Back to skill
Skillv1.0.0
ClawScan security
Toggl CLI – Time tracking for you and your agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 10, 2026, 5:03 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions match a Toggl CLI, but the package metadata omits the required API token and the runtime instructions ask you to run unreviewed npm code and to store a secret in agent-visible files—this mismatch and the install guidance are concerning.
- Guidance
- This SKILL.md appears to implement a legitimate Toggl CLI, but the metadata failed to declare the TOGGL_API_TOKEN it requires — that's an inconsistency you should understand before installing. If you consider using it: - Review the GitHub repo code yourself (or have a trusted reviewer) before running npm install/link; npm scripts can execute arbitrary code. - Prefer not to put your API token in broadly-loaded shell rc files; store secrets in a secure location and only expose them to the CLI when needed. - Be cautious about adding the token to ~/.claude/.env (it may make the token accessible to agents or tools you run). - If you don't want the agent to act on your Toggl account autonomously, ensure model-invocation is restricted or require explicit user consent when the skill runs. - Ask the publisher to update registry metadata to declare required environment variables and primary credential (TOGGL_API_TOKEN) so the skill's claims and requirements match. If you cannot or will not review the repository and are uncomfortable exposing your Toggl API token, do not install or provide the token.
Review Dimensions
- Purpose & Capability
- okThe name and SKILL.md describe a Toggl CLI that manages time entries, projects, clients, etc. The commands and API endpoints listed are consistent with a Toggl Track integration.
- Instruction Scope
- concernThe runtime instructions explicitly tell the user to set TOGGL_API_TOKEN (and optionally TOGGL_WORKSPACE_ID), to git-clone a GitHub repo and run npm install/build/link. However the skill metadata does not declare any required environment variables. The SKILL.md also recommends placing the API token in ~/.claude/.env (an agent-specific file) or in shell rc files, which has implications for secret exposure and scope of access.
- Install Mechanism
- noteThere is no registry install spec; the SKILL.md instructs manual installation from https://github.com/FroeMic/toggl-cli using git + npm. Installing and linking unreviewed npm code runs arbitrary scripts on the user's machine — a normal choice for a CLI but it increases risk compared to a vetted package. The repository is a public GitHub URL (not a shortener or IP), which is better than an unknown host but still unverified.
- Credentials
- concernThe skill actually requires TOGGL_API_TOKEN (and optionally TOGGL_WORKSPACE_ID), yet the registry metadata lists no required env vars or primary credential. Asking for an API token is reasonable for Toggl, but the omission from metadata is an inconsistency. Additionally, recommending storing the token in ~/.claude/.env or shell rc files may expose the secret to other tools or the agent runtime.
- Persistence & Privilege
- noteNo elevated persistence flags are set (always not set). However disable-model-invocation is not set, so an agent could invoke this skill autonomously if integrated. Given the skill acts on a user's Toggl account via an API token, consider whether you want the agent able to make changes without explicit user approval.