Calendarhero
Security checks across malware telemetry and agentic risk
Overview
This CalendarHero skill is mostly coherent, but it gives the agent broad authenticated API access that could change account data without explicit guardrails.
Install only if you are comfortable granting Membrane-backed access to your CalendarHero account. Prefer listed Membrane actions over raw proxy requests, and require clear user approval before creating, updating, or deleting CalendarHero data. Consider pinning or reviewing the Membrane CLI version before global installation.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.