Schedule Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local schedule manager that saves tasks in a workspace CSV file and optionally creates reminders after user confirmation.

Install only if you are comfortable storing schedule details, notes, and deadlines in a local workspace CSV file. Review delete/update confirmations carefully, and only enable reminders if you also trust the separate cron-mastery reminder skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill performs file-backed schedule management through Bash/Python and stores data in `schedules/schedule.csv`, but no explicit permissions are declared. This creates a capability/manifest mismatch that can bypass expected review or user consent boundaries and makes the actual data access surface less transparent.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill's documented behavior expands from schedule management into creating timed reminders via a separate `cron-mastery` skill, which is a cross-skill delegation not reflected in the core description. This increases the operational surface and can trigger actions with different privileges or persistence characteristics than a user would expect from a simple schedule manager.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill uses broad trigger phrases such as common scheduling/help language, which raises the risk of unintended invocation during normal conversation. Because the skill performs file writes and task mutations, accidental activation could create, modify, or delete schedule data without sufficiently explicit user intent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The routing table includes ambiguous examples like remembering, completing, or deleting by natural phrase, which can overlap with ordinary chat context. In a skill that mutates persistent schedule records, ambiguity increases the chance of unintended destructive or state-changing operations.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to send full script output directly to the user after listing schedules, which can expose all stored tasks, deadlines, notes, and other fields without minimization. Raw output can also leak implementation details or unrelated records if the script returns more data than necessary for the user's request.

Ssd 3

Medium

Confidence: 92% confidence
Finding: Returning raw script output for views and updates can unnecessarily disclose the full contents of stored schedule data, including notes and metadata, rather than only the requested change or subset. In a personal scheduling context, this data is often sensitive, making direct passthrough more dangerous than in a non-personal domain.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal