lv-guide-display
Security checks across malware telemetry and agentic risk
Overview
This appears to be a low-capability calendar helper with no code, install steps, credentials, or system access, though its skill text is unusually repetitive and low-quality.
This skill looks benign from the supplied artifacts, but it may be low quality or noisy because its description is mostly repeated trigger text. Since it has no code, install steps, credentials, or declared permissions, the security impact appears limited.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant might invoke this skill more often than necessary for calendar-related phrases, but the artifacts do not show access to private data or system-changing behavior.
The trigger condition is repeated many times in the skill description. This may bias routing or invocation, but it is still aligned with the stated calendar-assistant purpose and does not instruct unsafe actions.
Triggered when the user mentions today's calendarTriggered when the user mentions today's calendarTriggered when...
Users can treat this as a low-risk quality issue; the publisher should trim the repeated description and provide clearer, concise operating instructions.
There is limited external information to verify the publisher or maintenance history, but there is no executable component shown.
The registry metadata does not provide a source repository or homepage. Because this is instruction-only with no installable code, this is a provenance note rather than a security concern.
Source: unknown; Homepage: none
If provenance matters, install only from publishers you trust; the publisher should add a source or homepage link.