Toggl Track

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Toggl Track integration that uses Membrane to connect to the user's account and manage Toggl data, with normal caution needed for write, delete, and raw API requests.

Install only if you trust Membrane and are comfortable granting it access to your Toggl Track account. Review the browser authorization flow, prefer listed Membrane actions over raw proxy requests, and explicitly confirm any create, update, delete, or direct API request before the agent runs it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill explicitly enables arbitrary proxied API requests, which expands capability far beyond the stated workspace-management purpose and bypasses the safer constraints of prebuilt actions. This increases the risk of unauthorized data access, unsafe mutation operations, and use of undocumented endpoints under the user's authenticated context.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill advertises destructive delete functionality without any guidance to obtain explicit user confirmation or present the consequences. In an agent setting, this creates a real risk of unintended data loss if the model interprets a vague request as authorization to delete time entries.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal