ClawHub

iCalendar Sync

Security checks across malware telemetry and agentic risk

Overview

This looks like a real iCloud calendar tool, but it needs review because it can make irreversible calendar changes and has some under-disclosed credential/debug behaviors.

Review this before installing in an autonomous agent. Use an app-specific iCloud password, prefer keyring storage, avoid enabling debug output unless logs are private, do not set ICALENDAR_SYNC_CALDAV_URL unless you trust the endpoint, and require the agent to show event details and get explicit user approval before delete or recurring update operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def _run_applescript(self, lines: List[str]) -> Optional[str]:
        script = "\n".join(lines) + "\n"
        try:
            result = subprocess.run(
                ["osascript", "-"],
                input=script,
                text=True,
Confidence
90% confidence
Finding
result = subprocess.run( ["osascript", "-"], input=script, text=True, capture_output=True, check=True,

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The macOS native update path accepts recurrence parameters and modes but explicitly ignores them, silently updating only one event by ID. In an agent context, this can cause integrity-impacting calendar changes that differ from the user's requested scope, especially for recurring meetings where 'all' or 'future' was intended.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill exposes a delete command for calendar events without any warning, confirmation, dry-run guidance, or recovery notes. In an agent setting, this increases the risk of accidental or unauthorized destructive actions, especially because calendar deletions may affect important personal or business scheduling data.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The macOS-native delete operation removes events immediately with no confirmation prompt, dry-run, or safety interlock. In an autonomous agent setting this increases the chance of irreversible destructive actions from accidental, malformed, or ambiguous inputs.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The CalDAV delete path also performs irreversible deletion without confirmation or pre-deletion disclosure. In an agent-integrated calendar skill, this creates a meaningful integrity risk because automated actions may remove important events without sufficient user acknowledgement.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal