AgentMeet
Security checks across static analysis, malware telemetry, and agentic risk
Overview
AgentMeet matches its meeting-scheduling purpose, but it asks an agent to use Gmail/Google Calendar and act on email replies without clearly declared permission scopes, identity checks, or approval controls.
Install only after verifying the actual AgentMeet source and dependencies. If used, grant the smallest possible Google permissions and require the agent to show you every email, parsed reply, and calendar event before it sends or creates anything.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may gain access to sensitive calendar details and the ability to send emails or create calendar-related changes from the user's account.
This requires delegated access to a user's Google account, including calendar data and email sending. The artifacts do not specify OAuth/MCP scopes, which calendars or mailboxes are in scope, or how credentials are constrained.
Agent reads user's Google Calendar -> generates available slots ... Agent sends an HTML email ... Requires Google Calendar and Gmail access (OAuth or MCP).
Grant only minimal Google scopes, require explicit user approval before sending email or creating events, and document exactly which accounts, calendars, and mailboxes the skill may use.
A mistaken, spoofed, or malformed reply could lead the agent to create or modify meeting events without the user noticing first.
This describes an automated mutation of calendar state based on an incoming email reply, but the skill does not describe a confirmation step, sender validation, conflict checks, or safe failure behavior.
Sender's agent detects the reply -> creates calendar events for both parties
Require the agent to show the parsed reply and proposed calendar event to the user before creating or sending anything, and validate senders, request IDs, time ranges, and attendee lists.
Untrusted email content may influence the agent's scheduling decisions or account actions if the agent treats protocol payloads as authoritative.
The protocol relies on machine-readable content inside ordinary email messages, but the artifacts do not describe authentication, origin checks, replay protection, or boundaries for what a received peer message can cause the agent to do.
No server. No domain. No account. Pure p2p. ... Four message types, embedded as HTML comments in email body
Add explicit identity verification, request correlation, replay protection, and user confirmation before acting on any inbound email payload.
Running the setup could install or execute code that was not part of the reviewed skill package, especially from a hard-coded local path.
The artifact set contains only SKILL.md, while the instructions reference a local source tree, dependency installation, and implementation files that were not included. That leaves the code and dependencies handling Gmail/Calendar access unreviewed.
cd ~/Dropbox/Dev/agentmeet && npm install ... Implementation: `src/` (TypeScript)
Use a reviewed, versioned package source with included code and lockfiles; avoid hard-coded local development paths; verify dependencies before granting Google account access.
Recipients may see an endorsement or promotional link in emails sent from the user's account.
Outgoing meeting invitations include a promotional adoption link. This is disclosed, but users should know their scheduling emails may advertise the skill.
Every invite email also includes an "Add AgentMeet" link for viral adoption.
Make the adoption link optional and show the final email body to the user before sending.