← 返回 Skills 市场
368
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install toggl-optimized-v2
功能描述
Optimize Toggl Track usage with token-efficient API calls and fast reporting via a shell script for JSON and PDF summaries.
安全使用建议
This skill looks like it intends to use your Toggl API token, but the registry metadata failed to declare that requirement and the included shell script is incomplete. Before installing: (1) do not provide your TOGGL_API_TOKEN to an unknown publisher without review; (2) ask the publisher for a complete script or an explanation of how PDF/JSON reports are generated and where network calls occur; (3) inspect or run the script in a safe sandbox to confirm it only calls Toggl endpoints and doesn't exfiltrate data elsewhere; (4) prefer skills that declare required env vars/credentials in metadata so automated checks can apply. If you can't verify the code or trust the author, avoid installing or limit the token's scope (rotate it after testing).
功能分析
Type: OpenClaw Skill
Name: toggl-optimized-v2
Version: 1.0.0
The `scripts/toggl_report.sh` file takes command-line arguments (`$1`, `$2`, `$3`, `$4`) directly without any input sanitization. While the script is incomplete and does not currently execute any commands, its stated purpose of making 'direct API v3 calls' via a 'shell script' strongly implies these unsanitized inputs would be used in subsequent `curl` or similar commands, creating a significant shell injection vulnerability risk.
能力评估
Purpose & Capability
The skill's stated purpose (Toggl reporting) legitimately requires a Toggl API token and possibly a workspace ID, and the SKILL.md instructs the user to set TOGGL_API_TOKEN and TOGGL_WORKSPACE_ID. However, the registry metadata lists no required environment variables or primary credential — that's an inconsistency that could confuse permission reviews or automated policy checks.
Instruction Scope
SKILL.md promises direct curl examples and a reporting script that produces JSON/PDF reports. The provided scripts/toggl_report.sh is tiny and incomplete (just reads env vars and parameters; network calls and PDF generation are not present). That mismatch means the runtime behavior is unclear and the agent instructions are incomplete or out-of-date.
Install Mechanism
There is no install spec (instruction-only skill plus two small files). That is low-risk from an install/execution perspective — nothing is being downloaded or written by an automated installer.
Credentials
The SKILL.md explicitly asks for TOGGL_API_TOKEN (and optionally WORKSPACE_ID), and the script reads those env vars, but the skill metadata declares no required env or primary credential. Requesting an API token for Toggl itself is proportionate to the task, but the missing declaration is an ownership/visibility problem and may hide that the skill needs secrets.
Persistence & Privilege
The skill is not marked always:true and does not request system config paths or modify other skills. Autonomous invocation is allowed (platform default) but there are no elevated persistence privileges requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install toggl-optimized-v2 - 安装完成后,直接呼叫该 Skill 的名称或使用
/toggl-optimized-v2触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial version with optimized API v3 reporting
元数据
常见问题
Toggl-Optimized-V2 是什么?
Optimize Toggl Track usage with token-efficient API calls and fast reporting via a shell script for JSON and PDF summaries. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 368 次。
如何安装 Toggl-Optimized-V2?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install toggl-optimized-v2」即可一键安装,无需额外配置。
Toggl-Optimized-V2 是免费的吗?
是的,Toggl-Optimized-V2 完全免费(开源免费),可自由下载、安装和使用。
Toggl-Optimized-V2 支持哪些平台?
Toggl-Optimized-V2 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Toggl-Optimized-V2?
由 alex1389(@alex1389)开发并维护,当前版本 v1.0.0。
推荐 Skills