Gcalcli

Security checks across malware telemetry and agentic risk

Overview

This Google Calendar helper is mostly purpose-aligned, but it asks agents to run unreviewed custom code while accessing and exporting sensitive calendar attachments and meeting notes.

Install only if you trust the custom gcalcli fork and any local gcmd checkout it runs. Replace the hard-coded calendar and paths with your own intended targets, avoid bulk exports unless explicitly needed, choose a secure output directory, and clear or revoke cached Google credentials when finished on shared or less trusted systems.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The documentation states the skill is read-only, but it also instructs users to export meeting-note attachments to local files via a separate tool. That contradiction can mislead users and downstream agents into treating the skill as lower risk than it is, increasing the chance that sensitive calendar-derived content is copied to disk without appropriate safeguards.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The 'Read-only' limitation is inaccurate because the documented workflows write exported meeting notes into local Downloads directories. Mislabeling capabilities can cause users or agents to permit the skill in contexts that allow read-only tools but prohibit local persistence of sensitive data.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill encourages exporting Gemini notes and attachments into local Downloads folders without warning that calendar attachments may contain confidential meeting notes, recordings, chats, or regulated business data. This creates a realistic risk of unintended local data exposure, over-retention, or syncing sensitive files into less controlled storage.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The authentication section documents OAuth credential caching but does not warn users that tokens will be stored locally and may grant ongoing access to calendar data. Without clear notice about storage location, lifecycle, and protection requirements, users may leave sensitive credentials on shared or insufficiently secured systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal