Back to skill

Security audit

Toggl

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward Toggl time-tracking helper, with expected token setup and CLI commands but some safety cautions around deletion and credential handling.

Install only if you are comfortable granting the configured CLI access to your Toggl account. Keep the Toggl API token private, avoid pasting or logging config contents, and require a clear preview plus confirmation before deleting any time entry.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases include very broad terms like "timer," "track time," and "what am I working on," which can match ordinary conversation and cause the skill to activate unexpectedly. In an agent setting, overbroad activation can lead to unintended command execution or disclosure of time-tracking data when the user did not explicitly intend to use Toggl.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents a destructive deletion command (`toggl rm <id>`) without any warning, preview, or confirmation step. In an agent workflow, this increases the risk of accidental loss of time entries if the user request is misunderstood, the wrong ID is selected, or a malicious prompt steers the agent toward deletion.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill instructs users to store a Toggl API token in a local configuration file but does not include a clear warning against exposing, logging, or sharing that credential. While this is standard setup material, omission of secure-handling guidance can contribute to credential leakage through screenshots, pasted config files, shell history, or agent output.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.