Ticktick

v0.2.0

Manage TickTick tasks and projects

⭐ 0· 104·0 current·0 all-time

by@halr9000

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for halr9000/ticktick-enhanced.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Ticktick" (halr9000/ticktick-enhanced) from ClawHub.
Skill page: https://clawhub.ai/halr9000/ticktick-enhanced
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ticktick-enhanced

ClawHub CLI

Package manager switcher

npx clawhub@latest install ticktick-enhanced

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Functionality (OAuth flow, calling api.ticktick.com, listing/creating/updating tasks/projects) matches the declared purpose. However, the skill's runtime implicitly requires the 'bun' runtime (scripts use bun shebang and SKILL.md instructs 'bun run ...') but the registry metadata lists no required binaries — that's an inconsistency. Also the package/_meta ownerId in files differs from the registry ownerId, which is unusual and worth verifying with the publisher.

✓

Instruction Scope

SKILL.md and the code confine behavior to task/project management via the TickTick API. The instructions ask you to run an OAuth flow and the code only reads/writes config and credential files under the user's home directory (e.g., ~/.clawdbot/credentials/ticktick-cli and ~/.config/ticktick-skill) and contacts api.ticktick.com. There are no instructions to read unrelated system files or to send data to third-party endpoints beyond TickTick.

ℹ

Install Mechanism

There is no install spec (instruction-only), which is low risk, but the skill ships many TypeScript files and a package.json/package-lock with dependencies. Without an install step, execution depends on the host having the appropriate runtime (Bun) and possibly those dependencies. That mismatch (no declared binary but code assuming 'bun') is a coherence issue: the skill may fail or require manual installation steps, and bundling many dependencies with no automated install increases friction and potential for user mistakes.

✓

Credentials

The skill requests no environment variables or external credentials via registry metadata; at runtime it requires an OAuth client_id and client_secret (saved locally) to access TickTick, which is appropriate for the stated purpose. It writes tokens and config under the user's home directory with file permissions set to restrict access (mode 0700 for dir, 0600 for file), which is proportional and expected.

✓

Persistence & Privilege

The skill does not request always:true and is user-invocable only. It stores its own credentials/config in user-local directories, creates a short-lived local HTTP server during OAuth (listening on localhost:8080) and does not modify other skills or global agent settings. These behaviors are typical for an OAuth-enabled CLI.

What to consider before installing

What to consider before installing: - Runtime requirement: The code and SKILL.md assume the 'bun' runtime (shebangs and 'bun run' commands). The registry lists no required binaries. If you don't have Bun, the skill will likely fail or require manual setup. Confirm whether you are comfortable installing Bun or adjusting the skill to use your environment. - Credentials & storage: You will need to provide a TickTick OAuth client_id and client_secret during initial setup. These are stored under ~/.clawdbot/credentials/ticktick-cli/config.json (file permissions are set to be restrictive). Ensure you trust the skill author before storing OAuth credentials locally. - Metadata mismatch: The embedded _meta.json ownerId differs from the registry Owner ID. This could be an innocuous packaging oversight, but it's worth verifying the publisher/source before granting access to your TickTick account. - Dependencies & install: The repository includes package.json and package-lock.json (many npm deps). There is no install spec, so you may need to manually install dependencies or ensure Bun supports running the TypeScript files as-is. Manual installation increases risk of mistakes — prefer a skill that documents required runtime and install steps. - Local OAuth server: The skill spins up a temporary localhost server to complete OAuth. This is normal for CLI OAuth flows, but be aware it listens on 127.0.0.1:8080 during auth and will open a browser. Ensure you only accept the OAuth redirect you initiated. - Review before running: If you are not comfortable with the small inconsistencies above, ask the publisher for clarification or request a version that declares 'bun' as a required binary and confirms the ownerId/source. If you proceed, inspect the files locally (especially scripts/auth.ts and where credentials are saved) and consider running inside a controlled environment (container) first.

✗

scripts/commands/tasks.ts:34

Environment variable access combined with network send.

scripts/auth.ts:4

File read combined with network send (possible exfiltration).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

adhdvk972ygc1t603f35wsf5m3mtz6x83cvtylatestvk972ygc1t603f35wsf5m3mtz6x83cvtyproductivityvk972ygc1t603f35wsf5m3mtz6x83cvtytasksvk972ygc1t603f35wsf5m3mtz6x83cvty

104downloads

0stars

1versions

Updated 1mo ago

v0.2.0

MIT-0

TickTick Skill

Manage your TickTick tasks and projects directly from OpenClaw.

Setup

Before using, authenticate once (OAuth2):

cd ~/.openclaw/workspace/skills/ticktick
bun run scripts/ticktick.ts auth --client-id YOUR_CLIENT_ID --client-secret YOUR_CLIENT_SECRET

Follow the OAuth flow. Credentials are stored securely in ~/.clawdbot/credentials/ticktick-cli/.

Check status: bun run scripts/ticktick.ts auth --status

Commands

List Projects

/tasks projects or /ticktick projects

Shows all your TickTick projects with IDs and names.

List Tasks

/tasks [options] or /ticktick tasks [options]

List tasks with powerful filtering and sorting.

Options:

--project <name> – Filter by project name or ID
--status <pending|completed> – Filter by status
--due <filter> – Filter by due: today, overdue, none, unspecified
--priority <level> – Filter: high, medium, low, none
--sort <field> – Sort by: due, priority, title, created
--limit <N> – Maximum number of tasks to return
--offset <N> – Skip first N tasks (for pagination)
--group – Group output by project
--format <type> – Output format: plain, rich, json, yaml
--verbose – Show API requests for debugging

Examples:

/tasks --project Work --status pending --sort due
/tasks --due overdue --format rich
/tasks --priority high --limit 20
/tasks --project Hobbies --group

Create Task

/tasks add "<title>" [options]

Options:

--list <project> – Project (required if no default configured)
--due <when> – Due date: "today", "tomorrow", "in 3 days", or ISO date
--priority <low|medium|high> – Priority level
--content "<notes>" – Task description/notes
--tags <tag1 tag2 ...> – Tags to apply

Example:

/tasks add "Upgrade thermostat firmware" --list Hillcrest --due today --priority medium --content "Flash new firmware from repo"

Edit Task

/tasks edit <task-id> [options]

Modify an existing task. Task ID (24-character hex) is required. Obtain IDs from /tasks --json.

Options:

--title "<new title>" – Change title
--content "<new notes>" – Replace content/notes
--due <date> – Change due date
--priority <level> – Change priority (none, low, medium, high)
--tags <tags...> – Replace tags (space-separated)
--json – Output updated task as JSON
--verbose – Show diagnostic info

Examples:

/tasks edit 65a54fce2026ccc8b729349b --priority high
/tasks edit 65a54fce2026ccc8b729349b --due "in 3 days" --content "Urgent: complete this week"

Complete Task

/tasks complete <task-id> [--json] or /tasks done <task-id> [--json]

Mark a task as complete. Both complete and done are aliases. Task ID is required.

Abandon Task

/tasks abandon <task-id> [--json]

Mark a task as "won't do" (abandoned). Task ID is required.

Task Details

/tasks details <task-id> [options]

Show full information about a single task. Task ID is required.

Options:

--json – Output as JSON
--verbose – Show full task object

Example:

/tasks details 65a54fce2026ccc8b729349b

Batch Abandon

/tasks batch-abandon <task-id-1> <task-id-2> ...

Abandon multiple tasks in a single API call using their IDs.

Config

/tasks config get <key> – Get a configuration value /tasks config set <key> <value> – Set a configuration value /tasks config list – Show all config

Configuration keys:

default.project – Default project for add when --list omitted
default.due – Default due date for new tasks ("none", "today", "tomorrow")
display.colors – Enable/disable colored output (true/false)
display.timezone – Timezone for date display (e.g., "America/New_York")

Example:

/tasks config set default.project Personal
/tasks config set default.due none
/tasks config list

Config is stored in ~/.config/ticktick-skill/config.json.

ADHD-Friendly Usage

Morning Triage

Use the following to start your day:

/tasks --due overdue --format rich
/tasks --due today --format rich
/tasks --priority high --format rich

Or combine: /tasks --format rich (shows all pending, sorted by urgency)

Quick Wins

Find small tasks to build momentum:

/tasks --priority low --limit 10 --sort title

Or use /tasks details <id> to assess quickly.

Focus Mode

Show only what needs attention today:

/tasks --due today --sort due

Reduce Overwhelm

Use --limit to avoid seeing everything at once
Group by project: /tasks --group to break into chunks
Use colored output (--format rich) to prioritize by color

Notes

Task IDs: All commands that operate on a specific task require the 24-character hex ID for reliability. Get IDs from /tasks --json.
Project names: Case-insensitive, partial match works (e.g., "Hill" matches "Hillcrest")
Due dates: Flexible parsing supports "today", "tomorrow", "in 3 days", "next monday", and ISO dates (YYYY-MM-DD)
Rate limits: TickTick API allows ~100 requests/minute. The CLI respects limits; if you hit them, wait a minute and retry.
JSON output: Add --json to any command for machine-readable output (useful for scripts)

Troubleshooting

"Task not found"

Verify you're using the correct 24-char task ID
Get fresh IDs with /tasks --json

"Project not found"

List all projects with /tasks projects
Project names are case-insensitive but must match exactly (partial match works)

Authentication errors

Re-run: bun run scripts/ticktick.ts auth
Check credentials exist: ls ~/.clawdbot/credentials/ticktick-cli/

Rate limit exceeded

Wait ~60 seconds and retry
Use --verbose to see request counts

Dates not parsing

Use ISO format: 2026-03-25
Or natural language: tomorrow, in 5 days, next friday

Implementation

Wrapper skill uses bun run scripts/ticktick.ts with --json flag and parses responses. Authentication stored in ~/.clawdbot/credentials/ticktick-cli/.

Command Reference Table

Command	Purpose	Key Options
`projects`	List all projects	–
`tasks`	List tasks	`--project`, `--status`, `--due`, `--priority`, `--sort`, `--limit`, `--group`
`add`	Create task	`--list`, `--due`, `--priority`, `--content`, `--tags`
`edit`	Modify task	`--title`, `--content`, `--due`, `--priority`, `--tags`
`complete` / `done`	Mark complete	–
`abandon`	Mark won't-do	–
`details`	Show full task info	`--json`, `--verbose`
`batch-abandon`	Abandon multiple	`<task-id>...`
`config`	Manage config	`get`, `set`, `list`

Happy task managing!

Comments

Loading comments...