Calendar Crab

Security checks across malware telemetry and agentic risk

Overview

Calendar Crab does what it advertises, but it gives an agent persistent Google Calendar write/delete access without strong built-in safeguards for destructive actions or stored tokens.

Review before installing. Use exact event IDs for move/delete when possible, list and verify the target first, and assume attendee notifications may be sent. Store the OAuth files with restrictive permissions, do not commit or share them, and revoke the Google refresh token if you stop using the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill includes destructive calendar operations and notes that move/delete auto-notify attendees, but it does not provide an explicit warning about irreversible effects, external notifications, or the need for confirmation before execution. This increases the risk of accidental deletion or mass attendee notification from routine use.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The setup instructions tell users to store OAuth client credentials and a refresh token locally without an explicit security warning about token sensitivity, file permissions, or the account-level access that a refresh token grants. If these files are exposed, an attacker could obtain persistent access to the user's Google Calendar data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal