ClawHub

Email to Calendar Extraction Engine

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only email-to-calendar helper whose sensitive email and calendar access is mostly disclosed and purpose-aligned, though users should scope scans and review entries before creation.

Install only if you are comfortable letting your agent read selected emails and create calendar entries after your approval. When using it, explicitly limit inbox scans, review dates, timezones, titles, descriptions, and reminders before creation, prefer structured calendar APIs or ICS export over raw shell commands, and periodically clear any email-calendar memory files that store sensitive subjects or travel details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest frames the skill as a pure extraction capability, but the body authorizes additional side effects including calendar creation, deletion/update flows, inbox access, and persistent tracking. This mismatch weakens trust boundaries and can cause the skill to be invoked or approved under a lower-risk description than its actual behavior warrants.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
Claiming 'No external dependencies' is inaccurate because the skill depends on calendar providers, inbox access, command-line tooling, and platform automation such as gog and osascript. Misrepresenting these dependencies can bypass review expectations and hide the real security and privacy surface of external integrations.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill stores a persistent event log containing email IDs, subjects, dates, and calendar identifiers even though its stated purpose is extraction. Retaining this metadata increases privacy exposure, creates a durable record of user communications, and expands impact if local memory is later accessed by another tool or attacker.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The invocation text says the skill can be used when a user asks to check their inbox for events, which expands scope from analyzing supplied content to proactively scanning mailbox data. That broader access materially increases privacy risk because many unrelated emails may be processed without narrow, item-specific consent.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation says events should never be auto-created without confirmation, yet session memory defines auto-create patterns such as standups and 1:1s. This contradiction creates a path for unauthorized calendar writes and could let routine-looking emails trigger actions the user did not explicitly approve.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The broad invocation criteria ('check inbox for events' or extract scheduling data from any text) make it easy for the skill to activate on common requests involving sensitive communications. Over-broad triggering can cause unnecessary processing of inbox contents and increase the chance of unintended side effects from a skill that also supports calendar writes and persistence.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
Hard-coded assumptions for timezone and locale-sensitive date parsing can misinterpret ambiguous dates or schedule events in the wrong timezone without explicit user confirmation. In a calendar skill, these errors can directly cause missed meetings, incorrect reminders, or deadlines being set on the wrong day.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The session memory example persists a specific timezone and formatting preference by default, which can silently shape future interpretations of dates and times. In a workflow handling email-derived scheduling data, stale or incorrect persisted preferences can propagate repeated scheduling mistakes across sessions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal