grtninja/things-mac
skill-candidates/things-mac/SKILL.md
Manage Things 3 via the `things` CLI on macOS (add/update projects+todos via URL scheme; read/search/list from the local Things database). Use when a user asks OpenClaw to add a task to Things, list inbox/today/upcoming, search tasks, or inspect projects/areas/tags.
$ install --global
skillsauthnpx skillsauth add grtninja/skill-arbiter things-macInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 2:43 PM13.0s2 files scanned
SKILL.md
- name:
- things-mac
- description:
- Manage Things 3 via the `things` CLI on macOS (add/update projects+todos via URL scheme; read/search/list from the local Things database). Use when a user asks OpenClaw to add a task to Things, list inbox/today/upcoming, search tasks, or inspect projects/areas/tags.
Things 3 CLI
Use things to read your local Things database (inbox/today/search/projects/areas/tags) and to add/update todos via the Things URL scheme.
Setup
- Install (recommended, Apple Silicon):
GOBIN=/opt/homebrew/bin go install github.com/ossianhempel/things3-cli/cmd/things@latest - If DB reads fail: grant Full Disk Access to the calling app (Terminal for manual runs;
OpenClaw.appfor gateway runs). - Optional: set
THINGSDB(or pass--db) to point at yourThingsData-*folder. - Optional: set
THINGS_AUTH_TOKENto avoid passing--auth-tokenfor update ops.
Read-only (DB)
things inbox --limit 50things todaythings upcomingthings search "query"things projects/things areas/things tags
Write (URL scheme)
- Prefer safe preview:
things --dry-run add "Title" - Add:
things add "Title" --notes "..." --when today --deadline 2026-01-02 - Bring Things to front:
things --foreground add "Title"
Examples: add a todo
- Basic:
things add "Buy milk" - With notes:
things add "Buy milk" --notes "2% + bananas" - Into a project/area:
things add "Book flights" --list "Travel" - Into a project heading:
things add "Pack charger" --list "Travel" --heading "Before" - With tags:
things add "Call dentist" --tags "health,phone" - Checklist:
things add "Trip prep" --checklist-item "Passport" --checklist-item "Tickets" - From STDIN (multi-line => title + notes):
cat <<'EOF' | things add -Title lineNotes line 1Notes line 2EOF
Examples: modify a todo (needs auth token)
- First: get the ID (UUID column):
things search "milk" --limit 5 - Auth: set
THINGS_AUTH_TOKENor pass--auth-token <TOKEN> - Title:
things update --id <UUID> --auth-token <TOKEN> "New title" - Notes replace:
things update --id <UUID> --auth-token <TOKEN> --notes "New notes" - Notes append/prepend:
things update --id <UUID> --auth-token <TOKEN> --append-notes "..."/--prepend-notes "..." - Move lists:
things update --id <UUID> --auth-token <TOKEN> --list "Travel" --heading "Before" - Tags replace/add:
things update --id <UUID> --auth-token <TOKEN> --tags "a,b"/things update --id <UUID> --auth-token <TOKEN> --add-tags "a,b" - Complete/cancel (soft-delete-ish):
things update --id <UUID> --auth-token <TOKEN> --completed/--canceled - Safe preview:
things --dry-run update --id <UUID> --auth-token <TOKEN> --completed
Delete a todo?
- Not supported by
things3-cliright now (no “delete/move-to-trash” write command;things trashis read-only listing). - Options: use Things UI to delete/trash, or mark as
--completed/--canceledviathings update.
Notes
- macOS-only.
--dry-runprints the URL and does not open Things.
Guardrails
- Use local or trusted tools only; avoid untrusted install pipelines.
- Do not paste secrets/tokens into chat output.
- Keep outputs in deterministic local paths for reproducible review.
Related Skills
grtninja/white-hat
tools
VerifiedTrustedCommunity
Run a defender-first security sweep on code, configs, prompts, model/tooling surfaces, or third-party contribution lanes. Use when a request involves safe bug, leak, zero-day-class, exploit, or hack hunting for protection, when contributing to outside repositories and you want a focused security pass, or when touching auth, secrets, permissions, network exposure, prompt/tool boundaries, data flow, or update/build surfaces. This skill is defensive only and must never be used for weaponization or unauthorized access.
2SKILL.mdUpdated Apr 22, 2026
grtninja/vrm-sandbox-startup-acceptance
development
VerifiedTrustedCommunity
Validate and repair VRM Sandbox startup acceptance with shim-first local model authority, frontend/backend bring-up, and avatar-runtime launch proof. Use when launch behavior, chat handoff, voice fallback, or runtime bridge acceptance must be verified end to end.
2SKILL.mdUpdated Apr 22, 2026
grtninja/voice-catalog-runtime-alignment
documentation
VerifiedTrustedCommunity
Align documented voice-command catalogs, endpoint action allowances, and live runtime handlers so operator-visible voice surfaces match what the stack can actually execute. Use when voice command docs, parser matrices, endpoint permissions, or runtime action routing drift apart.
2SKILL.mdUpdated Apr 22, 2026
grtninja/skillhub-trend-radar
development
VerifiedTrustedCommunity
Track SkillHub trend and topic drift, maintain a bounded rewrite watchlist, and surface emerging gaps worth turning into repo-owned skills. Use when the marketplace query set shows new families or when the current shortlist has gone stale.
2SKILL.mdUpdated Apr 22, 2026