Back to skill

Security audit

Google Calendar

Security checks across malware telemetry and agentic risk

Overview

This Google Calendar skill appears purpose-aligned, but it needs review because it can change or delete calendar events and handles access tokens in an under-documented local file.

Review before installing. Use the narrowest Google Calendar OAuth scope and a limited calendar when possible, confirm event IDs yourself before update or delete operations, and avoid running the refresh helper in shared environments or logs because it writes and prints a short-lived Google access token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation describes capabilities to read environment variables, perform network access to Google APIs, and likely read/write local files during OAuth/setup, yet no explicit permissions are declared. This creates a trust and review gap: a user or platform may invoke a skill with broader runtime access than is apparent from its manifest, increasing the risk of secret exposure or unintended external actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The delete command performs an irreversible action against the Google Calendar API as soon as it is invoked, with no confirmation prompt, dry-run mode, or guardrail to prevent accidental deletion. In an agent skill context, this is more dangerous because model misinterpretation, prompt injection, or malformed tool inputs could cause unintended event removal from a real user calendar.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script overwrites a local secrets file containing authentication material without setting restrictive permissions, using atomic replacement, or warning the user. If the file is readable by other local users or partially corrupted during write, the refreshed token could be exposed or the credential store could be damaged.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.