things-mac
Manage Things 3 via the `things` CLI on macOS (add/update projects+todos via URL scheme; read/search/list from the local Things database). Use when a user asks OpenClaw to add a task to Things, list inbox/today/upcoming, search tasks, or inspect projects/areas/tags.
92
Quality
93%
Does it follow best practices?
Impact
96%
3.55xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W013: Attempt to modify system services in skill instructions
What this means
The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.
Why it was flagged
Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill instructs using a CLI that can read and modify the local Things database and explicitly tells users to grant macOS "Full Disk Access" (a privileged bypass of privacy protections), but it does not ask the agent to run sudo, create users, or edit system/sudo-protected files directly, so it is security-sensitive but not maximally dangerous.
- Repository
- trpc-group/trpc-agent-go
- Commit
8763418
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.