Trust Assessment
toggl-cli received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 1 high, 3 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, File read + network send exfiltration, Missing required field: name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/froemic/toggl-cli/SKILL.md:18 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/froemic/toggl-cli/SKILL.md:17 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/froemic/toggl-cli/SKILL.md:17 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/froemic/toggl-cli/SKILL.md:1 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/froemic/toggl-cli/SKILL.md:18 | |
| MEDIUM | Unpinned npm dependencies in installation instructions The skill's installation instructions for `toggl-cli` include `npm install` without specifying exact versions for its dependencies or leveraging a lock file. If an AI agent executes these instructions, it could lead to non-deterministic builds and introduce vulnerabilities if a dependency updates with breaking changes, security flaws, or malicious code. Relying on the latest available versions without pinning increases the attack surface and makes the build process less reproducible and secure over time. To mitigate this, the `toggl-cli` project's `package.json` should use exact version pinning for all dependencies (e.g., `npm install --save-exact <package>`), and a `package-lock.json` file should be committed. The skill's instructions for an AI agent should then be updated to use `npm ci` instead of `npm install` for more secure and reproducible dependency management. Alternatively, if `npm install` is intended for development, clarify this and provide instructions for a more secure production setup. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/3b89cb0388d471cb)
Powered by SkillShield