Skip to main content

hour-meter

Tracks elapsed time with tamper-evident locking for various events, providing milestone notifications and verification options.

Install this skill

or
24/100

Security score

The hour-meter skill was audited on Feb 9, 2026 and we found 24 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 175

Webhook reference - potential data exfiltration

SourceSKILL.md
175## SendGrid Email Webhook Server
low line 182

Webhook reference - potential data exfiltration

SourceSKILL.md
182# Start webhook server with Discord webhook (recommended)
low line 183

Webhook reference - potential data exfiltration

SourceSKILL.md
183python sendgrid_webhook.py --port 8089 --discord-webhook https://discord.com/api/webhooks/xxx/yyy
low line 186

Webhook reference - potential data exfiltration

SourceSKILL.md
186python sendgrid_webhook.py --process-events
low line 187

Webhook reference - potential data exfiltration

SourceSKILL.md
187python sendgrid_webhook.py --process-events --json
medium line 190

Webhook reference - potential data exfiltration

SourceSKILL.md
190### Discord Webhook Setup (Recommended)
medium line 192

Webhook reference - potential data exfiltration

SourceSKILL.md
1921. In your Discord channel, go to **Settings > Integrations > Webhooks**
medium line 193

Webhook reference - potential data exfiltration

SourceSKILL.md
1932. Click **New Webhook**, copy the URL
medium line 194

Webhook reference - potential data exfiltration

SourceSKILL.md
1943. Pass to `--discord-webhook` or set `DISCORD_WEBHOOK_URL` env var
medium line 198

Webhook reference - potential data exfiltration

SourceSKILL.md
1981. Go to **SendGrid > Settings > Mail Settings > Event Webhook**
medium line 199

Webhook reference - potential data exfiltration

SourceSKILL.md
1992. Click **"Create new webhook"** (or edit existing)
medium line 200

Webhook reference - potential data exfiltration

SourceSKILL.md
2003. Set HTTP POST URL to: `https://your-domain.com/webhooks/sendgrid`
medium line 205

Webhook reference - potential data exfiltration

SourceSKILL.md
2055. Click **"Test Integration"** to verify - this fires all event types to your webhook
medium line 206

Webhook reference - potential data exfiltration

SourceSKILL.md
2066. **Important:** Click **Save** to enable the webhook!
medium line 207

Webhook reference - potential data exfiltration

SourceSKILL.md
2077. (Optional) Enable **Signed Event Webhook** for security and set `SENDGRID_WEBHOOK_PUBLIC_KEY`
medium line 209

Webhook reference - potential data exfiltration

SourceSKILL.md
209![SendGrid Webhook Setup](docs/sendgrid-webhook-setup.png)
low line 225

Webhook reference - potential data exfiltration

SourceSKILL.md
225SENDGRID_WEBHOOK_PUBLIC_KEY # For signature verification (optional)
low line 226

Webhook reference - potential data exfiltration

SourceSKILL.md
226SENDGRID_WEBHOOK_MAX_AGE_SECONDS # Max timestamp age (default: 300)
low line 227

Webhook reference - potential data exfiltration

SourceSKILL.md
227WEBHOOK_PORT # Server port (default: 8089)
low line 228

Webhook reference - potential data exfiltration

SourceSKILL.md
228DISCORD_WEBHOOK_URL # Discord webhook URL
low line 229

Webhook reference - potential data exfiltration

SourceSKILL.md
229WEBHOOK_LOG_FILE # Log file path
medium line 60

Access to hidden dotfiles in home directory

SourceSKILL.md
60**3️⃣ WITNESS FILE** — Auto-saved to `~/.openclaw/meter-witness.txt`
low line 183

External URL reference

SourceSKILL.md
183python sendgrid_webhook.py --port 8089 --discord-webhook https://discord.com/api/webhooks/xxx/yyy
low line 200

External URL reference

SourceSKILL.md
2003. Set HTTP POST URL to: `https://your-domain.com/webhooks/sendgrid`
Scanned on Feb 9, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.2K
Rate this skill
Categoryproject management
UpdatedApril 4, 2026
openclawproject-managercustomer-success-manageroperations-managersendgridproject managementsalesoperations
openclaw/skills