v1.0.0

Toil Tracker

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 3:49 PM.

Analysis

This instruction-only skill is coherent for measuring operational toil, with a minor note that its example may use a PagerDuty API token to read incident data.

GuidanceThis skill appears safe to install as an instruction-only toil analysis guide. Before using its PagerDuty or ticket-system examples, make sure any API token is read-only and limited to the operational data you intend to analyze.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

curl -s "https://api.pagerduty.com/incidents?..." \
  -H "Authorization: Token token=$PD_TOKEN"

The skill provides a purpose-aligned example that would use a PagerDuty API token to read incident data for toil analysis. This is disclosed and read-oriented, but it involves delegated access to an operational account.

User impactIf you use this example, the agent or user running it may access PagerDuty incident metadata such as services and incident counts.

RecommendationUse a least-privileged, read-only PagerDuty token where possible, avoid exposing the token in logs or chat, and confirm the date range and data source before running the command.