Cst Time
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a benign CST time helper, with only disclosed optional examples for using external time APIs or API keys that users should run knowingly.
This skill is reasonable for checking CST time. Use the local command or run.sh for the lowest exposure. If you use the online API examples, understand that you are contacting a third party and protect any API keys you provide.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user chooses an online API example, their request goes to a third-party service and may reveal basic connection metadata such as IP address.
The skill documents user-directed curl examples for external time APIs. This is purpose-aligned, but it means using network tools rather than only local time commands.
curl "http://worldtimeapi.org/api/timezone/Asia/Shanghai"
Prefer the local date/run.sh method when possible; only run external API commands intentionally, and prefer HTTPS endpoints where available.
If a user substitutes a real API key into the command, it may be exposed to the API provider, shell history, logs, or network observers if sent over HTTP.
The documentation includes optional third-party API-key usage. The key is a placeholder and is relevant to the stated purpose, but credentials are not declared in metadata.
curl "http://api.timezonedb.com/v1/get-time-zone?key=YOUR_API_KEY&by=zone&zone=Asia/Shanghai"
Use restricted API keys, avoid putting real keys directly in shared commands or logs, and use HTTPS/provider-recommended authentication methods.