gcal-oauth-bridge

Security checks across malware telemetry and agentic risk

Overview

This calendar skill is coherent and disclosed, but it handles sensitive Google Calendar data and persistent local OAuth tokens that users should protect.

Before installing, review the linked Calendar Bridge repository and its dependencies, keep the service bound to localhost, enable the optional API key where practical, protect .env and tokens.json, and revoke Google access or stop the systemd service when you no longer want ongoing calendar access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list is broad enough to activate on many normal calendar-related requests, causing the skill to engage whenever a user mentions schedules, meetings, or Google Calendar. In this skill’s context, activation can expose sensitive calendar metadata or event contents from a local service, so over-broad matching increases the chance of unintended access to private information.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill clearly states it can retrieve events and use persistent local OAuth tokens, but it does not warn that event summaries, locations, descriptions, and calendar names may contain highly sensitive personal or business information. In a conversational agent setting, lack of explicit privacy disclosure can lead users to authorize or trigger access without understanding the sensitivity of the returned data.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal