ClawHub

Book Google Meet

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it grants broad Google Calendar and Meet authority, creates open-access meetings by default, and stores reusable OAuth tokens on disk.

Install only if you are comfortable authorizing this script to create and modify Google Calendar and Meet resources. Use TRUSTED or RESTRICTED for private meetings, consider a dedicated Google account or narrower OAuth scopes, protect or delete meeting_token.pickle after use, and never use token or credential files supplied by someone else.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation declares capabilities to read environment variables, read credential files, write a token cache, and call Google APIs, but there is no explicit permission model communicated to users. This creates a transparency and consent problem: users may provide OAuth credentials and authorize broad calendar access without a clear upfront declaration of what resources the skill will access and persist.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill is explicitly designed to create Google Meet spaces with OPEN access by default, meaning anyone with the link may join. This materially increases the risk of unintended disclosure, meeting bombing, and accidental sharing, especially because the default is permissive and the warning is not presented as an immediate safety gate before usage examples.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script defaults Meet access to OPEN and its stated purpose is to create 'OPEN access' Meet spaces, which weakens meeting access controls and can expose meetings to unauthorized participants if links leak or are forwarded. In the context of a scheduling automation skill, making the less secure setting the default without an explicit warning, confirmation, or least-privilege posture materially increases the risk of unintended public access and meeting disruption.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script persists OAuth credentials to a local pickle file, which creates a reusable local authentication artifact that may be readable by other local users, accidentally committed, or stolen from disk. Because these tokens can grant calendar and Meet modification capabilities, compromise of the file can enable unauthorized access and continued API use until revoked.

Session Persistence

Medium
Category
Rogue Agent
Content
#!/usr/bin/env python3
"""Create a scheduled Google Calendar event with OPEN access Meet space.

Workflow:
1. Create Calendar event with Meet conference (Calendar API)
Confidence
77% confidence
Finding
Create a scheduled Google Calendar event with OPEN access Meet space. Workflow: 1. Create Calendar event with Meet conference (Calendar API) 2. Get meeting code from conferenceData 3. Look up Meet sp

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal