Back to skill
Skillv1.0.0
VirusTotal security
Toggl-Optimized-V2 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:52 AM
- Hash
- bd0e93ac0b424a689231823ba0f3e6c08442920b73311fd8283a601fb72704e2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: toggl-optimized-v2 Version: 1.0.0 The `scripts/toggl_report.sh` file takes command-line arguments (`$1`, `$2`, `$3`, `$4`) directly without any input sanitization. While the script is incomplete and does not currently execute any commands, its stated purpose of making 'direct API v3 calls' via a 'shell script' strongly implies these unsanitized inputs would be used in subsequent `curl` or similar commands, creating a significant shell injection vulnerability risk.
- External report
- View on VirusTotal