Toggl Track
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a normal Toggl Track integration, but it relies on Membrane authentication and can make authenticated changes to Toggl data.
This skill is reasonable for Toggl Track use if you are comfortable installing the Membrane CLI and connecting your Toggl account. Before use, confirm the connected workspace/account and review any command that creates, updates, deletes, or sends raw API requests.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives the Membrane package local command execution ability as part of normal setup.
The skill requires installing a global npm CLI even though there is no install spec. This is central to the skill's purpose and disclosed, but it introduces dependency/provenance trust.
npm install -g @membranehq/cli
Install only from the official npm package/source and keep the CLI updated.
Actions run through this skill may operate as the connected Toggl Track user.
The skill uses Membrane-managed authentication and credential refresh to access Toggl Track. This is expected for an integration but grants delegated account access.
Membrane handles authentication and credentials refresh automatically
Connect only the intended Toggl account/workspace and revoke the Membrane connection if you no longer need it.
Incorrect commands could change or delete Toggl time entries, projects, clients, tags, tasks, or other accessible records.
The skill documents authenticated actions and raw proxy requests that can create, update, or delete Toggl data. This is purpose-aligned, but it is broad enough to require user care.
Create Time Entry ... Update Time Entry ... Delete Time Entry ... membrane request CONNECTION_ID /path/to/endpoint ... HTTP method (GET, POST, PUT, PATCH, DELETE)
Review action IDs, JSON inputs, workspace IDs, and any DELETE/PATCH/POST requests before allowing them to run.