ClawHub

cn-calendar

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its calendar purpose, but it can persistently modify its own code and has under-scoped tax-deadline guidance.

Review before installing if you will use it for tax or compliance deadlines. It is reasonable for basic calendar lookup, but unsupported future-year queries may fetch public data and modify files inside the skill, including Python source. Verify tax dates with the relevant tax authority for the user’s jurisdiction rather than relying on the computed deadline command or Beijing-only reference data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The documentation states tax filing deadlines must come only from official yearly reference files and must not be computed, yet it also instructs use of a local `deadline` command to calculate them. That contradiction creates a high risk that the agent will return inferred deadlines as if they were official, leading to compliance errors, missed filings, or incorrect business advice.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill instructs self-modifying behavior by appending generated data into `workday_query.py`, turning normal data refresh into source-code mutation. Self-modifying code increases the attack surface for persistence, accidental corruption, and code-injection-style failures if parsed remote content is malformed or manipulated before being written into executable Python.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script's documented purpose is to fetch/save holiday reference data, but in --save mode it also rewrites scripts/workday_query.py based on stdin-supplied data. Self-modifying source behavior expands the trust boundary from data storage to code mutation, so malformed or adversarial input can corrupt executable logic, create persistence, or break later runs even if the original intent was automation convenience.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill directs the agent to write persistent local files and update references without clearly informing the user that their request may modify local state. Silent persistence is dangerous because a user asking a simple calendar question may unknowingly trigger durable changes, which can accumulate stale data, alter future behavior, or create an unauthorized audit trail.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill documentation instructs external network retrieval from GitHub and a tax-platform API without clearly warning about outbound requests, data handling, or operational impact. Even if the data being fetched is public, unannounced network access can violate user expectations, create privacy or compliance issues, and expose the agent to supply-chain or content-integrity risks from remote sources.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The document states that Beijing filing dates are used as a nationwide standard reference, but tax deadlines can vary by jurisdiction, tax category, and local authority implementation. In a calendar skill, users are likely to rely on the output for compliance decisions, so presenting one locality's data as nationally applicable can cause missed filing deadlines, late penalties, or incorrect tax operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal