toggl-track
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry. This is a legitimate tool provided by the vendor (Membrane) to facilitate the integration. - [COMMAND_EXECUTION]: The skill utilizes shell commands via the
membraneCLI to interact with the Toggl Track API. These commands are restricted to the intended functionality of managing workspaces, projects, and time entries. - [CREDENTIALS_UNSAFE]: No hardcoded credentials or unsafe secret handling practices were found. The skill explicitly directs the agent to use Membrane's managed authentication service, which keeps credentials server-side and away from the local environment.
- [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were detected. Communication is limited to the authorized Membrane platform and the Toggl Track API as per the skill's documented purpose.
Audit Metadata