ClawHub

Toggl Track

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Toggl Track integration that needs a Maton API key and can change Toggl records, but its sensitive actions are purpose-aligned and documented.

Install only if you want an agent to access Toggl Track through Maton. Treat MATON_API_KEY as a bearer secret, avoid printing or pasting it, verify the intended Maton connection and workspace before use, and require the agent to show the exact record before creating, updating, deleting, or changing OAuth connections.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest description claims the skill is for time entries, projects, clients, and tags, but the body also exposes user/workspace reads and connection-management operations. This scope mismatch can mislead users or higher-level agents about what actions and data exposure are actually possible, increasing the chance of overbroad use without informed consent.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill includes connection lifecycle management endpoints that go beyond ordinary Toggl resource operations and can change which external account is linked or active. That broadens the control surface to identity and authorization state, which is more sensitive than the stated business purpose and could enable unintended account switching or connection deletion.

Description-Behavior Mismatch

Low
Confidence
77% confidence
Finding
The documentation states access to workspaces in addition to the narrower resource categories advertised in the manifest. Even if read-only, this broadens accessible organizational metadata and can undermine least-privilege expectations set by the skill description.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The troubleshooting step tells users to print the MATON_API_KEY directly with `echo $MATON_API_KEY` and does not warn against exposing it in shared terminals, logs, recordings, or chat. API keys are bearer secrets, so revealing them can let anyone who sees the output invoke the proxied third-party APIs and manage connections.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal