ClawHub

ticktick-official-cli

Security checks across malware telemetry and agentic risk

Overview

This is a coherent TickTick/Dida365 task-management CLI skill, but it handles real account tokens and can change or delete tasks and projects.

Install only if you are comfortable giving this skill read/write access to your Dida365/TickTick account. Treat files under ~/.config/ticktick-official/ as secrets, avoid running login in terminals that are logged or shared, confirm exact project/task names before deletion, and do not use --item-json @path with files that may contain sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to run local scripts that perform network access to dida365.com and read/write sensitive OAuth configuration and tokens, but it declares no permissions. This creates a transparency and consent gap: users or hosting platforms may not realize the skill can open browser-based auth flows, persist credentials under ~/.config, and modify local state.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script persists the OAuth client secret and access token to predictable local files under ~/.config without setting restrictive file permissions or warning the user that sensitive credentials are being stored. On multi-user systems, shared environments, backups, or misconfigured umasks, these files may be readable by other processes or users, enabling unauthorized API access.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
#### [Delete Task](#/openapi?id=delete-task)

```
DELETE /open/v1/project/{projectId}/task/{taskId}
```

##### [Parameters](#/openapi?id=parameters-4)
Confidence
84% confidence
Finding
DELETE /open/v1/project/{projectId}/task/{taskId}

Tool Parameter Abuse

High
Category
Tool Misuse
Content
###### [Request](#/openapi?id=request-4)

```
DELETE /open/v1/project/{{projectId}}/task/{{taskId}} HTTP/1.1
Host: api.dida365.com
Authorization: Bearer {{token}}
```
Confidence
83% confidence
Finding
DELETE /open/v1/project/{{projectId}}/task/{{taskId}}

Tool Parameter Abuse

High
Category
Tool Misuse
Content
#### [Delete Project](#/openapi?id=delete-project)

```
DELETE /open/v1/project/{projectId}
```

##### [Parameters](#/openapi?id=parameters-9)
Confidence
88% confidence
Finding
DELETE /open/v1/project/{projectId}

Tool Parameter Abuse

High
Category
Tool Misuse
Content
###### [Request](#/openapi?id=request-9)

```
DELETE /open/v1/project/{{projectId}} HTTP/1.1
Host: api.dida365.com
Authorization: Bearer {{token}}
```
Confidence
87% confidence
Finding
DELETE /open/v1/project/{{projectId}}

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal