ClawHub

Calendly Quick Book

Security checks across malware telemetry and agentic risk

Overview

This skill transparently uses a Calendly API token to check availability and create real Calendly bookings, with no hidden code or unrelated data handling found.

Install only if you want the agent to create real Calendly bookings through your Calendly account. Before booking, confirm the attendee name, email, timezone, event type, and time; use a revocable Calendly token and remove it from OpenClaw config if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README explicitly states that meetings can be booked and invites sent automatically using a personal Calendly API token, but it does not clearly warn users that names, email addresses, and scheduling details will be transmitted to Calendly and processed by a third party. In a skill designed to act from natural-language prompts, this omission increases the risk of users triggering external data disclosure without informed consent or understanding the privacy implications.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger description is broad enough to activate on ordinary scheduling or booking requests, which can cause the skill to run in situations where the user did not clearly intend an immediate Calendly booking. Because this skill performs an external side effect and may create meetings using personal data, ambiguous invocation increases the risk of unintended bookings and data transmission.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description does not clearly warn users that it will send invitee PII, including name, email, timezone, and requested time, to Calendly and create a real booking. In a user-invocable skill with broad triggers, the lack of disclosure makes accidental external data transfer and unintended actions more likely.

External Transmission

Medium
Category
Data Exfiltration
Content
### Step 4: Create Booking

```bash
curl -s -X POST "https://api.calendly.com/invitees" \
  -H "Authorization: Bearer $CALENDLY_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
88% confidence
Finding
https://api.calendly.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal