Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
TARDIS
v1.2.0Track elapsed time from a set epoch with tamper-evident locking. Like an analog Hobbs meter but digital. Use for tracking uptime, service hours, time since events, sobriety counters, project duration, equipment runtime. Supports create, lock (seal), check, verify against external hash, list, and export operations.
⭐ 2· 1.9k·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Core functionality (meter creation, locking, paper codes, verification, milestones) is implemented in meter.py and matches the description. Additional components — a SendGrid webhook server, cloud tunnel guidance, and a restart script — are related to milestone notification delivery but extend the skill into running networked services and system-level process management (e.g., cloudflared, nohup restart). That extra operational surface is plausible for notification features but is more than a minimal 'hour meter' and is environment-specific (references /root paths).
Instruction Scope
Runtime code auto-loads local .env files (~/.env, /root/.env, ./env) and exports them into the process; a helper script sources /root/.env. The SKILL.md and scripts instruct starting a webhook server, opening public tunnels (cloudflared/ngrok), and restarting services via nohup — all actions that access local files, open network endpoints, and create persistent background processes. The SKILL.md also documents an opt‑in feature where milestone messages prefixed with 'ACTION:' can be treated as agent instructions; if enabled this could allow remote message contents to influence agent behavior. These instructions go beyond simple local bookkeeping and increase risk.
Install Mechanism
There is no install spec (instruction-only skill) — no remote downloads or package installs are declared. This is lower risk from supply-chain perspective. However the skill expects or recommends external binaries (cloudflared, ngrok, cloud tunnel usage) and will try to run them via provided scripts if present. The included code files will write to user home paths when run (e.g., ~/.openclaw/), so running the scripts results in files on disk but nothing in the package fetches remote archives.
Credentials
The registry metadata declares no required env vars, but the code expects and will load many sensitive variables if present: SENDGRID_API_KEY, SENDGRID_WEBHOOK_PUBLIC_KEY, SENDGRID_FROM_EMAIL, OPENCLAW_GATEWAY_TOKEN, OPENCLAW_GATEWAY_URL, TARDIS_DISCORD_WEBHOOK, and METER_STORAGE / METER_WITNESS overrides. More concerning: meter.py will auto‑load and export values from ~/.env and /root/.env if SENDGRID_API_KEY is missing, which could unintentionally surface unrelated secrets. The skill asks no explicit justification for scanning /root/.env (not proportional to a simple local meter).
Persistence & Privilege
The skill does not set always:true, but it includes scripts that create persistent background services (nohup for webhook server and cloudflared tunnel) and a helper script to restart them. Those scripts assume particular filesystem locations (/root/.openclaw/workspace/skills/hour-meter) and may be intended to run by system cron/heartbeat. Running them gives the skill a persistent network presence and the ability to accept external events (SendGrid webhooks) and forward them via Discord or an OpenClaw gateway token. That increases the blast radius compared to a purely local CLI tool.
Scan Findings in Context
[base64-block] unexpected: A base64 block was detected in SKILL.md (likely an embedded SVG/data-URL image in README). This pattern can appear in benign assets, but it was flagged by the pre-scan as a prompt-injection pattern. Review embedded data URLs; they are probably harmless here (an SVG badge) but always verify there is no hidden code or malicious payload encoded.
What to consider before installing
What to consider before installing or running this skill:
- Review the code locally before executing. The repository contains runnable Python scripts (meter.py, sendgrid_webhook.py) and a helper shell script that can start background services. Do not run them without inspection.
- Be cautious with .env files: meter.py auto-loads ~/.env, /root/.env, and ./ . If you have sensitive secrets in those locations, the skill may read them into its process. Either remove unrelated secrets or run the skill in a sandboxed account/container.
- SendGrid and gateway tokens are optional but powerful. Only provide SENDGRID_API_KEY or OPENCLAW_GATEWAY_TOKEN if you trust the skill and understand the destination (SendGrid actions send email; gateway token allows sending messages via your OpenClaw gateway).
- If you plan to use the webhook server: prefer direct Discord webhooks over exposing an OpenClaw gateway token; enable SendGrid webhook signature verification (provide SENDGRID_WEBHOOK_PUBLIC_KEY and ensure the 'cryptography' dependency is available) to avoid spoofed events.
- The check-webhook-services.sh script references /root paths and will try to start cloudflared and the webhook server with nohup. Do not run that script as-is on shared or production hosts. Instead adapt paths, run under a non-root user, or manage services with a proper supervisor.
- The 'ACTION:' opt-in feature that can treat milestone message text as agent instructions is risky. Do not enable any agent behavior that executes remote message contents unless you fully trust the source and have strict sanitization/whitelisting.
- If you only need local time tracking, consider using meter.py without enabling email/webhook features, avoid running the webhook server, and keep witness files local (or opt for paper/photo backups).
If you want, I can point out the specific lines in meter.py or sendgrid_webhook.py that implement the .env auto-loading, webhook forwarding, and 'ACTION:' handling so you can review them more quickly.Like a lobster shell, security has layers — review code before you run it.
latestvk9750374ggg8hkfdbbk1tx675s80pbze
License
MIT-0
Free to use, modify, and redistribute. No attribution required.