Back to skill

Security audit

Mufi Calendar

Security checks across malware telemetry and agentic risk

Overview

This calendar skill has a legitimate purpose, but its Discord reminder command can turn calendar text into shell execution and its destructive calendar actions lack guardrails.

Review before installing. Use this only with calendars and Discord channels you trust, avoid enabling Discord reminders until the shell command is replaced with a safer argument-array/API call, and require manual confirmation before using delete commands. Protect the OAuth token files under ~/.secrets because they provide ongoing calendar access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script builds a shell command with untrusted data from both the CLI channel argument and calendar event content, then executes it via execSync. Escaping only double quotes is insufficient because shell metacharacters such as backticks or command substitution can still be interpreted, allowing command injection if an attacker controls event fields or invocation parameters.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README documents a delete capability for calendar events without any warning that the action is destructive or that callers should require confirmation before execution. In an agent skill context, this increases the chance of accidental or ambiguous natural-language requests causing unintended event deletion, which can lead to data loss and operational disruption.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill exposes a direct deletion command for calendar events without any warning, confirmation flow, or recovery guidance. In a calendar-management context this can cause accidental or scripted loss of user data, especially if an agent invokes commands from ambiguous user requests.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Browser automation against a logged-in Naver account is described without privacy, credential, or account-safety warnings. Because this relies on a live authenticated browser session, misuse or brittle automation could expose private calendar data, trigger unintended account actions, or violate user expectations about how account access is handled.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Forwarding calendar reminders to Discord sends potentially sensitive event titles, times, locations, or descriptions to a third-party platform, yet the documentation provides no disclosure or caution. In this context, calendar contents often contain personal or business-confidential information, so silent forwarding materially increases privacy risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script performs an irreversible destructive action immediately after printing the target event details, with no interactive confirmation or safety flag. In a CLI tool that deletes calendar events, accidental invocation, wrong event IDs, or automation mistakes can cause unintended data loss, especially because the default calendar is 'primary' and the tool is designed for real calendar management.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal