Apple Calendar Manager

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Apple Calendar automation helper, with expected local calendar write access and no artifact-backed evidence of malware or hidden behavior.

Install only if you want OpenClaw to create events in Apple Calendar on macOS. Review the calendar name, event title, date, and time before running it, grant Calendar automation permission only for trusted use, and check the referenced missing add_event.scpt implementation if it is supplied separately.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation explicitly describes creating calendar events through AppleScript, which will modify the user's local Calendar data, but it does not clearly warn about this side effect or require explicit user confirmation. In an agent-executed context, missing disclosure around state-changing actions increases the risk of unintended event creation, calendar pollution, or accidental modification of personal/work scheduling data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal