ClawHub

iCalendar Events Parser

Security checks across malware telemetry and agentic risk

Overview

This is a coherent calendar-parser skill whose network and workspace file access match its stated purpose, though users should only provide trusted calendar sources.

Install only if you are comfortable with a Node-based tool fetching calendar URLs you provide and reading .ics files from your OpenClaw workspace. Avoid internal, private, or tokenized calendar URLs unless you intend the agent environment to request them, and treat returned event descriptions as untrusted user data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly encourages parsing calendar data from remote URLs and local file paths but provides no warning about privacy, sensitive file access, or the trust implications of fetching attacker-controlled URLs. In an agent setting, this can lead users to supply internal URLs or local paths that expose confidential calendar contents or enable unintended access to local/network resources.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill encourages fetching remote calendar URLs and explicitly grants broad outbound network access, but it does not warn that calendar URLs and request metadata may be transmitted to third-party servers. Calendar feeds often contain sensitive meeting titles, locations, and private tokens embedded in ICS URLs, so users may unknowingly expose personal or organizational data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill accepts arbitrary http/https URLs and fetches them server-side without any allowlist, protocol restrictions beyond HTTP(S), or user-facing disclosure that network access will occur. In an agent environment, this creates SSRF risk because an attacker can supply internal or cloud-metadata URLs, and it also leaks the agent's IP/network reachability to third parties.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal