ClawHub

Quick Google Calendar Command Line Interface

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Google Calendar helper, but it can read and change calendar events through the user's local gcalcli OAuth access.

Install only if you are comfortable letting an agent use your configured gcalcli account to read calendars and create, delete, or edit events. Edit the skill to require confirmation for all destructive actions if your calendar contains sensitive or high-impact events, and revoke gcalcli OAuth access when you no longer use it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to perform non-interactive deletion immediately when a match is deemed unambiguous, using `gcalcli delete --iamaexpert`, and only verifies after the destructive action. If the agent misidentifies the target due to parsing, ambiguous semantics, recurrence handling, or calendar data quirks, an event can be removed without the user seeing a final confirmation or irreversible-risk warning first.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The create flow mandates an overlap scan across all non-ignored calendars, even when the user may only intend to work within one calendar. That broadens data access and can expose the existence, timing, or titles of events from other calendars to the agent workflow without an explicit privacy notice or opt-in.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
### Safety guards in place

The skill does NOT blindly delete. All of these must hold before executing without confirmation:

1. **Explicit user request** — the user must have asked for the action in their message.
2. **Single unambiguous match** — exactly one event matches in a tight, bounded time window.
Confidence
92% confidence
Finding
without confirmation

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
**This skill intentionally skips user confirmation for unambiguous destructive actions (delete/edit).** This is a deliberate UX decision, not an oversight. Here's why and how it's kept safe:

### Why skip confirmation?

This skill is designed for personal assistant use via messaging apps (Telegram, WhatsApp, etc.), where:
Confidence
96% confidence
Finding
skip confirmation

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal