ClawHub
Back to skill

Security audit

Gcalcli Calendar 3.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Google Calendar helper that uses gcalcli for calendar reads and mutations, with some real but expected calendar-management risk.

Install only if you are comfortable giving the agent access to your existing gcalcli Google Calendar permissions, including reading events across non-ignored calendars and deleting unambiguous events after a direct user request. For a more conservative workflow, edit the skill to require confirmation before every delete or edit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly authorizes immediate deletion of calendar events when it considers a match unambiguous, and documents non-interactive deletion with `--iamaexpert`, but it does not require a user-facing warning that the action is destructive or hard to reverse. In an assistant setting, mis-parsing a request, matching the wrong event, or deleting from the wrong visible calendar scope can cause silent loss of calendar data and missed appointments.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill mandates cross-calendar overlap checks across all non-ignored calendars without clearly telling the user that events from multiple calendars may be scanned to make scheduling decisions. That expands data visibility beyond the specific target calendar and can reveal or process sensitive metadata from unrelated personal or work calendars.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.