Clawlendar
Security checks across malware telemetry and agentic risk
Overview
Clawlendar is a coherent calendar-conversion skill with disclosed setup steps, but installing it requires trusting an external Python package.
Install only if you trust the referenced package and publisher. Prefer pinning a version in sensitive environments, avoid running setup with elevated privileges, and expose the optional HTTP or MCP server only to trusted local clients unless you add access controls.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.