Skillv1.0.0

ClawScan security

Toggl-Optimized-V2 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 2, 2026, 1:26 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared registry metadata doesn't match its runtime instructions: SKILL.md asks you to export a Toggl API token (and the script reads it) but the skill did not declare any required credentials; the included script is incomplete and there are inconsistencies between the README and files — proceed with caution and verify before use.
Guidance: This skill looks like it intends to use your Toggl API token, but the registry metadata failed to declare that requirement and the included shell script is incomplete. Before installing: (1) do not provide your TOGGL_API_TOKEN to an unknown publisher without review; (2) ask the publisher for a complete script or an explanation of how PDF/JSON reports are generated and where network calls occur; (3) inspect or run the script in a safe sandbox to confirm it only calls Toggl endpoints and doesn't exfiltrate data elsewhere; (4) prefer skills that declare required env vars/credentials in metadata so automated checks can apply. If you can't verify the code or trust the author, avoid installing or limit the token's scope (rotate it after testing).

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (Toggl reporting) legitimately requires a Toggl API token and possibly a workspace ID, and the SKILL.md instructs the user to set TOGGL_API_TOKEN and TOGGL_WORKSPACE_ID. However, the registry metadata lists no required environment variables or primary credential — that's an inconsistency that could confuse permission reviews or automated policy checks.
Instruction Scope: concernSKILL.md promises direct curl examples and a reporting script that produces JSON/PDF reports. The provided scripts/toggl_report.sh is tiny and incomplete (just reads env vars and parameters; network calls and PDF generation are not present). That mismatch means the runtime behavior is unclear and the agent instructions are incomplete or out-of-date.
Install Mechanism: okThere is no install spec (instruction-only skill plus two small files). That is low-risk from an install/execution perspective — nothing is being downloaded or written by an automated installer.
Credentials: concernThe SKILL.md explicitly asks for TOGGL_API_TOKEN (and optionally WORKSPACE_ID), and the script reads those env vars, but the skill metadata declares no required env or primary credential. Requesting an API token for Toggl itself is proportionate to the task, but the missing declaration is an ownership/visibility problem and may hide that the skill needs secrets.
Persistence & Privilege: okThe skill is not marked always:true and does not request system config paths or modify other skills. Autonomous invocation is allowed (platform default) but there are no elevated persistence privileges requested.