) OAuth tokens and your client secret are stored in plaintext at ~/.clawdbot/credentials/ticktick-cli/config.json (the code tries to set 700/600 perms but the file is still plaintext); treat this file as sensitive or consider storing credentials in a secure vault instead. Verify the skill's source/owner, and if you need stronger guarantees, inspect the included scripts locally before running them.
Review Dimensions
- Purpose & Capability
- noteThe code and SKILL.md match the stated purpose (TickTick task/project management via OAuth). However the skill's metadata declares no required binaries while the instructions and scripts use the Bun runtime (commands like 'bun run scripts/ticktick.ts' and a #!/usr/bin/env bun shebang). The absence of a declared required binary for Bun is an inconsistency that could cause confusion or unexpected behavior.
- Instruction Scope
- okRuntime instructions and included code stay within the stated purpose: initiating OAuth with TickTick, calling TickTick API endpoints (api.ticktick.com), and providing task/project CRUD operations. The SKILL.md and code explicitly document where tokens are stored and how auth flows work. No instructions attempt to read unrelated system files or send data to external endpoints other than TickTick's OAuth/API hosts.
- Install Mechanism
- noteThere is no install spec (instruction-only), but the package actually includes runnable source files and a package.json. The runtime assumes Bun is available; dependencies (commander, open) are standard Node-style deps. Nothing is downloaded from unknown URLs and no archive extraction occurs. Still, packaging as 'no install' while providing code that requires Bun is a packaging mismatch to be aware of.
- Credentials
- okThe skill asks for no environment variables and the only secrets required are the TickTick OAuth client ID/secret provided interactively or via CLI flags — which is appropriate for an OAuth-based CLI. There are not multiple unrelated credentials requested.
- Persistence & Privilege
- okThe CLI writes its own credentials to ~/.clawdbot/credentials/ticktick-cli/config.json and attempts to set restrictive permissions. It does not modify other skills or system-wide configuration. always:false and normal agent invocation are used.