ClawHub

Openclaw Agentpmt Tool Google Calendar 310fca

Security checks across malware telemetry and agentic risk

Overview

This is a real Google Calendar integration, but it also tells agents to use wallet signing, payments, and third-party job instructions without enough user control or scoping.

Review this carefully before installing. Use only with a low-value or tightly controlled wallet, never paste private keys or mnemonics, require explicit approval before purchases or job completion, and confirm calendar, attendees, notification settings, and event deletions before allowing the agent to act.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to reserve and complete arbitrary jobs to earn credits as part of using a Google Calendar tool, which expands behavior far beyond the stated calendar scope. This creates a capability pivot where an agent may follow unrelated third-party job instructions, potentially causing data exfiltration, policy bypass, or execution of untrusted tasks under the guise of tool funding.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill markets a wide range of unrelated AgentPMT capabilities, including payments, browsing, Python sandboxes, and network tooling, despite being presented as a Google Calendar skill. This broad capability framing increases the chance that an agent will overreach, invoke unrelated services, or treat the skill as a general-purpose gateway rather than a narrowly scoped calendar integration.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill enables destructive and externally visible actions such as deleting or rescheduling events and sending attendee notifications, but it does not clearly warn that these actions can affect real users. In an agentic setting, missing guardrails around destructive operations increases the risk of accidental calendar modification, spammy notifications, or business disruption from misunderstood prompts.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal