Back to skill

Security audit

meeting-prep

Security checks across malware telemetry and agentic risk

Overview

The skill’s meeting and commit-summary purpose is legitimate, but it asks for broad calendar and GitHub access with scheduled sending and weak scoping controls.

Install only if you are comfortable granting access to sensitive calendar and repository data. Prefer read-only Google Calendar scopes, fine-grained GitHub tokens limited to specific repositories, locked-down credential files or a secret manager, explicit repo/calendar/developer allowlists, and a clear destination plus opt-in for any scheduled summary sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill description advertises access to Google Calendar data and GitHub commit history plus automated summary sending, but it does not disclose the privacy implications or require explicit user approval for collection, aggregation, and onward transmission of potentially sensitive data. In this context, the omission is risky because calendar events, meeting metadata, repo names, commit messages, and author identities can reveal confidential organizational information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The daily summary workflow aggregates commits from all developers and formats them with author names, creating cross-user visibility into engineering activity without any access-control or consent model. In a workplace setting this can expose confidential project activity, internal identities, and work patterns to recipients who may not be authorized to view all repositories or contributors.

Credential Access

High
Category
Privilege Escalation
Content
Refresh Token

CLIENT_ID=$(jq -r '.installed.client_id' credentials/client_secret.json)
CLIENT_SECRET=$(jq -r '.installed.client_secret' credentials/client_secret.json)
REFRESH_TOKEN=$(jq -r '.refresh_token' credentials/calendar_tokens.json)
Confidence
80% confidence
Finding
secret.json

Credential Access

High
Category
Privilege Escalation
Content
Refresh Token

CLIENT_ID=$(jq -r '.installed.client_id' credentials/client_secret.json)
CLIENT_SECRET=$(jq -r '.installed.client_secret' credentials/client_secret.json)
REFRESH_TOKEN=$(jq -r '.refresh_token' credentials/calendar_tokens.json)

curl -s -X POST https://oauth2.googleapis.com/token \
Confidence
80% confidence
Finding
secret.json

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.