Back to skill

Security audit

Calendar Local

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to read a local Google Calendar, but it gives an agent ongoing access to private calendar data through a local credentialed wrapper without enough authorization and privacy boundaries.

Review this before installing on any host with real calendar credentials. Only use it where you trust the referenced calendar.sh wrapper, understand which Google account it can read, and are comfortable with calendar details being summarized through the connected chat surfaces, especially Telegram.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill is designed to access a user's local Google Calendar and relies on an environment-provided secret to unlock the underlying credential store, but it provides no privacy notice, consent check, or guidance on safe handling of sensitive calendar contents. In a chat context, especially one that explicitly includes Telegram, this increases the risk of exposing private appointments, locations, contacts, and other personal data to unintended audiences.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.