ClawHub

Schedule Manager

Security checks across malware telemetry and agentic risk

Overview

The skill’s calendar and reminders features fit its purpose, but it teaches destructive and bulk changes to real personal data without consistent confirmation safeguards.

Install only if you are comfortable granting an agent read/write access to macOS Calendar and Reminders. Before any delete, edit, complete, list deletion, or bulk operation, require the agent to show the exact affected items, calendar or list, dates, and count, then ask for explicit confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include very common words and everyday utterances such as "schedule," "calendar," "todo," and phrases like "记一下" or "别忘了," which can activate the skill in ordinary conversation. Over-broad triggering increases the chance of unintended execution of calendar/reminder operations, including state-changing commands on sensitive personal data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented Calendar deletion flow deletes every event matching a summary string and does so without any warning, preview, or confirmation requirement. This is dangerous because ambiguous or repeated event titles can cause bulk deletion of legitimate calendar entries, leading to irreversible loss or disruption of schedules.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The reminders deletion command is presented as a normal operation without warning about permanent data loss or any confirmation step. Because reminder deletion is index-based, mistakes in list selection or stale indices can easily remove the wrong task, especially in an automated or conversational workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document includes direct deletion examples for calendars and events without clearly warning that these actions are destructive and may be hard or impossible to recover depending on sync state and client behavior. In a schedule-management skill, such examples can be operationalized into agent behavior that deletes user data from Apple Calendar, making accidental or prompt-influenced destructive actions materially risky.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The documentation shows create and modify operations without explicitly stating that they immediately change the user's real Calendar data. In the context of an agent skill that triggers on everyday scheduling phrases, this increases the chance that the agent will perform unintended writes based on ambiguous user input or misparsed dates/titles.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This reference file includes direct examples for deleting reminder lists and reminders with no adjacent warning, confirmation guidance, or emphasis on irreversible data loss. In the context of an agent skill that manages a user's real Reminders data via osascript, such examples can be copied into automation flows and cause unintended destruction of user data if parameters are wrong or user intent is misunderstood.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The bulk-completion example performs state-changing operations across multiple reminders without any caution about scope, confirmation, or rollback limitations. In a scheduling/reminders skill, this increases the chance that an agent or user applies a broad action to the wrong list and silently alters task state, reducing trust and potentially causing missed work.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal