ClawHub

Meetup Planner

Security checks across malware telemetry and agentic risk

Overview

Meetup Planner is a coherent event-finding skill whose web searches, local storage, and optional scheduled reminders match its stated purpose, though users should understand the persistent cron automation before enabling it.

Install only if you are comfortable storing event interests, location, schedule preferences, tracked events, and reminders locally, and with preference-derived searches being sent to third-party event/search services through your configured tools. Enable daily automation only if you want a recurring scheduled task, and review your crontab or scheduler settings if you later pause or uninstall the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The bootstrap directs the agent to create OS-level scheduled automation via cron, which expands the skill from user-invoked meetup discovery into persistent system modification and background execution. Even if intended for convenience, this creates ongoing behavior and potential network activity outside the immediate user request, increasing abuse and misconfiguration risk.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The skill instructs the agent to inspect the broader installed-skills directory to discover capabilities, which reaches beyond the narrow scope of meetup planning. Directory enumeration of unrelated skills can reveal installed tooling and environment details that are unnecessary for the core function and broaden the skill's access footprint.

Intent-Code Divergence

Low
Confidence
77% confidence
Finding
The privacy statements are somewhat inconsistent: the skill claims registration status/history is not sent externally, yet it also allows arbitrary event-page URLs to be scraped via external tools. If tracked or personalized event URLs are used, external requests could indirectly reveal user interest or registration-related context, creating a privacy disclosure risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The bootstrap instructs the agent to collect and persist detailed personal preference data to local storage without an explicit privacy notice, consent flow, retention policy, or explanation of how the data will be used. This creates avoidable privacy risk because location, schedule, interests, and organizations can be sensitive profiling data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sets up automated daily searches and notifications without a strong warning about persistent background activity, repeated network access, and continued use of saved preferences. Users may not understand that the agent will keep operating after the initial setup, which raises transparency, privacy, and trust concerns.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises automated daily searching and scraping across third-party event sites, but it does not clearly disclose that the skill will initiate recurring outbound network requests and may send user-derived search criteria to external services. That omission can mislead users about privacy and operational behavior, especially because the scans occur automatically rather than only on explicit command.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states the skill will search every morning and later references cron, but it does not clearly warn users that enabling the skill may create or depend on persistent scheduled tasks on their system. Persistent background execution affects user expectations, system behavior, and security posture, so failing to disclose it is a meaningful safety issue.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal