ClawHub

Ticktick Linux

v1.0.0

Manage TickTick tasks (add, list, complete) via the local `tickrs` CLI.

1· 1.5k·0 current·0 all-time
by@davidsmorais
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (manage TickTick via tickrs) matches the declared requirements: the SKILL.md only invokes the tickrs CLI and the required env vars (TICKTICK_CLIENT_ID, TICKTICK_CLIENT_SECRET) are plausible for TickTick authentication. One oddity: the required binary is an absolute path (/home/david/.cargo/bin/tickrs) rather than a generic 'tickrs' on PATH, which is brittle and unusual but not itself malicious.
Instruction Scope
SKILL.md only contains commands that call the local tickrs binary to list/create/complete tasks and to run tickrs init for authentication. It does not instruct reading other files, scanning the filesystem, or sending data to unrelated endpoints. It does assume the binary lives at the hard-coded path.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded or written by the skill itself. This minimizes install-time risk. The skill relies entirely on an existing local tickrs binary.
Credentials
Requesting TICKTICK_CLIENT_ID and TICKTICK_CLIENT_SECRET is proportionate for a TickTick integration, but these are sensitive secrets. The skill declares only these two env vars and does not reference unrelated credentials. Note: providing a client secret to a skill (or placing it in environment) has risk — verify you trust the binary and understand where tokens will be stored.
Persistence & Privilege
always is false and the skill has no install steps or code that attempts to modify agent/system configuration. It does not request persistent privileges or modify other skills.
Assessment
This skill appears to be a thin wrapper that runs your local tickrs CLI. Before installing: 1) Confirm you have the tickrs binary and that it's trustworthy (inspect source/release and the installed binary). Note the SKILL expects it at /home/david/.cargo/bin/tickrs — if your binary is elsewhere, the skill will fail or you should edit the path. 2) Be cautious with TICKTICK_CLIENT_ID and TICKTICK_CLIENT_SECRET — only set them if you understand how you manage secrets (avoid pasting them into chat). Alternatively run `~/.cargo/bin/tickrs init` manually to authenticate and let the CLI store tokens locally instead of exporting long-lived secrets. 3) Because this is instruction-only, there is no code to audit in the skill bundle; the main risk surface is the local tickrs binary and how it handles credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk972adf4ej7mb815afgjxf0a5580dpp9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Bins/home/david/.cargo/bin/tickrs
EnvTICKTICK_CLIENT_ID, TICKTICK_CLIENT_SECRET

Comments