ics to exchange-blocker

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate calendar-sync skill that clearly discloses its Microsoft calendar write access and optional background syncing.

Install only if you are comfortable granting Microsoft calendar read/write access and storing an ICS secret URL plus OAuth tokens locally. Run a manual sync first, verify the target calendar and created blocked events, consider setting `CALINT_MS_CALENDAR_ID`, and load the launchd job only if you want continuous background syncing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill clearly requires sensitive capabilities including environment-variable access, local file read/write, network access, and shell execution, yet no explicit permissions are declared. This creates a transparency and governance gap: users or orchestration systems may invoke a skill with broader authority than they realize, increasing the chance of unsafe execution in a credentialed environment.

Vague Triggers

Low

Confidence: 79% confidence
Finding: The activation guidance is broad enough that the skill could be selected for generic calendar-related requests, including contexts where the user did not intend Exchange writes or background synchronization. In a skill that can authenticate to Microsoft Graph and modify calendars, overbroad triggering increases the risk of unintended side effects.

Credential Access

High

Category: Privilege Escalation
Content: bins: - python3 config: - ~/.calintegration/.env primaryEnv: CALINT_ICS_URL files: ["*.py", "install.sh", "requirements.txt"] homepage: https://github.com/Blucaru/CalIn
Confidence: 86% confidence
Finding: .env

Session Persistence

Medium

Category: Rogue Agent
Content: ## Automated Sync (macOS) The installer generates a launchd plist for automatic sync every 5 minutes: ```bash cd ~/.openclaw/skills/calin
Confidence: 96% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: ```bash cd ~/.openclaw/skills/calin bash install.sh cp com.calintegration.sync.plist ~/Library/LaunchAgents/ launchctl load ~/Library/LaunchAgents/com.calintegration.sync.plist ```
Confidence: 97% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: cd ~/.openclaw/skills/calin bash install.sh cp com.calintegration.sync.plist ~/Library/LaunchAgents/ launchctl load ~/Library/LaunchAgents/com.calintegration.sync.plist ``` ## How It Works
Confidence: 92% confidence
Finding: launchctl load

Session Persistence

Medium

Category: Rogue Agent
Content: cd ~/.openclaw/skills/calin bash install.sh cp com.calintegration.sync.plist ~/Library/LaunchAgents/ launchctl load ~/Library/LaunchAgents/com.calintegration.sync.plist ``` ## How It Works
Confidence: 92% confidence
Finding: plist

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal