Back to skill

Security audit

Calendar Manager

Security checks across malware telemetry and agentic risk

Overview

This is a local calendar helper that stores and edits schedule data on disk, with no hidden network, credential, or system-control behavior found.

Install only if you are comfortable with this skill keeping personal schedule details in a local events.json file. Avoid storing secrets in event titles or notes, and keep a backup if the calendar data matters because deletions are persistent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README uses very broad, natural phrases such as '今天有什么安排' and '提醒我明天交报告' as invocation examples without clear trigger boundaries or namespacing. In an agent ecosystem, overly generic utterances can cause accidental invocation or routing collisions with other assistants handling everyday calendar or reminder requests, increasing the chance of unintended actions or disclosure of schedule data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad everyday scheduling terms such as '今天有什么安排' and '这周忙吗', which can cause the skill to activate in many normal conversations without clear user intent to modify or inspect a file-backed calendar. In a skill with read/write and reminder capabilities, over-triggering increases the chance of unintended disclosure of schedule data or accidental calendar changes.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill describes add/modify/delete calendar operations but does not warn users that actions may persist to a local file and remove existing entries. Because the skill explicitly requests file read/write access, missing transparency and confirmation around deletion or modification can lead to unintended data loss or unauthorized changes if the skill is triggered mistakenly.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The delete path permanently rewrites the events file immediately after matching an event ID, with no confirmation, soft-delete, undo, or authorization check. In an agent setting, ambiguous or manipulated prompts could trigger unintended destructive actions, causing loss of user calendar data and integrity issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.