ClawHub

gcal-pro - Google Calendar

Security checks across malware telemetry and agentic risk

Overview

This is a real Google Calendar integration, but it needs Review because its write and delete commands can change calendar data without an enforced confirmation barrier.

Install only if you are comfortable granting Google Calendar access. Before using Pro write features, require the agent to show the exact event title, time, calendar, and action, and avoid relying on the current script-level confirmation behavior. Do not proceed through an unverified Google OAuth warning unless you created and recognize the OAuth project, and keep ~/.config/gcal-pro/client_secret.json and token.json private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (14)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documents and relies on powerful capabilities including shell execution, filesystem reads/writes, network access, and access to OAuth credential files, but it does not declare any permissions or scope boundaries. This creates a real security gap because users and the host agent cannot reason about least privilege, and the broad capability set increases the blast radius if the skill is invoked unexpectedly or misused.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The install/usage guide advertises creating and deleting calendar events but provides no warning that these actions modify external user data. In an agent setting, that increases the chance of unintended destructive actions from ambiguous requests or misfires, especially because calendar state is user data in a third-party service.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description contains broad triggers such as using the skill whenever the user asks about schedule, availability, or morning briefs, which can cause over-broad invocation in contexts the user did not intend. In an agent ecosystem, ambiguous natural-language routing can expose calendar data or trigger workflows when a general conversational query was not meant to access this skill.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The usage section maps loose phrases like 'What's on my calendar?' and 'Schedule Y' directly to commands without clear scope, account, or action confirmation rules. Because this skill supports both read and write operations, ambiguous triggers increase the chance of unintended invocation and, in Pro mode, unintended event creation or modification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly tells users to click through Google's unverified-app warning by selecting "Advanced" and proceeding as "unsafe" without a strong caution that this bypasses a trust signal intended to protect users from malicious or misconfigured OAuth apps. In the context of a calendar integration that requests sensitive calendar scopes and later stores refresh tokens, this normalization of bypassing security warnings increases the risk of users authorizing an unsafe or impersonated application.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The quick_add function performs a calendar write immediately from natural-language input without any user-facing confirmation step. In an agent setting, ambiguous or prompt-injected input could cause unintended event creation, spam attendee notifications, or calendar tampering without the user's informed approval.

Session Persistence

Medium
Category
Rogue Agent
Content
**First-time setup required:**

1. User must create Google Cloud project and OAuth credentials
2. Save `client_secret.json` to `~/.config/gcal-pro/`
3. Run authentication:
   ```bash
Confidence
72% confidence
Finding
create Google Cloud project and OAuth credentials 2. Save `client_secret.json` to `~/.config

Session Persistence

Medium
Category
Rogue Agent
Content
**macOS/Linux:**
```bash
# Create config directory
mkdir -p ~/.config/gcal-pro

# Move the downloaded file
Confidence
71% confidence
Finding
Create config directory mkdir -p ~/.config/gcal-pro # Move the downloaded file mv ~/Downloads/client_secret*.json ~/.config/gcal-pro/client_secret.json # Verify head -3 ~/.config/gcal-pro/client_sec

Unpinned Dependencies

Low
Category
Supply Chain
Content
# gcal-pro dependencies
google-auth>=2.23.0
google-auth-oauthlib>=1.1.0
google-auth-httplib2>=0.1.1
google-api-python-client>=2.100.0
Confidence
94% confidence
Finding
google-auth>=2.23.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# gcal-pro dependencies
google-auth>=2.23.0
google-auth-oauthlib>=1.1.0
google-auth-httplib2>=0.1.1
google-api-python-client>=2.100.0
pytz>=2023.3
Confidence
94% confidence
Finding
google-auth-oauthlib>=1.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# gcal-pro dependencies
google-auth>=2.23.0
google-auth-oauthlib>=1.1.0
google-auth-httplib2>=0.1.1
google-api-python-client>=2.100.0
pytz>=2023.3
python-dateutil>=2.8.2
Confidence
94% confidence
Finding
google-auth-httplib2>=0.1.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
google-auth>=2.23.0
google-auth-oauthlib>=1.1.0
google-auth-httplib2>=0.1.1
google-api-python-client>=2.100.0
pytz>=2023.3
python-dateutil>=2.8.2
Confidence
95% confidence
Finding
google-api-python-client>=2.100.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
google-auth-oauthlib>=1.1.0
google-auth-httplib2>=0.1.1
google-api-python-client>=2.100.0
pytz>=2023.3
python-dateutil>=2.8.2
Confidence
91% confidence
Finding
pytz>=2023.3

Unpinned Dependencies

Low
Category
Supply Chain
Content
google-auth-httplib2>=0.1.1
google-api-python-client>=2.100.0
pytz>=2023.3
python-dateutil>=2.8.2
Confidence
91% confidence
Finding
python-dateutil>=2.8.2

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal