ClawHub

meeting-prep

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent meeting-prep purpose, but it asks users to grant broad Calendar and GitHub access and enables recurring summaries without enough scoping or privacy controls.

Install only if you are comfortable granting access to calendar and repository data. Prefer a read-only Calendar scope and a fine-grained GitHub token limited to specific repositories, protect the local credential files, explicitly configure which calendars/repos/developers are included, and enable scheduled checks only with a clear destination for any sent summaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill asks for a GitHub classic PAT with broad `repo` scope even though the documented behavior only needs to read commit metadata. That scope can grant unnecessary access to private repositories and, depending on configuration, enable actions beyond simple read-only reporting, violating least privilege and increasing blast radius if the token is exposed.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The documentation requests the full Google Calendar scope `https://www.googleapis.com/auth/calendar`, which permits read/write calendar actions, while the described workflow only reads upcoming events. Over-scoped OAuth tokens increase the risk of unauthorized event creation, modification, or deletion if the token is misused or stolen.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The top-level description is broad enough that the skill could be invoked in more situations than users expect, including operations involving calendar and repository data. In a skill that handles sensitive developer activity and meeting metadata, ambiguous invocation increases the chance of unintended data access or transmission.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger condition `Cron every 15 minutes or heartbeat` is ambiguous and supports automatic repeated execution without a clearly bounded user action. Because the skill polls calendars and may generate or send updates, this can lead to unintended repeated access to private data and accidental notifications.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup section instructs users to access calendars, GitHub repositories, and store credentials locally, but does not warn about the sensitivity of those tokens or the privacy implications of processing that data. Missing disclosure can cause users to authorize and persist high-value credentials without understanding the risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The daily summary workflow explicitly aggregates commits from all developers and formats them with author names, but provides no privacy notice, consent model, or limitation on recipients. This can expose employee activity, repository structure, and work patterns to unintended audiences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal