ClawHub

Caldav

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for CalDAV and Radicale administration, but it grants broad calendar and server-management power without enough scoping or safety guidance.

Install only if you intentionally want an agent to administer a CalDAV/Radicale server. Run it on a system you control, review the bundled scripts first, avoid command-line credentials such as curl -u user:pass on shared systems, and require explicit confirmation before deletes, imports, exports, or Radicale user/config changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documents and expects capabilities such as shell execution, reading/writing files, and accessing environment-stored credentials, but declares no permissions. That mismatch weakens any permission-based safety model and can cause an agent or reviewer to underestimate what the skill can do, including modifying calendars, configs, and local server state.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill prominently includes create, update, delete, and complete operations for calendars, events, and todos without any guardrails or warning about irreversible changes. In an agent setting, this increases the risk of accidental destructive actions being taken on behalf of a user without explicit confirmation or awareness of impact.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The Radicale administration section covers status, user management, configuration inspection/validation, and storage verification without stating that these actions can alter server state, authentication, or availability. In context, this skill is not merely informational; it is an admin interface to a live service, so missing warnings and approval boundaries make misuse more dangerous.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
The export command can write full calendar contents, including potentially sensitive event metadata, to any local path without an explicit warning or confirmation. In an agent setting, this increases the risk of unintended local data disclosure if a user or upstream workflow specifies a surprising destination such as a shared directory, synced folder, or world-readable location.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The import path reads a local ICS file and uploads its contents to the CalDAV server without any user-facing notice that local data is being transmitted over the network. In an agent context, this can cause accidental exfiltration of sensitive calendar data from arbitrary local files if the wrong file is selected or if the action is triggered indirectly.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The user removal path rewrites the htpasswd file immediately after matching a username, with no confirmation, backup, locking, or atomic replace. In an agent context, a mistaken or maliciously triggered invocation can remove valid accounts or corrupt the credentials file, causing denial of service or unauthorized admin changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal