Toggle
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill largely matches its stated purpose, but its memory-saving mode has unsafe file-write bugs that can corrupt or unexpectedly write local memory files while handling sensitive activity history.
Install only if you are comfortable giving the agent access to your ToggleX activity history. Avoid the `--persist` and cron modes until the file-write bugs are fixed; if you do use them later, back up your memory folder, limit date ranges, and keep the Toggle API key revocable.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent may retain and reuse detailed records of what you worked on, which sites were involved, and related project context.
The skill intentionally retrieves detailed personal/work activity and can store raw results in the agent memory area for later reuse.
ToggleX captures the user's work sessions, projects, focus scores, and context switches across the web ... Fetch + save to memory | `python3 {baseDir}/scripts/toggle.py --persist {baseDir}/../../memory`Use persistence only if you want this activity history stored in agent memory; prefer limited date ranges and periodically review or delete saved memory files.
Anyone with access to this environment variable may be able to fetch your Toggle activity data.
The script uses a Toggle API key as delegated access to the ToggleX service; the code sends it to the disclosed Toggle endpoint and does not show hardcoded or logged secrets.
api_key = os.environ.get("TOGGLE_API_KEY") ... "x-openclaw-api-key": api_keyUse a revocable, least-privileged API key if available, keep it out of chat, and rotate it if exposed.
If enabled, Toggle data may be fetched and saved on a recurring schedule rather than only when you ask.
The script checks for a recurring OpenClaw cron job and guides the agent to ask the user about scheduled refreshes; it does not create the cron job by itself.
CRON_JOBS_PATH = os.path.expanduser("~/.openclaw/cron/jobs.json") ... "Ask the user: \"How often do you want to refresh your Toggle data? (default: every hour)\"Only enable scheduled sync if you want ongoing collection; set `cron_disabled: true` or remove the cron job if you prefer manual use.
A repeated `--persist` run, especially from cron, could damage daily memory notes or create very large files.
The empty start/end markers make the replacement regex match far too broadly, potentially inserting the Toggle section many times and corrupting or massively expanding existing memory files.
TOGGLE_START = ""
TOGGLE_END = ""
...
pattern = re.compile(rf"{re.escape(TOGGLE_START)}.*?{re.escape(TOGGLE_END)}", re.DOTALL)
...
content = pattern.sub(lambda _: section, content)Do not use `--persist` or scheduled sync until this is fixed; the script should use non-empty sentinel markers, atomic writes, backups, and tests for existing-file updates.
A bad or compromised API response could cause unexpected local file writes within the user's permissions.
The local output filename is derived directly from API response keys without validating that `day` is a safe YYYY-MM-DD basename, so malformed response data could write outside the intended memory directory.
workflows_by_date = data.get("workflowsByDate", {})
for day, workflows in workflows_by_date.items():
persist_day(memory_dir, day, workflows)
...
path = os.path.join(memory_dir, f"{day}.md")Validate `day` with a strict date regex, resolve the final path, and reject writes that escape the chosen memory directory.