TARDIS
ReviewAudited by ClawScan on May 10, 2026.
Overview
TARDIS is mostly a coherent time-tracking skill, but its included webhook/service scripts need review because they can load broad local secrets, run persistent public tunnel services, and process webhook data with optional authentication.
Before installing or running TARDIS, review the webhook-related scripts carefully. The local meter functionality appears purpose-aligned, but do not run the service-checker or expose the SendGrid webhook publicly unless you intend to operate a background service, have configured SendGrid signature verification, and have ensured the skill cannot read unrelated secrets from broad .env files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Unrelated API tokens or credentials stored in those .env files may become available to this skill's process and any child/network code it runs, increasing the blast radius if something misbehaves.
The CLI auto-loads every key/value from common .env files, including root's .env, although the documented need is SendGrid-related configuration.
env_paths = [os.path.expanduser("~/.env"), os.path.expanduser("/root/.env"), ".env"] ... if key and key not in os.environ: os.environ[key] = valueLoad only explicitly needed variables such as SENDGRID_API_KEY and SENDGRID_FROM_EMAIL, avoid reading /root/.env by default, and document all credential use in metadata and user instructions.
If invoked, this can leave a local service and public tunnel running beyond the immediate task, exposing a webhook endpoint and consuming local/network resources.
The helper is designed to restart a long-running webhook server and public Cloudflare tunnel in the background.
nohup python3 scripts/sendgrid_webhook.py --port $WEBHOOK_PORT --discord-webhook "$DISCORD_WEBHOOK" > /tmp/webhook-server.log 2>&1 & ... nohup cloudflared tunnel --url http://localhost:$WEBHOOK_PORT > /tmp/cloudflared.log 2>&1 &
Make this an explicit, separately approved service setup step; document how to stop it; avoid automatic restart behavior unless the user has intentionally configured it.
A publicly reachable webhook without enforced signature validation can be spoofed, causing false Discord/OpenClaw notifications or polluted event logs.
The webhook authentication is optional and can be skipped if the cryptography dependency is unavailable, while the documentation also describes exposing the webhook over public tunnel URLs.
SENDGRID_WEBHOOK_PUBLIC_KEY - For signature verification (optional but recommended) ... log("Cryptography library not available - skipping signature verification", "WARN")Require SendGrid signature verification for public deployments, fail closed when cryptography support is missing, and clearly separate trusted SendGrid events from untrusted inbound HTTP data.
If enabled carelessly, stored or previously entered milestone text could steer an agent's future behavior instead of being treated only as a notification message.
The skill explicitly supports turning stored milestone message text into agent instructions when a user opts into that heartbeat behavior.
Milestone messages prefixed with `ACTION:` can optionally be treated as agent instructions by your heartbeat config.
Keep ACTION handling disabled by default, require explicit user approval before executing any ACTION text, and treat milestone messages as data unless they come from a trusted source.