← 返回 Skills 市场
gianni-dalerta

tick-md

作者 Gianni D'Alerta · GitHub ↗ · v1.3.3
cross-platform ⚠ suspicious
1501
总下载
3
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install tick-md
功能描述
Multi-agent task coordination via Git-backed Markdown. Claim tasks, prevent collisions, track history with automatic commits.
安全使用建议
This skill appears to implement a legitimate git-backed multi-agent coordination system, but packaging and metadata are inconsistent and the tool can modify editor configuration and (with permission) push to remote git. Before installing or enabling it: - Verify the upstream packages (tick-md and tick-mcp-server) come from a trusted source (check the npm publisher, GitHub repo links) before running npm install -g. - Do NOT allow edits to your editor MCP config or run tick sync --push until you have inspected what those edits will contain. Back up any config files listed in the docs first. - If you want to test, do so in a throwaway repository (no sensitive data, no upstream remotes) so that any automated claims/edits remain local. - Ensure required system tools (git, jq, a shell, Node >=18) are present if you plan to run suggested scripts, and confirm those dependencies are declared by the publisher. - Ask the publisher (or registry) to fix the metadata mismatches: the registry summary should accurately reflect required binaries, config paths, and any network access. If the publisher cannot explain the mismatches, treat the package as higher risk. - If you enable MCP integration, restrict it to a workspace or environment with limited access and monitor git activity; only approve pushes when you review staged changes and commit messages.
功能分析
Type: OpenClaw Skill Name: tick-md Version: 1.3.3 The skill is designed for multi-agent task coordination using Git-backed Markdown files. It transparently declares its requirements for `git` and network access for `npm` and `git remote`. Crucially, the `SKILL.md`, `INSTALL.md`, `CHANGELOG.md`, and role-specific instructions (`roles/ORCHESTRATOR.md`, `roles/WORKER.md`) repeatedly and explicitly instruct the AI agent to ask for user approval before performing sensitive actions like pushing to remote Git repositories (`tick sync --push` or `git push`) or modifying editor MCP configuration files. This strong emphasis on user consent and proactive security measures, including a changelog entry detailing security clarifications, indicates a design focused on safe operation rather than malicious intent. The capabilities provided are necessary for its stated purpose, and the prompt injection surface is used defensively to enforce safety boundaries.
能力评估
Purpose & Capability
SKILL.md, INSTALL.md, README.md and mcp-reference all describe a CLI (tick, tick-mcp-server) and MCP integration — that is coherent with the described purpose. However the registry summary at the top of the bundle (the 'Requirements' section you provided) claims 'no required binaries / env / config paths', while skill.json, INSTALL.md, and CHANGELOG explicitly list required binaries (tick, tick-mcp, git), npm packages, Node runtime, and editor MCP config paths. This mismatch between registry metadata and the included files is an inconsistency that should be resolved before trusting the package metadata.
Instruction Scope
The SKILL.md instructions stay within the expected scope for a Git-backed task coordination tool: creating/claiming tasks, status checks, and interacting with an MCP server. The docs explicitly require explicit user approval before editing editor MCP config files and before any remote push. Two things to note: (1) worker role includes a shell check-in script and examples that pipe JSON to grep/jq and call tick sync --pull, implying the environment must have shell utilities (jq, grep) — these utilities are not declared in the top-level 'Requirements' you provided; (2) some instructions are open-ended (e.g., 'do the actual work') which gives an agent discretion to modify project files; while expected for a worker role, it increases the need for clear user approval boundaries.
Install Mechanism
This is instruction-only in the registry (no install spec executed by the platform), which is low-risk by itself. The included INSTALL.md instructs users to run 'npm install -g tick-md tick-mcp-server' and add MCP config entries; that is a standard npm install path but is not automatically performed by the platform. There are no opaque download URLs or archive extracts in the skill package. The mismatch between 'no install spec' in the top registry summary and the documentation that requires npm installs is an implementation/metadata inconsistency to be aware of.
Credentials
The functional features legitimately require the tick CLI, an MCP server, git, and the ability to edit editor MCP config files (to expose tick_* MCP tools). Those are proportionate to a tool that integrates with editors and performs git-backed operations. However: (1) the registry metadata you supplied initially lists no required config paths/env, while the skill.json and docs do list editor config paths and network access; (2) the instructions and examples explicitly name user config files in home directories (~/.cursor/mcp_config.json, VS Code settings, etc.), which are sensitive locations — editing them would grant the assistant a persistent integration point; (3) the worker scripts depend on system utilities like jq which are not declared; (4) while the docs say never to run sync --push without explicit approval, the capability to push to remote git and to alter editor MCP config files is significant and must only be enabled with careful, explicit user consent. These facts make the environment/credential surface larger than the simple 'no env vars' claim at the top indicates.
Persistence & Privilege
always:false (not force-included) and autonomous invocation is allowed (the platform default). The skill guides users to add tick-mcp to editor MCP configuration so the assistant can call tick_* MCP tools programmatically; that is consistent with the skill's purpose but does grant a persistent integration point if the user edits their editor config. The package does not request 'always:true' or attempt to modify other skills. The key risk here is user consent: enabling MCP tools and allowing git pushes increases the agent's operational privileges — the skill's docs explicitly gate pushes and config edits by requiring explicit approval, which mitigates the concern if followed.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install tick-md
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /tick-md 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.3
- Updated documentation to clarify that 'tick sync --push' should only be used with explicit user approval. - Revised 'Command Reference' section: recommend 'tick sync --pull' by default, with pushing commands commented out. - No functional or code changes; documentation consistency and safety emphasis improved.
v1.3.2
- Added explicit safety boundaries: always ask for user approval before editing MCP configs or pushing to remote git. - Updated documentation in SKILL.md to include approval requirements and clarify read-only behavior when approval is missing. - Added new role documents: ORCHESTRATOR.md and WORKER.md. - Updated installation and usage documentation (README.md, INSTALL.md, CHANGELOG.md). - Refined and clarified command references and workflow examples.
v1.2.1
v1.2.1: Updated docs with new commands (reopen, delete, edit, undo, import, batch), MCP tools reference, and examples
v1.2.0
v1.2.0: Added reopen, delete, edit, undo, import, and batch commands
v1.1.2
Add OpenClaw multi-agent setup guide with shared repo, deploy keys, AGENTS.md and HEARTBEAT.md integration
v1.1.1
ClawHub release: CLI v1.1.0 with auto-commit, MCP server, dashboard
v1.1.0
Initial ClawHub release: Multi-agent task coordination with auto-commit, MCP server, CLI, and dashboard. Git-backed audit trail, file locking, dependency tracking.
元数据
Slug tick-md
版本 1.3.3
许可证
累计安装 0
当前安装数 0
历史版本数 7
常见问题

tick-md 是什么?

Multi-agent task coordination via Git-backed Markdown. Claim tasks, prevent collisions, track history with automatic commits. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1501 次。

如何安装 tick-md?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tick-md」即可一键安装,无需额外配置。

tick-md 是免费的吗?

是的,tick-md 完全免费(开源免费),可自由下载、安装和使用。

tick-md 支持哪些平台?

tick-md 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 tick-md?

由 Gianni D'Alerta(@gianni-dalerta)开发并维护,当前版本 v1.3.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论