Trust Assessment
toggl received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Potential Command Injection via CLI arguments, Unpinned dependency in installation instructions, Credential exposure in configuration instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via CLI arguments The skill describes the usage of the `toggl` CLI tool, which takes various arguments that can be derived from user input (e.g., task descriptions, project names, search terms, IDs). If the host LLM constructs these `toggl` commands by directly interpolating untrusted user input without proper sanitization or escaping, it could lead to arbitrary command injection. An attacker could craft input like `"Task name"; rm -rf /` to execute malicious commands on the underlying system. The LLM implementation responsible for executing `toggl` commands must rigorously sanitize and escape all user-provided input before incorporating it into shell commands. Consider using a library or framework that handles command argument escaping automatically, or explicitly quote and escape arguments to prevent shell metacharacter interpretation. | LLM | SKILL.md:30 | |
| MEDIUM | Unpinned dependency in installation instructions The installation instructions recommend `npm install -g @beauraines/toggl-cli` without specifying a version. This introduces a supply chain risk, as a future malicious or vulnerable version of the `@beauraines/toggl-cli` package could be installed automatically, potentially compromising the system or leading to unexpected behavior. Pin the dependency to a specific, known-good version (e.g., `npm install -g @beauraines/toggl-cli@1.2.3`) to ensure deterministic installations and mitigate risks from future package updates. Regularly review and update pinned versions. | LLM | SKILL.md:10 | |
| LOW | Credential exposure in configuration instructions The skill explicitly instructs users to store their `api_token` and `default_workspace_id` in a local configuration file (`~/.toggl-cli.json`) and mentions environment variables (`TOGGL_API_TOKEN`, `TOGGL_DEFAULT_WORKSPACE_ID`). While this is standard practice for the CLI, it highlights the presence of sensitive credentials. If the LLM or its environment is not properly secured, these credentials could be targeted for exfiltration or misuse. Ensure the LLM execution environment is properly sandboxed and restricted from accessing sensitive files or environment variables unless explicitly required and secured. Educate users on the importance of securing their API tokens and using appropriate file permissions (as suggested by `chmod 600 ~/.toggl-cli.json`). | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/bbf1e6aad2a44cd8)
Powered by SkillShield