Limehouse Calendar

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed calendar integration that can read and change user-approved calendars, with ordinary calendar privacy risks including travel-time location processing.

Install only if you trust Limehouse with the calendars you select. Grant the minimum calendars and permissions needed, confirm exact events before updates or deletes, and avoid travel-time routing with saved home/work addresses unless you are comfortable with those locations being processed for directions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: The travel-time feature can use the user's home/work addresses and send origin/destination data to external routing services, but the skill does not prominently warn that sensitive location data may be accessed and transmitted. This creates a privacy risk because an agent could invoke the feature without the user understanding that highly sensitive address information is involved.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal