ClawHub

synology-calendar

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real Synology Calendar helper, but it asks for account credentials, defaults to unencrypted HTTP, and exposes deletion actions without enough safeguards or warning.

Review before installing. Use HTTPS to a trusted Synology NAS, avoid exposing the password in shared shells or logs, prefer a least-privilege account if possible, and require explicit user confirmation before any delete command or agent action that changes calendar data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation indicates use of environment variables and network access, but the skill declares no permissions. This creates a transparency and trust problem: users and platforms may not realize the skill can access credentials and make outbound requests, which increases the chance of unsafe deployment or misuse.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs users to connect over plaintext HTTP and to store the Synology password directly in an environment variable without any warning. Plain HTTP exposes session credentials and API traffic to interception on the network, and plaintext password handling increases the risk of credential leakage through shell history, process inspection, logs, or misconfigured environments.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation advertises delete operations for calendars and events without warning that they are destructive and can permanently remove user data. In an agent skill context, this increases the risk of accidental or automated data loss, especially if an agent invokes these methods without confirmation or clear user intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal