Is flexoid/ticktick-full safe?

https://github.com/openclaw/skills/tree/main/skills/flexoid/ticktick-full

96
SAFE

This is a documentation-only skill that provides instructions for using the TickTick CLI tool. It contains only markdown reference files with no executable code, scripts, or suspicious network behavior.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW Instructs to bypass pre-checks -10

The skill instructs the agent to 'Execute the requested ticktick ... command first. Do not run version or tool-presence pre-checks.' While this is within the legitimate scope of a CLI wrapper, it does override normal safety validation procedures.

INFO Requires API credentials -10

The skill requires TickTick API credentials and user credentials to be stored in environment variables. While this is normal for CLI authentication, it does involve handling sensitive data.