Meeting Scheduler Pro

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed meeting assistant with sensitive but purpose-aligned calendar, optional email, web-search, and local-note behavior.

Install only if you are comfortable granting gog Google Calendar access and, if enabled, Gmail access. Before use, review config/settings.json, especially auto_prep, include_web_search, include_email_context, create_tasks, draft_email, and notes_directory. Keep meeting-notes and exported agenda files private because they may contain attendee names, decisions, action items, and business context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The prompt asks the user whether to enable prep features such as web/news/email-based meeting prep, but then states that the agent will start generating prep briefs automatically for upcoming meetings. That creates an ambiguity that can lead to collection or processing of calendar, email, and external data without clear, informed user consent. In a scheduling assistant, this is especially risky because the accessed data is likely to be sensitive and personally identifiable.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README advertises broad access to Google Calendar data, meeting prep enrichment, agendas, and follow-up task creation, but does not clearly explain what personal or third-party data is collected, where it is stored, how long it is retained, or how consent is handled. In a meeting-management skill, this omission is security-relevant because calendar contents, attendee identities, notes, and relationship context can contain sensitive personal and business information that may be processed or propagated to other tools.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The setup flow instructs the agent to authenticate to calendar services and collect primary/secondary calendar information without presenting any privacy notice or describing the scope of access. This can mislead users into granting broad access to calendars that may contain sensitive business and personal information. In context, a meeting scheduler inherently handles confidential scheduling metadata, making silent or under-explained access more dangerous.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The prompt recommends searching the web for attendee/company news and pulling recent email threads with attendees, but does not warn that this may access external services and sensitive communications. Users may not understand that enabling these features could expose confidential contact, company, or email data to additional processing paths. Because this assistant prepares for meetings, the affected data is likely to include sensitive relationship and business context.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The instructions save configuration and meeting notes locally, but do not inform the user that potentially sensitive scheduling details, attendee context, and follow-up material may persist on disk. Local storage without disclosure can create confidentiality risks, especially on shared machines or unmanaged environments. In this skill's context, stored notes and settings may reveal calendars, routines, contacts, and meeting content.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly states it may access email threads, relationship notes, calendar history, and web search context to prepare meeting briefs, but it does not present a clear privacy warning or consent checkpoint before using these potentially sensitive data sources. This creates a real privacy and data-minimization risk because users may not realize the agent is aggregating personal and professional information across systems for automated profiling-like meeting prep.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill describes storing follow-up notes, action items, decisions, and attendee-specific meeting summaries in local markdown files without an explicit warning, retention policy, or permission step. This is dangerous because local note storage can expose sensitive business discussions and personal data to other local users, backups, sync tools, or later unintended reuse by the agent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The specification explicitly states that calendar, contact, and behavioral metrics are collected during normal operation, persisted in a dashboard data store, and historically retained, but it does not mention user notice, consent, retention limits, minimization, or access controls. Because this data can reveal sensitive relationship patterns, work habits, and scheduling behavior, silent long-term retention creates a real privacy and compliance risk rather than a purely theoretical concern.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The example explicitly describes automatic saving of meeting notes, task creation, email sending, and scheduling requests based on conversational content, but it provides no warning, consent checkpoint, or data-handling guidance. Because the captured content includes identifiable personal and business information, this can normalize silent persistence and transmission of sensitive user data to local storage or third-party tools without adequate notice.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The on-demand trigger phrase "Prep me for my 10 AM" is underspecified and can cause the agent to act on ambiguous calendar references without clear confirmation of which meeting or what data sources should be used. In this skill, that matters because the generated brief aggregates sensitive context from Gmail, meeting notes, relationship history, and web search, so an overly broad trigger increases the risk of unintended retrieval or disclosure of private information.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents that it pulls data from Gmail, Google Calendar, meeting notes, web search, and a relationship-tracking system, but it does not provide a clear user-facing warning or consent notice about accessing personal communications and external sources. This is dangerous because users may trigger the brief without realizing how much sensitive data will be aggregated, creating privacy, confidentiality, and over-collection risks in routine use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal