Meeting Scheduler Pro

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed meeting assistant that uses sensitive calendar, email, web-search, and local note data for its stated scheduling purpose.

Install only if you are comfortable granting gog Calendar access and, if enabled, Gmail access. Review config/settings.json after setup, especially auto_prep, include_web_search, include_email_context, followup options, notes_directory, and detected integrations. Treat generated meeting notes and dashboard history as sensitive business records and prune or secure them as needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (12)

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The prompt frames setup as saving calendar configuration, but it later collects and persists substantially broader preferences and integrations, including email, web-search, task sync, and notes behavior. This mismatch can undermine informed consent and lead users to disclose or store more sensitive operational metadata than they reasonably expected.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The script advertises setup/validation behavior but also silently mutates configuration to enable integrations when sibling skills are detected. This expands the skill's effective data-sharing surface without explicit user consent, which is a security-relevant trust and transparency issue in an agent skill context.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs users to authenticate to calendar services and store settings locally without warning about the scope of calendar access, what data may be read, or that configuration will persist on disk. In a scheduling context, calendar identifiers and access can expose sensitive availability, meeting metadata, and organizational patterns if users are not clearly informed.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Enabling web search, attendee/company news gathering, and recent email-thread retrieval for automatic prep can aggregate sensitive personal, corporate, and communication data without explicit notice or consent. Because these features combine multiple data sources around meeting participants, they raise the risk of privacy violations, over-collection, and unintended disclosure in generated prep briefs.

Missing User Warnings

Low

Confidence: 85% confidence
Finding: Automatic task creation and follow-up email drafting can propagate meeting-derived information into other systems or drafts without users understanding where that data goes. In practice, this may expose sensitive notes, attendee details, or action items to downstream tools, shared workspaces, or unintended recipients.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly describes pulling recent email threads via `gog gmail search` and using web search to enrich meeting prep, but it does not require clear, per-feature user consent or present a visible privacy warning before accessing these data sources. This creates a real privacy risk because the agent may process sensitive correspondence and external profile/company data beyond what the user reasonably expects from a scheduling workflow.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill states that prep runs automatically on a cron/heartbeat and checks tomorrow's calendar each evening, which implies ongoing monitoring of calendar data without an explicit warning or consent flow. Continuous background scanning is risky because it normalizes persistent access to sensitive scheduling metadata and can expose meeting subjects, attendees, and derived relationship context without the user realizing the scope of monitoring.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The specification explicitly calls for collecting and persisting calendar activity, meeting history, contact frequency, and follow-up metrics, but it does not mention user notice, consent, minimization, access controls, or retention limits. Because this data can reveal sensitive relationship patterns, work habits, and behavioral history, retaining it in a dashboard store without privacy safeguards creates a real privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The example depicts the agent automatically creating tasks, saving meeting notes, scheduling follow-ups, sending email, and updating metrics without any explicit user-facing warning about persistent data changes, outbound communication, or privacy implications. In a real skill, this can normalize silent side effects on external systems and storage, increasing the risk of unintended disclosures, unauthorized actions, or user surprise when sensitive meeting content is propagated.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrase "Prep me for my 10 AM" is vague and could cause the agent to retrieve and summarize the wrong meeting, especially when multiple meetings exist around that time or when the request is made out of context. Because the brief aggregates calendar, email, meeting notes, web search, and relationship data, an ambiguous invocation can lead to unintended disclosure of sensitive business or personal information.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly combines data from Google Calendar, Gmail, web search, meeting notes, and a relationship tool, but the description provides no visible user-facing privacy notice, consent checkpoint, or data-minimization boundary. This increases the risk that users will not understand the breadth of cross-source profiling being performed, leading to over-collection or unexpected exposure of sensitive correspondence and internal notes in the generated brief.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script writes the full generated agenda, including potentially sensitive meeting contents, to an arbitrary user-supplied path using shell redirection without checking whether the file already exists or warning before overwrite. This can cause accidental destruction of existing files and may also place confidential calendar data into an insecure or unintended location if the path is mistyped or unsafe.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal