Is aleksandar-jive/toggle safe?

https://github.com/openclaw/skills/tree/main/skills/aleksandar-jive/toggle

85
SAFE

This skill is a straightforward productivity data fetcher that calls a third-party API (ToggleX at ai-x.toggle.pro) and prints raw JSON for the agent to summarize. The Python script is clean, uses only standard library modules, and no malicious behavior was detected during installation. The primary concerns are the unverifiable third-party domain receiving an API key and the name similarity to the well-known Toggl service, which could cause user confusion.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 78/100 · 25%
Code Execution 92/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (6)

MEDIUM API key sent to unverifiable third-party domain -15

The skill sends TOGGLE_API_KEY to ai-x.toggle.pro. While this is the stated behavior, the domain cannot be independently verified as a trusted service within this audit. The domain 'toggle.pro' is distinct from the well-known 'toggl.com' time tracking service.

LOW Aggressive proactive trigger language -15

The skill description uses 'always call this' and 'Also use proactively' combined with an extensive keyword list to maximize how often the agent invokes the skill. While within scope for a productivity tracker, this increases the frequency of API calls and data sharing with the third-party endpoint.

LOW Name similarity to well-known service (Toggl vs Toggle) -15

The skill name 'Toggle' and service name 'ToggleX' closely resemble 'Toggl' (toggl.com), a popular time tracking application. Users may install this skill expecting it to integrate with Toggl when it actually connects to a different service at x.toggle.pro.

INFO Python script uses only standard library -8

toggle.py uses exclusively Python standard library modules (os, sys, json, argparse, datetime, urllib). No third-party packages are imported or required. The script performs a single HTTP GET request and prints the JSON response.

INFO Clean install with no unexpected activity -5

The skill installation consisted solely of a git sparse checkout from GitHub. No skill code was executed during install. All observed network and filesystem activity is attributable to the OpenClaw framework and the host operating system.

INFO Unrelated skill reference in lock.json -10

The .clawhub/lock.json file references 'academic-research-hub' skill which is unrelated to this toggle/productivity skill. This is likely a registry artifact or template reuse but is noted for completeness.