Temporal Time Manager
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant can change or permanently delete tasks and schedules in the connected aitimemg.cn account.
The API intentionally lets the assistant overwrite and hard-delete time-management records. This is aligned with the skill purpose, but incorrect invocation could remove or corrupt user schedule/task data.
delete_task description: 删除指定 ID 的任务(硬删除); update_task description: 需要传入完整的任务对象(包含 id),后端做整行覆写。
Require clear user confirmation before update or delete actions, especially hard deletes or whole-record overwrites.
Anyone or any agent process with the token could access or modify the user's Temporal Time Manager data within the token's permissions.
The skill requires a bearer-style API token to authenticate to the time-management service. This is expected for the integration, but it is still account-level authority for this service.
TEMPORAL_API_TOKEN ... 在 aitimemg.cn 生成的 API Token(用于身份认证) ... required: true
Use a dedicated token if available, keep it out of chats/logs, verify the API base URL, and revoke or rotate the token if it may have been exposed.
Personal tasks, calendar-like schedules, and captured ideas may be stored remotely and later shown to or used by the assistant.
Tasks, schedules, and ideas are persisted to a cloud service and can later be retrieved into the agent context. This is disclosed and purpose-aligned, but persistent personal notes and schedules can contain sensitive information.
data_policy: stores_data: true; data_location: "阿里云(中国大陆)"; description: 数据同步至 aitimemg.cn 平台。
Do not store passwords, secrets, or highly sensitive personal information in tasks or ideas; review the service's deletion and retention controls before use.