Skip to main content

hour-meter

Tracks elapsed time with tamper-evident locking, supporting milestones and email notifications for events and projects.

Install this skill

or
24/100

Security score

The hour-meter skill was audited on Feb 9, 2026 and we found 24 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 174

Webhook reference - potential data exfiltration

SourceSKILL.md
174## SendGrid Email Webhook Server
low line 181

Webhook reference - potential data exfiltration

SourceSKILL.md
181# Start webhook server with Discord webhook (recommended)
low line 182

Webhook reference - potential data exfiltration

SourceSKILL.md
182python sendgrid_webhook.py --port 8089 --discord-webhook https://discord.com/api/webhooks/xxx/yyy
low line 185

Webhook reference - potential data exfiltration

SourceSKILL.md
185python sendgrid_webhook.py --process-events
low line 186

Webhook reference - potential data exfiltration

SourceSKILL.md
186python sendgrid_webhook.py --process-events --json
medium line 189

Webhook reference - potential data exfiltration

SourceSKILL.md
189### Discord Webhook Setup (Recommended)
medium line 191

Webhook reference - potential data exfiltration

SourceSKILL.md
1911. In your Discord channel, go to **Settings > Integrations > Webhooks**
medium line 192

Webhook reference - potential data exfiltration

SourceSKILL.md
1922. Click **New Webhook**, copy the URL
medium line 193

Webhook reference - potential data exfiltration

SourceSKILL.md
1933. Pass to `--discord-webhook` or set `DISCORD_WEBHOOK_URL` env var
medium line 197

Webhook reference - potential data exfiltration

SourceSKILL.md
1971. Go to **SendGrid > Settings > Mail Settings > Event Webhook**
medium line 198

Webhook reference - potential data exfiltration

SourceSKILL.md
1982. Click **"Create new webhook"** (or edit existing)
medium line 199

Webhook reference - potential data exfiltration

SourceSKILL.md
1993. Set HTTP POST URL to: `https://your-domain.com/webhooks/sendgrid`
medium line 204

Webhook reference - potential data exfiltration

SourceSKILL.md
2045. Click **"Test Integration"** to verify - this fires all event types to your webhook
medium line 205

Webhook reference - potential data exfiltration

SourceSKILL.md
2056. **Important:** Click **Save** to enable the webhook!
medium line 206

Webhook reference - potential data exfiltration

SourceSKILL.md
2067. (Optional) Enable **Signed Event Webhook** for security and set `SENDGRID_WEBHOOK_PUBLIC_KEY`
medium line 208

Webhook reference - potential data exfiltration

SourceSKILL.md
208![SendGrid Webhook Setup](docs/sendgrid-webhook-setup.png)
low line 224

Webhook reference - potential data exfiltration

SourceSKILL.md
224SENDGRID_WEBHOOK_PUBLIC_KEY # For signature verification (optional)
low line 225

Webhook reference - potential data exfiltration

SourceSKILL.md
225SENDGRID_WEBHOOK_MAX_AGE_SECONDS # Max timestamp age (default: 300)
low line 226

Webhook reference - potential data exfiltration

SourceSKILL.md
226WEBHOOK_PORT # Server port (default: 8089)
low line 227

Webhook reference - potential data exfiltration

SourceSKILL.md
227DISCORD_WEBHOOK_URL # Discord webhook URL
low line 228

Webhook reference - potential data exfiltration

SourceSKILL.md
228WEBHOOK_LOG_FILE # Log file path
medium line 57

Access to hidden dotfiles in home directory

SourceSKILL.md
57**3️⃣ WITNESS FILE** — Auto-saved to `~/.openclaw/meter-witness.txt`
low line 182

External URL reference

SourceSKILL.md
182python sendgrid_webhook.py --port 8089 --discord-webhook https://discord.com/api/webhooks/xxx/yyy
low line 199

External URL reference

SourceSKILL.md
1993. Set HTTP POST URL to: `https://your-domain.com/webhooks/sendgrid`
Scanned on Feb 9, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.2K
Rate this skill
Categoryproduct
UpdatedApril 4, 2026
openclawapiproduct-managergrowth-marketercustomer-success-managersendgridproductmarketingsales
openclaw/skills