RescueTime
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned for RescueTime reporting, but it uses a RescueTime API key and can retrieve personal screen-time and app-usage data.
This skill is suitable if you want the agent to summarize RescueTime activity. Before using it, provide the API key only through a trusted configuration path, understand that reports may include private app/site usage and productivity patterns, and avoid sharing outputs or command logs that include sensitive data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If provided, the agent can use the RescueTime key to query the user's RescueTime account data.
The skill requires a RescueTime API key. This is expected for the integration, but it grants account-level access to RescueTime productivity data and is not reflected as a primary credential in the supplied metadata.
Requires API key in TOOLS.md or passed directly.
Use a RescueTime API key you are comfortable granting to the agent, avoid pasting it into shared chats or logs, and revoke or rotate it if no longer needed.
Reports generated through this skill may expose sensitive details about how the user spends time on their computer.
The skill explicitly brings personal RescueTime activity data from an external provider into the agent conversation. This is purpose-aligned, but the data can reveal private work habits and app/site usage.
Use when the user asks about their screen time, productivity score, app usage, time tracking, how they spent their day/week, or wants reports on their computer activity.
Request only the date ranges and report types you need, and review outputs before sharing them outside trusted contexts.
A real API key substituted into these commands could be accidentally disclosed if command history or logs are shared.
The documented workflow uses raw curl/API URLs with the API key in a query parameter. This is normal for the RescueTime API examples, but real keys used this way can be exposed in terminal history, logs, or copied command text.
curl "https://www.rescuetime.com/anapi/data?key=API_KEY&format=json&perspective=rank&restrict_kind=activity"
Prefer secure secret handling where available, and do not share command lines or logs containing a real RescueTime API key.