ClawHub

Cal.com

Security checks across malware telemetry and agentic risk

Overview

This Cal.com skill is mostly coherent, but it can change or disrupt bookings and some state-changing actions lack clear per-action confirmation guidance.

Install only if you are comfortable giving the skill Cal.com OAuth access that can read and modify bookings, schedules, event types, calendars, and profile data. Before using booking-changing actions such as cancel, confirm, decline, reschedule, or reassign, require the agent to show the exact booking UID, payload, and likely effect, then get explicit user approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The action is explicitly described as fetching a schedule by ID and requires a read-only scope (`cal.schedules.read`), but the documentation warns that it is a write action that changes state. This mismatch can mislead an agent or operator about the action’s side effects, causing unnecessary confirmation flows, incorrect risk classification, or unsafe orchestration logic that depends on accurate read/write semantics.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file describes `get_schedule` as a read operation with `cal.schedules.read` scope, but then labels it as a "Write action" that changes Cal.com state. This mismatch can mislead an agent or operator into applying the wrong safety posture, causing unnecessary confirmations, incorrect policy handling, or confusion about whether a state-changing action is being performed.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The file documents a destructive action that cancels bookings but provides no warning, confirmation guidance, or mention of reversibility/side effects. In an agent skill, that omission increases the chance an automated system or operator will execute cancellation without explicit user intent, causing unauthorized or accidental disruption of scheduled meetings.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This action performs a state-changing operation that confirms a booking, but the documentation does not warn that it is a write action or that it should only be used with explicit user authorization. In an agent setting, missing warnings increase the chance of unintended or socially engineered confirmations because the skill description encourages execution without emphasizing confirmation or safety checks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The action documentation describes declining a booking but does not warn that this is a destructive operation that can affect another party and may trigger notifications or workflow changes. In an agent-driven environment, missing user-facing warnings increases the chance of unintended declines or insufficient confirmation before executing an irreversible or sensitive action.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal