ClawHub

Calendar Reminder 日历提醒

Security checks across malware telemetry and agentic risk

Overview

This is a real calendar reminder skill, but it can automatically send private calendar details to a hard-coded Feishu user unless edited first.

Review before installing. Replace the Feishu target with your own verified recipient before any manual run or cron setup, confirm the owa-outlook helper path, and remove the nightly cron when you no longer want automatic calendar scanning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
at_utc = at_sh.astimezone(utc)
    at_iso = at_utc.strftime("%Y-%m-%dT%H:%M:%SZ")
    name = f"cal-remind-{at_sh.strftime('%Y-%m-%d')}-{_cron_counter}"
    subprocess.run([
        "openclaw", "cron", "add",
        "--name", name,
        "--at", at_iso,
Confidence
84% confidence
Finding
subprocess.run([ "openclaw", "cron", "add", "--name", name, "--at", at_iso, "--delete-after-run", "--message", message, "--announce", "--cha

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def send_feishu(text: str):
    subprocess.run([
        "openclaw", "message", "send",
        "--channel", "feishu",
        "--target", "user:ou_159cbb6a3791ff5a98f3a2a4b38e7d4c",
Confidence
95% confidence
Finding
subprocess.run([ "openclaw", "message", "send", "--channel", "feishu", "--target", "user:ou_159cbb6a3791ff5a98f3a2a4b38e7d4c", "-m", text, ], timeout=15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly instructs use of shell-capable operations via `openclaw cron add` and direct `python3` execution, yet no permissions are declared in the skill manifest. This creates a trust and review gap: operators may install the skill without understanding it schedules autonomous command execution, which increases the chance of unintended code execution or abuse if the script is modified or behaves unexpectedly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill is designed to read Outlook calendar data and send reminder content to Feishu, but it provides no warning, consent flow, or data-minimization guidance for transmitting schedule-derived information to an external messaging platform. Calendar entries often contain sensitive meeting titles, times, locations, and participants, so silent forwarding can expose personal or business-sensitive information.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill transmits detailed calendar information to Feishu without any visible consent, disclosure, or minimization controls in the file. Because calendar entries can contain confidential schedules and meeting subjects, this is a genuine privacy/security issue rather than a mere UX concern.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal